Resources/The Agent API Atlas/Marketing/Braze

Everything an AI agent can do with the Braze API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints41

AuthenticationAPI key

Last updated23 June 2026

Orientation

How the Braze API works.

The Braze API is how an app or AI agent works with a Braze workspace: tracking users and their events, sending or scheduling messages, triggering a campaign or Canvas, managing catalogs and email templates, and exporting users by identifier or segment. Access is granted through a REST API key, and each key is created with a chosen set of granular permission scopes that set which endpoints a call can reach. Braze does not version its API, and rather than calling an app back, it pushes event data out through a separate export stream.

41Endpoints

7Capability groups

15Read

26Write

41Permissions

Authentication

Braze authenticates every REST API request with a REST API key sent as a Bearer token in the Authorization header. Keys are created in the dashboard and can be restricted to specific IP addresses. There is no OAuth flow for the core REST API; access is the key plus the scopes it carries.

Permissions

A REST API key carries a chosen set of granular permission scopes, picked when the key is created, like users.track, messages.send, campaigns.trigger.send, or users.export.ids. A key can call only the endpoints whose scope it was granted, and a request to an endpoint the key lacks returns a 403. This lets a leaked key reach only what it was scoped to.

Versioning

Braze does not version its REST API by date or path. There is one continuously updated API, with no version to pin in the request. Notable additions, changes, and deprecations ship through dated release notes, which is what an integration tracks rather than a version string.

Data model

The REST host depends on the workspace's provisioned instance, like rest.iad-01.braze.com for US-01. Requests and responses are JSON. Braze does not call an app back through inbound webhooks; instead its Currents stream exports event data server-to-server to a connected store. Rate limits are metered per time window, with a 250,000 per hour default and tighter ceilings on the highest-volume endpoints.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Braze determines what it can reach. There is the REST API for sending and exporting data, and a hosted server that exposes Braze tools to agents, and each is governed by the REST API key behind it and the permissions chosen for that key.

Ways to connect

REST API

The REST API takes JSON request bodies and returns JSON. Its host depends on the workspace's provisioned instance, like https://rest.iad-01.braze.com for US-01 or https://rest.fra-01.braze.eu for EU-01. A call authenticates with a REST API key sent as a Bearer token in the Authorization header.

Best forConnecting an app or AI agent to Braze.

Governed byThe REST API key and the scoped permissions chosen for it.

Docs ↗

MCP server

Braze publishes a first-party Model Context Protocol server, in beta, that connects AI tools to non-PII Braze data. It reads aggregated data like campaign and Canvas analytics, custom attributes, and segments, and supports specific writes like creating media library assets, email templates, and content blocks. The current build runs locally from the braze-mcp-server package and authenticates with a REST API key; Braze has said a remote, hosted server is in early access. Claude and Cursor are the officially supported clients.

Best forConnecting an AI agent to Braze through MCP.

Governed byThe REST API key created for the MCP client and the permissions chosen for it.

Docs ↗

Currents (data export)

Currents is Braze's near real-time event export stream. Rather than calling an app back through inbound webhooks, Braze pushes message engagement and user behavior events server-to-server to a connected data store or warehouse, so an integration receives activity without polling. It is configured in the dashboard, not through the REST API.

Best forReceiving Braze events at a data store without polling.

Governed byThe Currents connection configured in the dashboard.

Docs ↗

Authentication

REST API key

Braze authenticates every REST API request with a REST API key passed as a Bearer token in the Authorization header. A key is created in the dashboard with a chosen set of granular permission scopes, like users.track, messages.send, or campaigns.trigger.send, so it can call only the endpoints it was granted. A key can also be restricted to specific IP addresses. A request with no key or a key missing the needed scope is rejected.

TokenREST API key (Bearer token)

Best forServer-side calls scoped to specific endpoints.

Docs ↗

Capability map

What an AI agent can do in Braze.

The Braze API is split into areas an agent can act on, like user data, messaging, subscription groups, catalogs, email lists, templates, and segments. Each area has its own methods, and writes in some areas send live messages or change subscriber records.

User data

9 endpoints

Methods for recording, identifying, exporting, and deleting user profiles.

A write here changes real user profile data, and a delete is irreversible.

View endpoints →

Messaging

8 endpoints

Methods for sending, triggering, and scheduling messages, campaigns, and Canvases.

A write here sends or schedules live messages to real recipients.

View endpoints →

Subscription groups

3 endpoints

Methods for reading and setting a user's subscription state across groups.

A write here changes a real person's subscription status.

View endpoints →

Catalogs

7 endpoints

Methods for managing catalogs and the items inside them.

A write here changes real catalog data used in personalization.

View endpoints →

Email lists

5 endpoints

Methods for querying and changing email bounce, spam, and subscription records.

A write here changes real deliverability and subscription records.

View endpoints →

Templates & content blocks

6 endpoints

Methods for managing reusable email templates and content blocks.

A write here changes reusable content other messages depend on.

View endpoints →

Segments

3 endpoints

Methods for listing segments and reading their analytics.

A read here exposes audience membership and analytics.

View endpoints →

Endpoint reference

Every Braze API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
User data Methods for recording, identifying, exporting, and deleting user profiles.9
POST	`/users/track`	Record user attributes, custom events, and purchases on user profiles.	write	`users.track`	Current
A single request may carry up to 75 combined attribute, event, and purchase objects. Acts onuser Permission (capability)`users.track` VersionAvailable since the API’s base version Webhook eventNone Rate limit3,000 requests per 3 seconds SourceOfficial documentation ↗
POST	`/users/identify`	Associate an anonymous, alias-only profile with an identified user by external ID.	write	`users.identify`	Current
Shares a 20,000 requests per minute pool with delete, alias, and merge. Acts onuser Permission (capability)`users.identify` VersionAvailable since the API’s base version Webhook eventNone Rate limit20,000 requests per minute, shared SourceOfficial documentation ↗
POST	`/users/alias/new`	Create a new user alias for an existing identified user.	write	`users.alias.new`	Current
Shares a 20,000 requests per minute pool with identify, delete, and merge. Acts onuser_alias Permission (capability)`users.alias.new` VersionAvailable since the API’s base version Webhook eventNone Rate limit20,000 requests per minute, shared SourceOfficial documentation ↗
POST	`/users/merge`	Merge two user profiles into one, combining their data.	write	`users.merge`	Current
Shares a 20,000 requests per minute pool with identify, alias, and delete. Acts onuser Permission (capability)`users.merge` VersionAvailable since the API’s base version Webhook eventNone Rate limit20,000 requests per minute, shared SourceOfficial documentation ↗
POST	`/users/delete`	Delete user profiles by external ID, Braze ID, or user alias.	write	`users.delete`	Current
Irreversible; shares a 20,000 requests per minute pool with identify, alias, and merge. Acts onuser Permission (capability)`users.delete` VersionAvailable since the API’s base version Webhook eventNone Rate limit20,000 requests per minute, shared SourceOfficial documentation ↗
POST	`/users/export/ids`	Export user profiles by identifier (external ID, Braze ID, email, or alias).	read	`users.export.ids`	Current
Returns profile data; 250 requests per minute for workspaces onboarded after 22 August 2024, 2,500 per minute before. Acts onuser Permission (capability)`users.export.ids` VersionAvailable since the API’s base version Webhook eventNone Rate limit250 requests per minute SourceOfficial documentation ↗
POST	`/users/export/segment`	Export all user profiles within a named segment to a connected data store.	read	`users.export.segment`	Current
Exports an entire segment's membership; shares the 250,000 per hour pool. Acts onuser Permission (capability)`users.export.segment` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
POST	`/users/external_ids/rename`	Rename a user's deprecated external ID to a new external ID.	write	`users.external_ids.rename`	Current
A core write to a user's primary identifier. Acts onexternal_id Permission (capability)`users.external_ids.rename` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/users/external_ids/remove`	Remove deprecated external IDs once a rename migration is complete.	write	`users.external_ids.remove`	Current
Irreversible removal of the old identifier. Acts onexternal_id Permission (capability)`users.external_ids.remove` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Messaging Methods for sending, triggering, and scheduling messages, campaigns, and Canvases.8
POST	`/messages/send`	Send messages immediately to a set of users via the API.	write	`messages.send`	Current
Sends live messages; broadcast sends are limited to 250 per minute across all audiences and 10 per minute per audience. Acts onmessage Permission (capability)`messages.send` VersionAvailable since the API’s base version Webhook eventNone Rate limit250 requests per minute (broadcast) SourceOfficial documentation ↗
POST	`/messages/send/create`	Create a send ID to track and report on a message send.	write	`messages.send_id.create`	Current
Creates an identifier; no message is sent by this call alone. Acts onsend_id Permission (capability)`messages.send_id.create` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/campaigns/trigger/send`	Trigger an API-triggered campaign send to specified recipients.	write	`campaigns.trigger.send`	Current
Sends a live campaign; broadcast sends share the 250 per minute broadcast limit. Acts oncampaign Permission (capability)`campaigns.trigger.send` VersionAvailable since the API’s base version Webhook eventNone Rate limit250 requests per minute (broadcast) SourceOfficial documentation ↗
POST	`/canvas/trigger/send`	Trigger an API-triggered Canvas send to specified recipients.	write	`canvas.trigger.send`	Current
Sends a live Canvas; broadcast sends share the 250 per minute broadcast limit. Acts oncanvas Permission (capability)`canvas.trigger.send` VersionAvailable since the API’s base version Webhook eventNone Rate limit250 requests per minute (broadcast) SourceOfficial documentation ↗
POST	`/messages/schedule/create`	Schedule messages, campaigns, or Canvases to send at a future time.	write	`messages.schedule.create`	Current
Queues a future send; non-broadcast calls share the 250,000 per hour pool. Acts onscheduled_message Permission (capability)`messages.schedule.create` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
POST	`/messages/schedule/update`	Update an already scheduled message before it sends.	write	`messages.schedule.update`	Current
Changes a queued send. Acts onscheduled_message Permission (capability)`messages.schedule.update` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/messages/schedule/delete`	Cancel a scheduled message before it sends.	write	`messages.schedule.delete`	Current
Cancels a queued send. Acts onscheduled_message Permission (capability)`messages.schedule.delete` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/messages/scheduled_broadcasts`	List upcoming scheduled campaigns and Canvases broadcast to entire segments.	read	`messages.schedule_broadcasts`	Current
Read-only. Acts onscheduled_message Permission (capability)`messages.schedule_broadcasts` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
Subscription groups Methods for reading and setting a user's subscription state across groups.3
GET	`/subscription/status/get`	List a user's subscription status across their subscription groups.	read	`subscription.status.get`	Current
Read-only; reveals a person's opt-in or opt-out state. Acts onsubscription_group Permission (capability)`subscription.status.get` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
GET	`/subscription/user/status`	List the subscription groups a user belongs to, with their status.	read	`subscription.groups.get`	Current
Read-only. Acts onsubscription_group Permission (capability)`subscription.groups.get` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
POST	`/subscription/status/set`	Set a user's subscription status within one or more subscription groups.	write	`subscription.status.set`	Current
Changes a real person's opt-in or opt-out state. Acts onsubscription_group Permission (capability)`subscription.status.set` VersionAvailable since the API’s base version Webhook eventNone Rate limit5,000 requests per minute SourceOfficial documentation ↗
Catalogs Methods for managing catalogs and the items inside them.7
GET	`/catalogs`	List all catalogs in the workspace.	read	`catalogs.get`	Current
Read-only. Acts oncatalog Permission (capability)`catalogs.get` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
POST	`/catalogs`	Create a new catalog with a defined set of fields.	write	`catalogs.create`	Current
Defines a new catalog schema. Acts oncatalog Permission (capability)`catalogs.create` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/catalogs/{catalog_name}`	Delete a catalog and all of its items.	write	`catalogs.delete`	Current
Irreversible; removes the catalog and every item in it. Acts oncatalog Permission (capability)`catalogs.delete` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/catalogs/{catalog_name}/items`	Add new items to a catalog.	write	`catalogs.add_items`	Current
A core catalog write. Acts oncatalog_item Permission (capability)`catalogs.add_items` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/catalogs/{catalog_name}/items/{item_id}`	Edit an existing catalog item.	write	`catalogs.update_items`	Current
Updates fields on an existing item. Acts oncatalog_item Permission (capability)`catalogs.update_items` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/catalogs/{catalog_name}/items`	List the items in a catalog.	read	`catalogs.get_items`	Current
Read-only. Acts oncatalog_item Permission (capability)`catalogs.get_items` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
DELETE	`/catalogs/{catalog_name}/items/{item_id}`	Delete a single item from a catalog.	write	`catalogs.delete_items`	Current
Removes an item from the catalog. Acts oncatalog_item Permission (capability)`catalogs.delete_items` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Email lists Methods for querying and changing email bounce, spam, and subscription records.5
POST	`/email/status`	Change the subscription status of an email address.	write	`email.status`	Current
Changes a real email address's subscription state. Acts onemail Permission (capability)`email.status` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
GET	`/email/hard_bounces`	Query the list of email addresses that have hard bounced.	read	`email.hard_bounces`	Current
Read-only. Acts onemail Permission (capability)`email.hard_bounces` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
GET	`/email/unsubscribes`	Query the list of email addresses that have unsubscribed.	read	`email.unsubscribes`	Current
Read-only. Acts onemail Permission (capability)`email.unsubscribes` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
POST	`/email/bounce/remove`	Remove email addresses from the hard bounce list.	write	`email.bounce.remove`	Current
Re-enables sending to a previously bounced address. Acts onemail Permission (capability)`email.bounce.remove` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
POST	`/email/blocklist`	Add email addresses to the blocklist so Braze stops sending to them.	write	`email.blocklist`	Current
Stops all sends to the listed addresses and unsubscribes them. Acts onemail Permission (capability)`email.blocklist` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
Templates & content blocks Methods for managing reusable email templates and content blocks.6
POST	`/templates/email/create`	Create a reusable email template.	write	`templates.email.create`	Current
A core content write. Acts onemail_template Permission (capability)`templates.email.create` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
POST	`/templates/email/update`	Update an existing email template.	write	`templates.email.update`	Current
Changes a template other messages may reference. Acts onemail_template Permission (capability)`templates.email.update` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
GET	`/templates/email/list`	List available email templates.	read	`templates.email.list`	Current
Read-only. Acts onemail_template Permission (capability)`templates.email.list` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
GET	`/templates/email/info`	See the details and body of a specific email template.	read	`templates.email.info`	Current
Read-only. Acts onemail_template Permission (capability)`templates.email.info` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
POST	`/content_blocks/create`	Create a reusable content block for use across messages.	write	`content_blocks.create`	Current
A core content write. Acts oncontent_block Permission (capability)`content_blocks.create` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
GET	`/content_blocks/list`	List available content blocks.	read	`content_blocks.list`	Current
Read-only. Acts oncontent_block Permission (capability)`content_blocks.list` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
Segments Methods for listing segments and reading their analytics.3
GET	`/segments/list`	List the segments in the workspace, with their names and analytics-tracking flag.	read	`segments.list`	Current
Read-only. Acts onsegment Permission (capability)`segments.list` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
GET	`/segments/details`	See the details of a segment, like its creation time and filters.	read	`segments.details`	Current
Read-only. Acts onsegment Permission (capability)`segments.details` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗
GET	`/segments/data_series`	See a daily series of the estimated size of a segment over time.	read	`segments.data_series`	Current
Read-only; requires analytics tracking enabled on the segment. Acts onsegment Permission (capability)`segments.data_series` VersionAvailable since the API’s base version Webhook eventNone Rate limit250,000 requests per hour, shared SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Braze does not call an app back through inbound webhooks. Instead, its Currents stream exports event data server-to-server in near real time to a connected data store, so an integration receives activity without polling the REST API.

Event	What it signals	Triggered by

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Braze limits how fast an app can call, with a default ceiling that most endpoints share and tighter per-endpoint ceilings on the highest-volume methods, measured in requests per hour, minute, or a few seconds.

Request rate

Braze meters requests per time window, not by a per-method cost or point weighting. Most endpoints share a default ceiling of 250,000 requests per hour, while the highest-volume methods carry their own tighter limits: /users/track allows 3,000 requests per 3 seconds (with up to 75 combined attribute, event, and purchase objects per request), the identify, delete, alias, and merge endpoints share 20,000 requests per minute, and broadcast sends across messages, campaigns, and Canvases are capped at 250 per minute across all audiences and 10 per minute per audience. Going over returns HTTP 429, and every response carries X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers describing the current window.

Pagination

List and export endpoints page with a cursor or an offset depending on the endpoint. The user export by identifier endpoint accepts up to 50 identifiers per request, and segment exports stream the full segment to a connected store. Each endpoint's reference page documents its own paging fields.

Request size

A /users/track request may carry up to 75 combined attribute, event, and purchase objects, and the user data endpoints enforce a 4 MB payload limit per request. The user export by identifier endpoint accepts up to 50 identifiers at a time.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`Bad Request`	The request was malformed, such as invalid JSON or a missing required field.	Fix the request body against the endpoint's documented parameters and resend.
401	`Unauthorized`	No valid REST API key was provided.	Send a valid REST API key as a Bearer token in the Authorization header.
403	`Forbidden`	The API key is valid but lacks the permission scope this endpoint requires.	Grant the endpoint's scope on the key, or use a key that already carries it.
404	`Not Found`	The endpoint or referenced object does not exist, often a wrong REST host for the instance.	Confirm the path and use the REST endpoint that matches the workspace's instance.
429	`Rate Limited`	The request exceeded the endpoint's rate limit.	Back off using the X-RateLimit-Reset header, then retry with exponential backoff.
500	`Internal Server Error`	An error occurred on Braze's side. It is rare.	Retry with backoff, and contact Braze support if it persists.

Versioning & freshness

Version history.

Braze does not version its REST API by date or path. There is one continuously updated API, and notable changes ship through dated release notes.

Version history

What changed, and when

Latest versionCurrent

CurrentCurrent version

Continuously updated REST API

Braze does not version its REST API by date or path. There is one continuously updated API, and notable additions, changes, and deprecations ship through dated release notes rather than a new version string. The entries below are recent dated changes relevant to the REST API and integrations.

What changed

The API is unversioned; track the release notes for additions and deprecations.
Endpoints authenticate with a scoped REST API key sent as a Bearer token.

2026-03-05Feature update

March 2026 release

Braze launched a new data center, JP-01, adding another regional REST host for provisioned workspaces.

What changed

New JP-01 data center, with its own REST endpoint host.

2026-01-08Feature update

January 2026 release

Per-channel rate limits and new Currents export fields shipped.

What changed

A campaign or Canvas can set a per-channel rate limit, like 5,000 webhooks and 2,500 SMS messages per minute, instead of a single shared multi-channel limit.
New fields added to push notification and RCS Currents event types, like the push token of the event.

2025-11-11Requires migration

November 2025 release

Deprecated API methods were removed and native SDK version bindings updated.

What changed

Removal of several deprecated API methods.
Updates to native SDK version bindings.

2025-09-16Feature update

September 2025 release

Connected Content gained stored token-authentication credentials.

What changed

Braze can store credentials that hold token authentication header values for APIs called through Connected Content.

There is no version to pin; track the release notes for additions and deprecations.

Braze release notes ↗

Questions

Braze API, answered.

How do I authenticate with the Braze REST API?+

Send a REST API key as a Bearer token in the Authorization header: Authorization: Bearer YOUR_REST_API_KEY. Keys are created in the dashboard, where each key is given a set of permission scopes. A key with no scope for an endpoint, or a missing key, is rejected with a 401 or 403.

How do API key permission scopes work?+

When a REST API key is created, it is granted a specific set of scopes, like users.track, messages.send, or users.export.ids. The key can then call only the endpoints those scopes cover. Scoping a key narrowly means a leaked key reaches only the endpoints it was granted, and a call to anything else returns a 403 Forbidden.

Which REST endpoint URL should I use?+

Braze runs multiple regional instances, and the REST host depends on which one a workspace is provisioned to, like https://rest.iad-01.braze.com for US-01 or https://rest.fra-01.braze.eu for EU-01. Using the wrong instance host returns a 404. The correct host is shown in the dashboard under Manage Settings.

Does Braze send inbound webhooks?+

The Braze REST API is for sending data in and exporting data out, not for receiving callbacks. To get event data out of Braze in near real time, Currents streams message engagement and user behavior events server-to-server to a connected data store or warehouse, configured in the dashboard rather than through the REST API.

What are the rate limits?+

Most endpoints share a default of 250,000 requests per hour. The highest-volume methods have their own tighter limits: /users/track allows 3,000 requests per 3 seconds, the identify, delete, alias, and merge endpoints share 20,000 per minute, and broadcast sends are capped at 250 per minute across all audiences. A 429 response signals the limit was hit, and every response includes X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers.

Is the Braze REST API versioned?+

No. There is a single, continuously updated REST API with no dated version or path segment to pin. Changes ship through dated release notes, so an integration tracks those rather than a version string. Deprecated methods are announced and removed through the same notes.

Does Braze have an official MCP server for AI agents?+

Yes. Braze publishes a first-party Model Context Protocol server, in beta, that lets AI tools like Claude and Cursor read non-PII Braze data, like campaign and Canvas analytics, custom attributes, and segments, and perform specific writes like creating media library assets and templates. It authenticates with a REST API key, and Braze has said a remote, hosted version is in early access.

What is Bollard AI?

Control what every AI agent can do in Braze.

Bollard AI sits between a team's AI agents and Braze. Grant each agent exactly the access it needs, read or write, area by area, and every call is checked and logged.

Set read, write, or full access per agent, never a shared Braze key.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Braze access in Bollard Browse all APIs →

Braze

Lifecycle Agent

Track users ActionOffReadFull use

Send messages ActionOffReadFull use

Export segment data ResourceOffReadFull use

Email templates ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in Braze

How the Braze API works.

Connection & authentication methods.

REST API

MCP server

Currents (data export)

REST API key

What an AI agent can do in Braze.

User data

Messaging

Subscription groups

Catalogs

Email lists

Templates & content blocks

Segments

Every Braze API method.

User data

Messaging

Subscription groups

Catalogs

Email lists

Templates & content blocks

Segments

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Braze API, answered.

More marketing API guides for agents

Constant Contact

Campaign Monitor

GetResponse

MailerLite

Mailgun

Postmark

Control what every AI agent can do in Braze.