Arlo

REST Auth API

The Arlo REST Authenticated API allows you to query meta-data about your platform's Events, Contacts, Organisations, Registrations, Venues and much more.

The authenticated API allows you access to much more detail than the simpler Public API. This API is designed for systems integration such as CRM data integration and access to full registration and contact details. The Auth API is not optimised or designed for website integration. If you wish to access general event, template or categories information for display on your website, use the Public API instead which has endpoints and data formats optimised for this sort of integration.

Because the Auth API is based on REST principles, it's very easy to write and test applications. You can use your browser to access URLs, and you can use pretty much any HTTP client in any programming language to interact with the API.

Auth base URL

All URLs referenced in the documentation are children of the following base:

https://{platform_name}.arlo.co/api/2012-02-01/auth/resources/

Security

The Auth REST API is served over HTTPS. To ensure data privacy and security of credentials, unencrypted HTTP is not supported.

The REST API supports two mechanisms for authenticating access; basic authentication and OAuth 2. We recommend OAuth 2 for production integrations.

Getting started

This documentation explains the format for raw HTTP calls to the Arlo REST API. In the future we hope to have helper libraries in different languages available to speed up project implementations that require the use of the API.

To get started with the API, we recommend you read the general overview topics of how the Auth API represents the key concepts of resource collections, resource instances, including how resource linking is represented.

Before making any requests to API endpoints, we recommend you read how to correctly supply authentication credentials with your HTTP requests.

For reference documentation on key resources you might want to access, you can read more about the API's representations of Contacts, Organisations, Events and Registrations.

Many resources support partial updates via HTTP PATCH, which allows you to target specific properties for update, addition, or removal without submitting a complete resource replacement. See the HTTP PATCH partial updates guide for syntax, XPath selector patterns, and worked examples.

Integrating with external systems (Webhooks)

If you are building an integration that keeps an external system — such as a CRM, LMS, or data warehouse — synchronised with Arlo, we strongly recommend reading our guide to keeping an external system in sync. It covers the recommended architecture for a robust, production-ready integration.

The most effective integrations use Webhooks as their primary change-detection mechanism, receiving near real-time notifications whenever resources such as Contacts, Registrations, or Events are created or updated. This avoids the cost and latency of polling collection endpoints and ensures your external system stays current.

The synchronisation guide explains how to combine webhooks with the PlatformEvents query endpoint for batch-fetching entity details, how to detect and recover from missed events, and how to perform an initial bulk data import using cursor-based pagination.

Rate limiting

All requests to the Auth REST API are subject to the global rate limits. Exceeding the allowed request threshold will result in an HTTP 429 Too Many Requests response. Refer to the API Rate Limiting documentation for details on limits, commonly affected endpoints, and how to write resilient integrations.