/docs/api
API v1 Documentation
These docs and the OpenAPI specification are generated from the same manifest source.
Endpoint pairs
148
Manifest and OpenAPI share the same source.
Groups
9
Meta, account, projects, boards, and more.
Alias routes
11
Compatibility POST aliases stay visible in the docs.
Deprecated
1
Legacy paths stay documented for migration.
Quickstart (n8n / OpenClaw)
1. Import: https://www.sunoxio.com/api/v1/openapi.json
2. Authentication:
- Authorization: Bearer <api-key-or-supabase-token>
- or header X-API-Key
3. Test request: GET /api/v1/meAuthentication
Supported: `Authorization: Bearer <token>` and `X-API-Key: <key>`. The bearer header accepts API keys as well as first-party Supabase access tokens; API v1 stays stateless and does not rely on cookies.
| Header | Example | Description |
|---|---|---|
| Authorization | Bearer sk_live_... or Bearer <supabase-access-token> | Accepts API keys as well as first-party Supabase access tokens. No cookies or session state required. |
| X-API-Key | sk_live_... | Alternative header for stateless API-key clients and browser extensions. |
curl -X GET "https://www.sunoxio.com/api/v1/me" \
-H "Authorization: Bearer sk_live_..."curl -X GET "https://www.sunoxio.com/api/v1/me" \
-H "X-API-Key: sk_live_..."Browser extensions & CORS
All `/api/v1/*` endpoints support API-key requests directly from browser clients such as Chrome extensions. Preflight requests (`OPTIONS`) are handled and the API allows at least `Authorization`, `X-API-Key`, and `Content-Type`.
For stateless API-key endpoints the API returns `Access-Control-Allow-Origin: *`. Do not send cookies and do not use the `credentials` option for these requests.
const response = await fetch("https://www.sunoxio.com/api/v1/me", {
method: "GET",
headers: {
"Authorization": "Bearer sk_live_...",
"Content-Type": "application/json"
}
});
const data = await response.json();Scope matrix
| Scope | Description |
|---|---|
| * | Full access (compatibility mode). |
| projects.read | Read projects/boards. |
| projects.write | Write projects/boards. |
| organizations.read | Read organizations. |
| organizations.write | Manage organizations. |
| members.read | Read members. |
| members.write | Manage members. |
| invite_links.read | Read invite links. |
| invite_links.write | Manage invite links/invitations. |
| boards.read | Read whiteboard. |
| boards.write | Write whiteboard. |
| automations.read | Read automations. |
| automations.write | Run/update automations. |
| media.write | Media uploads/deletions. |
Rate limits
When exceeded, API returns HTTP 429 with `Retry-After`.
- Read: 300/min
- Write: 90/min
- Automations: 60/min
- Headers:
X-RateLimit-Limit,X-RateLimit-Remaining,X-RateLimit-Reset,Retry-After
Endpoints
Meta
General API information and self-description.
| Method | Path | Scope | Description |
|---|---|---|---|
| GET | /api/v1/openapi.json | - | OpenAPI specification as JSON. |
| GET | /api/v1/me | - | Get the current API user. |
Account
Bootstrap, profile, billing, and notifications.
| Method | Path | Scope | Description |
|---|---|---|---|
| GET | /api/v1/bootstrap | - | Load mobile bootstrap data. |
| GET | /api/v1/notifications | - | List notifications. |
| POST | /api/v1/notifications/read-all | - | Mark all notifications as read. |
| POST | /api/v1/notifications/{id}/read | - | Mark notification as read. |
| DELETE | /api/v1/notifications/{id} | - | Delete notification. |
| GET | /api/v1/profile | - | Get profile. |
| PATCH | /api/v1/profile | - | Update profile. |
| POST | /api/v1/profile/password | - | Update password. |
| POST | /api/v1/profile/avatar | - | Upload profile avatar. |
| GET | /api/v1/billing/status | - | Get billing status. |
Content
Legal texts and structured documentation content for mobile.
| Method | Path | Scope | Description |
|---|---|---|---|
| GET | /api/v1/content/{slug} | - | Get mobile content. |
Projects
Project and workspace management.
| Method | Path | Scope | Description |
|---|---|---|---|
| GET | /api/v1/projects | projects.read | List projects. |
| POST | /api/v1/projects | projects.write | Create project. |
| GET | /api/v1/projects/{id} | projects.read | Get project. |
| PATCH | /api/v1/projects/{id} | projects.write | Update project. |
| DELETE | /api/v1/projects/{id} | projects.write | Delete project. |
| POST | /api/v1/projects/{id}/leave | projects.write | Leave project. |
| POST | /api/v1/projects/{id}/last-used | projects.write | Update last-used timestamp. |
| PATCH | /api/v1/projects/{id}/workspaces | projects.write | Toggle workspace flags. |
| GET | /api/v1/projects/{id}/analytics | projects.read | Get flow and delivery analytics for a project. |
| PATCH | /api/v1/projects/{id}/organization | projects.write | Attach or detach project organization. |
| GET | /api/v1/projects/{id}/overrides/{userId} | projects.read | Get workspace override for organization member. |
| PUT | /api/v1/projects/{id}/overrides/{userId} | projects.write | Set workspace override for organization member. |
| DELETE | /api/v1/projects/{id}/overrides/{userId} | projects.write | Delete workspace override for organization member. |
Organizations
Team structure, roles, and invitations.
| Method | Path | Scope | Description |
|---|---|---|---|
| GET | /api/v1/organizations | organizations.read | List organizations. |
| POST | /api/v1/organizations | organizations.write | Create organization. |
| GET | /api/v1/organizations/{id} | organizations.read | Get organization. |
| PATCH | /api/v1/organizations/{id} | organizations.write | Update organization. |
| POST | /api/v1/organizations/{id}/owner/transfer | organizations.write | Transfer organization ownership. |
| GET | /api/v1/organizations/{id}/members | organizations.read | List organization members. |
| PATCH | /api/v1/organizations/{id}/members/{userId} | organizations.write | Update organization member role. |
| DELETE | /api/v1/organizations/{id}/members/{userId} | organizations.write | Remove organization member. |
| POST | /api/v1/organizations/{id}/invitations | organizations.write | Create organization invitation. |
| POST | /api/v1/organizations/{id}/invitations/{invitationId}/respond | organizations.write | Respond to organization invitation. |
Kanban
Columns and cards.
| Method | Path | Scope | Description |
|---|---|---|---|
| GET | /api/v1/me/tasks | projects.read | List tasks assigned to the current API user. |
| GET | /api/v1/projects/{id}/columns | projects.read | List project columns. |
| POST | /api/v1/projects/{id}/columns | projects.write | Create column. |
| GET | /api/v1/columns/{id} | projects.read | Get column. |
| PATCH | /api/v1/columns/{id} | projects.write | Update column. |
| DELETE | /api/v1/columns/{id} | projects.write | Delete column. |
| GET | /api/v1/columns/{id}/cards | projects.read | List column cards. |
| POST | /api/v1/columns/{id}/cards | projects.write | Create card. |
| GET | /api/v1/cards/{id} | projects.read | Get card. |
| PATCH | /api/v1/cards/{id} | projects.write | Update card. |
| DELETE | /api/v1/cards/{id} | projects.write | Delete card. |
| GET | /api/v1/cards/{id}/dependencies | projects.read | List card dependencies. |
| POST | /api/v1/cards/{id}/dependencies | projects.write | Create card dependency. |
| DELETE | /api/v1/cards/{id}/dependencies/{dependencyId} | projects.write | Delete card dependency. |
| GET | /api/v1/cards/{id}/comments | projects.read | List card comments. |
| POST | /api/v1/cards/{id}/comments | projects.write | Create card comment. |
| DELETE | /api/v1/cards/{id}/comments | projects.write | Delete card comment. |
| GET | /api/v1/kanban/views | projects.read | List saved Kanban views. |
| POST | /api/v1/kanban/views | projects.write | Create saved Kanban view. |
| PATCH | /api/v1/kanban/views/{viewId} | projects.write | Update saved Kanban view. |
| DELETE | /api/v1/kanban/views/{viewId} | projects.write | Delete saved Kanban view. |
Members & Invites
Project members, invite links, and invitations.
| Method | Path | Scope | Description |
|---|---|---|---|
| GET | /api/v1/projects/{id}/members | members.read | List project members. |
| POST | /api/v1/projects/{id}/members | members.write | Add project member. |
| PATCH | /api/v1/projects/{id}/members/{userId} | members.write | Update member role. |
| DELETE | /api/v1/projects/{id}/members/{userId} | members.write | Remove member. |
| GET | /api/v1/projects/{id}/invite-links | invite_links.read | List invite links. |
| POST | /api/v1/projects/{id}/invite-links | invite_links.write | Create invite link. |
| DELETE | /api/v1/projects/{id}/invite-links/{inviteLinkId} | invite_links.write | Delete invite link. |
| POST | /api/v1/projects/{id}/invite-links/{inviteLinkId}/join | invite_links.write | Join via invite link. |
| POST | /api/v1/projects/{id}/invitations | invite_links.write | Create direct invitation. |
| POST | /api/v1/projects/{id}/invitations/{invitationId}/respond | invite_links.write | Respond to invitation. |
| DELETE | /api/v1/invite-links/{token} | invite_links.write | Delete invite link (deprecated alias).Deprecated |
Whiteboard
Board content, visibility, media, and permissions.
| Method | Path | Scope | Description |
|---|---|---|---|
| GET | /api/v1/whiteboard-templates | organizations.read | List whiteboard templates. |
| POST | /api/v1/whiteboard-templates | organizations.write | Create whiteboard template. |
| GET | /api/v1/whiteboard-templates/{templateId} | organizations.read | Get whiteboard template. |
| PATCH | /api/v1/whiteboard-templates/{templateId} | organizations.write | Update whiteboard template. |
| DELETE | /api/v1/whiteboard-templates/{templateId} | organizations.write | Delete whiteboard template. |
| GET | /api/v1/boards/{id} | boards.read | Get board with whiteboard data. |
| GET | /api/v1/boards/{id}/nodes | boards.read | List nodes. |
| PUT | /api/v1/boards/{id}/nodes | boards.write | Upsert nodes. |
| DELETE | /api/v1/boards/{id}/nodes | boards.write | Delete nodes. |
| POST | /api/v1/boards/{id}/nodes | boards.write | Upsert nodes (alias).Alias |
| GET | /api/v1/boards/{id}/sticky-notes | boards.read | List sticky notes. |
| PUT | /api/v1/boards/{id}/sticky-notes | boards.write | Upsert sticky notes. |
| DELETE | /api/v1/boards/{id}/sticky-notes | boards.write | Delete sticky notes. |
| POST | /api/v1/boards/{id}/sticky-notes | boards.write | Upsert sticky notes (alias).Alias |
| GET | /api/v1/boards/{id}/drawings | boards.read | List drawings. |
| PUT | /api/v1/boards/{id}/drawings | boards.write | Upsert drawings. |
| DELETE | /api/v1/boards/{id}/drawings | boards.write | Delete drawings. |
| POST | /api/v1/boards/{id}/drawings | boards.write | Upsert drawings (alias).Alias |
| GET | /api/v1/boards/{id}/free-texts | boards.read | List free texts. |
| PUT | /api/v1/boards/{id}/free-texts | boards.write | Upsert free texts. |
| DELETE | /api/v1/boards/{id}/free-texts | boards.write | Delete free texts. |
| POST | /api/v1/boards/{id}/free-texts | boards.write | Upsert free texts (alias).Alias |
| GET | /api/v1/boards/{id}/images | boards.read | List images. |
| PUT | /api/v1/boards/{id}/images | boards.write | Upsert images. |
| DELETE | /api/v1/boards/{id}/images | boards.write | Delete images. |
| POST | /api/v1/boards/{id}/images | boards.write | Upsert images (alias).Alias |
| POST | /api/v1/boards/{id}/images/upload | media.write | Upload image file and return an authenticated media URL. |
| GET | /api/v1/boards/{id}/edges | boards.read | List edges. |
| PUT | /api/v1/boards/{id}/edges | boards.write | Upsert edges. |
| DELETE | /api/v1/boards/{id}/edges | boards.write | Delete edges. |
| POST | /api/v1/boards/{id}/edges | boards.write | Upsert edges (alias).Alias |
| GET | /api/v1/boards/{id}/tables | boards.read | List tables. |
| PUT | /api/v1/boards/{id}/tables | boards.write | Upsert tables. |
| DELETE | /api/v1/boards/{id}/tables | boards.write | Delete tables. |
| POST | /api/v1/boards/{id}/tables | boards.write | Upsert tables (alias).Alias |
| GET | /api/v1/boards/{id}/object-states | boards.read | Get object states (lock/group/order). |
| PUT | /api/v1/boards/{id}/object-states | boards.write | Upsert object states. |
| POST | /api/v1/boards/{id}/object-states | boards.write | Upsert object states (alias).Alias |
| GET | /api/v1/boards/{id}/table-cells | boards.read | List table cells. |
| PUT | /api/v1/boards/{id}/table-cells | boards.write | Upsert table cells. |
| DELETE | /api/v1/boards/{id}/table-cells | boards.write | Delete table cells. |
| POST | /api/v1/boards/{id}/table-cells | boards.write | Upsert table cells (alias).Alias |
| GET | /api/v1/boards/{id}/comments | boards.read | Get object comments. |
| POST | /api/v1/boards/{id}/comments | boards.write | Create object comment. |
| DELETE | /api/v1/boards/{id}/comments | boards.write | Delete object comment. |
| GET | /api/v1/boards/{id}/comment-counts | boards.read | Get comment counts per object. |
| GET | /api/v1/boards/{id}/mindmap-styles | boards.read | List mindmap styles. |
| PUT | /api/v1/boards/{id}/mindmap-styles | boards.write | Upsert mindmap styles. |
| DELETE | /api/v1/boards/{id}/mindmap-styles | boards.write | Delete mindmap styles. |
| POST | /api/v1/boards/{id}/mindmap-styles | boards.write | Upsert mindmap styles (alias).Alias |
| GET | /api/v1/boards/{id}/canvas-settings | boards.read | Get canvas settings. |
| PUT | /api/v1/boards/{id}/canvas-settings | boards.write | Save canvas settings. |
| POST | /api/v1/boards/{id}/canvas-settings | boards.write | Save canvas settings (alias).Alias |
| POST | /api/v1/boards/{id}/background/upload | media.write | Upload board background and return an authenticated media URL. |
| DELETE | /api/v1/boards/{id}/background | media.write | Delete board background. |
| POST | /api/v1/boards/{id}/card-images/upload | media.write | Upload card image. Include `columnId` in the multipart form data. |
| DELETE | /api/v1/boards/{id}/card-images | media.write | Delete card image. |
| GET | /api/v1/boards/{id}/permission | boards.read | Get current board permission. |
| GET | /api/v1/boards/{id}/members | boards.read | List board members. |
| PATCH | /api/v1/boards/{id}/members/{memberUserId} | boards.write | Update board member role. |
| DELETE | /api/v1/boards/{id}/members/{memberUserId} | boards.write | Remove board member. |
| GET | /api/v1/boards/{id}/visibility | boards.read | Get board visibility. |
| PATCH | /api/v1/boards/{id}/visibility | boards.write | Update board visibility. |
| PATCH | /api/v1/boards/{id}/title | boards.write | Update board title. |
| GET | /api/v1/boards/{id}/card-links | boards.read | List board card links. |
| POST | /api/v1/boards/{id}/card-links/link | boards.write | Link card to board node. |
| POST | /api/v1/boards/{id}/card-links/unlink | boards.write | Unlink board card link. |
| POST | /api/v1/boards/{id}/card-links/sync | boards.write | Sync board card link. |
| GET | /api/v1/boards/{id}/audit | boards.read | List board audit logs. |
| POST | /api/v1/boards/{id}/audit | boards.write | Create board audit log entry. |
Automations
Rules, events, runs, and AI generation.
| Method | Path | Scope | Description |
|---|---|---|---|
| GET | /api/v1/boards/{id}/automations/rules | automations.read | List automation rules. |
| POST | /api/v1/boards/{id}/automations/rules | automations.write | Create automation rule. |
| PATCH | /api/v1/boards/{id}/automations/rules/{ruleId} | automations.write | Update automation rule. |
| DELETE | /api/v1/boards/{id}/automations/rules/{ruleId} | automations.write | Delete automation rule. |
| POST | /api/v1/boards/{id}/automations/rules/{ruleId}/toggle | automations.write | Toggle automation rule. |
| GET | /api/v1/boards/{id}/automations/rules/{ruleId}/runs | automations.read | List rule runs. |
| GET | /api/v1/boards/{id}/automations/references | automations.read | Get automation references. |
| POST | /api/v1/boards/{id}/automations/events | automations.write | Dispatch automation event. |
| POST | /api/v1/boards/{id}/automations/manual-run | automations.write | Start manual automation run. |
| POST | /api/v1/boards/{id}/automations/generate | automations.write | Generate automation draft via AI. |
Error codes
`invalid_api_key` and other auth failures are returned as clean JSON error responses. With a valid server configuration, `server_misconfigured` is not a normal API-key error.
| Code | HTTP | Description |
|---|---|---|
| missing_api_key | 401 | No API key in Authorization or X-API-Key. |
| invalid_api_key | 401 | API key is invalid. |
| api_key_revoked | 401 | API key has been revoked. |
| pro_required | 403 | API key requires Pro plan. |
| insufficient_scope | 403 | Scope is insufficient. |
| rate_limited | 429 | Rate limit reached. Respect Retry-After. |