Documentation Index
Fetch the complete documentation index at: https://docs.dataharbor.co/llms.txt
Use this file to discover all available pages before exploring further.
API Access
Your Virtual API, one URL away. Every Virtual API is accessible over REST. How consumers connect depends on the visibility level:| Visibility | Endpoint | Auth | Registry |
|---|---|---|---|
| Disabled | /fetch/{leaseId}/{path} | API key required | No |
| Private | /fetch/{leaseId}/{path} | API key required | No |
| Unlisted Open | /relay/{leaseId}/{path} | Marketplace key required | No |
| Listed Open | /relay/{leaseId}/{path} | Marketplace key required | Yes — discoverable in catalog |
Private Virtual APIs can also be accessed via the relay endpoint when the consuming organization has been authorized by the lease owner. See Organization Authorizations below.
Private access (fetch)
Virtual APIs with Disabled or Private visibility use the fetch endpoint with an API key:dataharbor-api-key header — you can find your API key in the Virtual API dashboard.
Marketplace relay access
Virtual APIs with Unlisted Open or Listed Open visibility use the relay endpoint. Discovery can be public, but the current runtime still requires a marketplace API key (mkp_...) on relay calls:
You can create a marketplace key from the account settings page in DataHarbor.
{leaseId} is the unique identifier for your Virtual API. The {path} maps to your upstream API’s route structure — the same object matching and controls apply automatically.
Organization Authorizations
Lease owners can authorize specific partner organizations for relay access to their Virtual API — regardless of visibility level. This enables controlled sharing without making the Virtual API publicly discoverable.How it works
- Authorize access — The lease owner adds a partner organization by org ID from the Marketplace Management tab on the Virtual API detail page.
- Partner connects — The authorized organization uses their existing marketplace key (
mkp_...) on the relay endpoint. No new keys or auth types are needed. - Usage is billed to the consumer — Relay usage through an org authorization is billed against the consuming organization’s marketplace quota, not the lease owner’s.
Key details
- No new credentials — Partners reuse their existing marketplace key. No additional keys or auth types are introduced.
- Any visibility tier — Org authorizations work for Private, Unlisted Open, and Listed Open Virtual APIs. A Private lease with org authorizations is accessible via relay only to authorized organizations.
- Instant revocation — Authorizations can be revoked at any time from the Marketplace Management tab. Access is removed immediately.
- Governance still applies — All data controls, geo restrictions, expiration, and audit logging are enforced on org authorization relay requests.
Registry
Virtual APIs with Listed Open visibility are indexed in the DataHarbor registry:- Registry catalog: https://service.dataharbor.co/registry
- OpenAPI spec (with query information): https://service.dataharbor.co/openapi/v1.json
Governance still applies
Marketplace relay access doesn’t mean ungoverned access. Every request through the relay endpoint still enforces:- All controls (redact, tokenize, hash, transforms)
- Geo restrictions
- Expiration and shutdown
- Full audit trail
Next steps
Virtual API Visibility
Decide who can discover or relay into a Virtual API
Global Marketplace
Understand discovery and marketplace relay behavior