Sniff API calls using Chrome

Monitoring Tallyfy API Calls with Chrome DevTools

Tallyfy’s “API-first” architecture enables developers to understand how the platform communicates with its backend. By inspecting these API calls, you can implement your own integrations.

Requirements

Before starting:

Chrome browser (latest version recommended)
A Tallyfy account with appropriate permissions
Basic understanding of HTTP requests and JSON
Familiarity with the Tallyfy feature you want to analyze

Important API header requirement

When making direct API calls to Tallyfy endpoints, you must include this header:

X-Tallyfy-Client: APIClient

Capturing API calls with Chrome DevTools

Setup process

Navigate to the Tallyfy web application and sign in.
Open Chrome DevTools by right-clicking anywhere and selecting Inspect (or press F12, Ctrl+Shift+I on Win/Linux, Cmd+Option+I on macOS).
Click the Network tab in the DevTools panel.
Ensure recording is enabled (the red record button should be active).
Check the Preserve log checkbox to maintain requests between page loads.
Select Disable cache to ensure fresh responses.
Clear existing requests by clicking the 🚫 icon.
Perform the Tallyfy action you want to analyze (e.g., load processes, launch a process, complete a task).
Click the Fetch/XHR filter button at the top of the Network panel.
Type /api/ in the filter box to show only Tallyfy API calls.
Click on a Tallyfy /api/ request in the filtered list to open its details.

Analyzing request details

Request headers section

In the Headers tab, examine:

General information:
- Request URL: The full endpoint path
- Request method: GET, POST, PUT, DELETE, etc.
- Status code: 200 (success), 400 (client error), etc.
Request Headers:
- Authorization: Bearer <token> for authentication
- X-Tallyfy-Client: APIClient required for direct API calls
- Content-Type: application/json for data formatting
Response Headers:
- Server response metadata
- Rate limiting information
- Caching directives

Request payload section

For POST, PUT, or PATCH requests:

Click the Payload tab to view the request body
Review the following views:
- Form Data: URL-encoded parameters
- Request Payload: JSON structure
- View Source: Raw data exactly as sent
Copy method:
1. Select the view source tab
2. Click anywhere in the payload area
3. Press Ctrl+A (or Cmd+A on Mac) to select all
4. Press Ctrl+C (or Cmd+C on Mac) to copy
5. This exact format can be used in your own API implementations

Response data section

Examine the server’s response:

Click the Response tab to view raw data returned from the server
Click the Preview tab to see formatted JSON structure
Analyze:
- Data objects and their structure
- Success/error messages
- Pagination information for list responses
- Timestamps and formatting patterns

Authentication analysis

When examining authentication in Tallyfy API calls:

Bearer Token Format: Note the structure and length of the JWT token
Token Lifespan: Tokens typically expire after a set period
Scope Information: What permissions the token includes
User Context: Which user the token represents

Required headers for API replication

Header	Value	Purpose
`Authorization`	`Bearer YOUR_TOKEN`	Authentication
`X-Tallyfy-Client`	`APIClient`	Required identifier
`Content-Type`	`application/json`	Format specification
`Accept`	`application/json`	Response format

Testing your API understanding

To verify you’ve correctly understood an API call:

Copy the endpoint URL, headers, and payload
Use a tool like Postman, Insomnia, or cURL to recreate the request
Compare your response with what you observed in DevTools
Troubleshoot any differences in the responses

Example cURL command

For a typical API call, your cURL might look like:

curl -X POST "https://go.tallyfy.com/api/organizations/{orgID}/processes" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -H "X-Tallyfy-Client: APIClient" \
  -d '{
    "template_id": 12345,
    "name": "Test Process",
    "assignees": [{"email": "user@example.com"}]
  }'

Advanced DevTools features

Throttling network speed

To test how your API implementation performs under different conditions:

Click the Network Conditions tab in DevTools (or use the dropdown next to “Online”)
Select a preset throttling profile or create a custom one
Observe how the API behaves with slower connections

Exporting request data

To save a request for later reference:

Right-click on the API request
Select Copy > Copy as cURL
Paste into a text file for future reference

Using Integuru for automated API integration

For developers looking to automate API interactions with Tallyfy or other platforms, Integuru ↗ provides an advanced solution. Integuru is an open-source AI agent that can generate integration code by reverse-engineering platforms’ internal API

Key features:

Automatically generates a dependency graph of API requests
Creates runnable Python code that reproduces your actions
Identifies relationships between different API calls
Handles authentication and session management

To use Integuru with Tallyfy:

Install Integuru following the instructions on their GitHub repository
Run python create_har.py to start a browser session
Log into Tallyfy and perform the workflow action you want to automate
Use the generated HAR file with Integuru to create Python code that reproduces the API calls

This approach can significantly accelerate API integration development by automatically analyzing the full sequence of API calls needed for complex operations.

Troubleshooting common issues

No requests appearing

If no API calls appear in DevTools:

Ensure DevTools is open before performing the action
Try enabling Preserve log option in the Network tab
Disable cache and perform a hard refresh (Ctrl+Shift+R or Cmd+Shift+R)
Verify you’re looking at the correct browser tab
Check if content blockers are interfering with network requests

Filtering problems

If filtering doesn’t show expected results:

Verify the filter string exactly matches part of the API URL
Try the built-in Fetch/XHR filter instead of text filtering
Clear all filters to check if requests appear at all
Ensure your browser isn’t blocking certain requests

Authentication errors

If calls return HTTP 401 or similar errors:

Verify your Tallyfy session is active
Check that your API token is valid and properly formatted
Ensure all required headers are included in your requests
Confirm your user account has permission for the requested action

CORS or preflight issues

For cross-origin implementation challenges:

Note any CORS preflight (OPTIONS) requests
Check response headers for CORS permissions
Understand allowed origins and methods

Security considerations

When working with API calls:

Never share authentication tokens publicly
Mask sensitive data in screenshots or shared requests
Be aware of data access implications when replicating calls
Remember that all actions through the API are tracked in audit logs

Integrations > Open API

The Tallyfy REST API enables developers to build custom integrations access core platform features and automate workflows through secure authentication methods while adhering to rate limits and technical requirements for making API requests.

Open Api > Integrate with Tallyfy using the API

The Tallyfy REST API enables workflow integration through user-based or application-based authentication methods while supporting multi-organization contexts and providing webhooks for event-driven functionality.

Open Api > API code samples

The Tallyfy REST API documentation provides code samples across multiple programming languages for integrating with the platform using proper authentication headers and base URL endpoints.

Miscellaneous > Troubleshooting

A comprehensive guide detailing various troubleshooting methods browser-specific solutions rate limits and cache management techniques to resolve common Tallyfy performance issues and errors.

Get in touch

About Tallyfy