Base URL
Authentication
Every request must include a valid JWT in theAuthorization header:
POST /api/auth/login. Tokens expire after 7 days. See authentication for details.
Response format
All responses use a consistent JSON envelope. Success:200— success201— resource created400— bad request (validation error)401— missing or invalid token403— token valid but insufficient permissions404— resource not found500— server error
Workspace scoping
Every API request is scoped to the workspace encoded in the JWT. You cannot access data from another workspace with a single token. To act on behalf of a different workspace, obtain a token for that workspace via/api/auth/login with that workspace’s credentials.
Permissions
Most endpoints require specific role permissions. If your token’s role lacks the required permission, the API returns403 Forbidden.
Permission requirements are noted per endpoint in the API reference.
Content type
Send request bodies as JSON with theContent-Type: application/json header.
Rate limits
The API does not enforce hard rate limits currently. Avoid sending more than 10 requests per second per workspace to prevent performance degradation.The API is intended for integrations and automation. If you’re building a user-facing application, contact info@equitysoft.in to discuss your use case.