API - Version 2

Goals of new API:

  1. Better conventions (ReST)
  2. More generic (not tied to ruby at all)
  3. Most UI functions should also be available via API


All methods require authentication unless specified otherwise.

Authentication will be done via an Oauth2 token using Authorization header, eg:

Authorization: OAuth abc4c7c627376858

or in parameters:



All request bodies should be in JSON format, with Content-Type application/json. 

Base URL (all endpoints are prefixed with this): 



All responses are in JSON, with Content-Type application/json.

Common response:

{ "status_code": 200, "msg": "some success or error message" }

Status Codes:

  • All successful GET requests return 200 OK
  • All successful POST requests return 201 Created

  • Invalid JSON (can't be parsed or has wrong types) results in 400 Bad Request

  • Failure to authenticate results in 401 Unauthorized

  • Bad project ID/task ID/etc. results in 404 Not Found

  • Bad request methods result in 405 Method Not Allowed.  More specifically, the URL may be ok, but not for the method invoked (e.g. ok for GET, not ok to DELETE)

  • Bad Content-Type in a POST request results in 406 Not Acceptable

Specific endpoints may provide other errors in other situations.

When there's an error, the response body contains a JSON object something like:

{ "status_code": 400, "msg": "reason for error" }

Date / Time Format

All date/time/timestamps will use the ISO 8601 / RFC 3339 format.