Back to Wekan

Wekan REST API (v9.83)

public/api/wekan.html

9.8391.2 KB
Original Source
  • Production Security Concerns

  • Login

    • postLogin with REST API
    • postRegister with REST API
  • AttachmentStorageSettings

    • getGet the attachment storage / upload-block settings (GlobalAdmin)
    • putUpdate the attachment storage / upload-block settings (GlobalAdmin)
  • Settings

    • getGet the attachment storage / upload-block settings (GlobalAdmin)
    • putUpdate the attachment storage / upload-block settings (GlobalAdmin)
    • getGet the global Admin Panel settings
    • getGet the global Admin Panel settings
    • putUpdate the global Admin Panel settings
    • putUpdate the global Admin Panel settings
  • Users

    • getList email domains with their user counts (GlobalAdmin)
    • getList email domains with their user counts (GlobalAdmin)
    • postpost_board_user_add
    • postpost_board_user_remove
    • postpost_user
    • postpost_deletetoken
    • getget_user
    • getget_users
    • postpost_users
    • getget_user
    • putput_user
    • deldelete_user
  • Org

    • getList organizations with their feature toggles (GlobalAdmin)
    • putSet feature toggles on one organization (GlobalAdmin)
    • putSet one feature toggle on all organizations (GlobalAdmin)
  • Organizations

    • getList organizations with their feature toggles (GlobalAdmin)
    • putSet feature toggles on one organization (GlobalAdmin)
    • putSet one feature toggle on all organizations (GlobalAdmin)
  • Team

    • getList teams with their feature toggles (GlobalAdmin)
    • putSet feature toggles on one team (GlobalAdmin)
    • putSet one feature toggle on all teams (GlobalAdmin)
  • Teams

    • getList teams with their feature toggles (GlobalAdmin)
    • putSet feature toggles on one team (GlobalAdmin)
    • putSet one feature toggle on all teams (GlobalAdmin)
  • Boards

    • getget_boards
    • postpost_boards
    • getget_board
    • deldelete_board
    • getget_board_attachments
    • getThis route is used to export a attachement to a json file format.
    • getget_board_cardSettings
    • putput_board_cardSettings
    • postpost_board_copy
    • getGet the email domains a board is shared with
    • getGet the email domains a board is shared with
    • postShare a board with an email domain
    • postShare a board with an email domain
    • delStop sharing a board with an email domain
    • delStop sharing a board with an email domain
    • getThis route is used to export the board to a json file format.
    • getExport the board as a NextCloud Deck / OpenProject / GitHub / GitLab / Gitea / Forgejo style JSON.
    • getThis route is used to export the board to a CSV or TSV file format.
    • getExport the board as a Kanboard-style JSON (columns + tasks).
    • getThis route is used to export the board Excel.
    • getExport a whole board to PDF (board title, lists and their cards).
    • putput_board_labels
    • getThis route is used to export the board Excel.
    • postpost_board_member
    • putput_board_title
    • postImport a whole board (with its lists, cards, swimlanes, custom fields and automation rules) from a WeKan board export
    • postImport a whole board (with its lists, cards, swimlanes, custom fields and automation rules) from a WeKan board export
    • postImport a board from another tool's export
    • postImport a board from another tool's export
    • getget_boards_count
    • getget_user_boards
    • getGet a board's card settings (display toggles + card aging)
    • putUpdate a board's card settings (display toggles + card aging)
  • Checklists

    • getget_board_card_checklists
    • postpost_board_card_checklists
    • getget_board_card_checklist
    • deldelete_board_card_checklist
  • ChecklistItems

    • postpost_board_card_checklist_items
    • getget_board_card_checklist_item
    • putput_board_card_checklist_item
    • deldelete_board_card_checklist_item
  • CardComments

    • getget_board_card_comments
    • postpost_board_card_comments
    • getget_board_card_comment
    • deldelete_board_card_comment
  • Dependencies

    • getGet one card's dependencies
    • postAdd (or update) a typed dependency line from a card to another card
    • putEdit a dependency line's type, color or icon
    • delRemove a dependency line from a card
    • getGet all card dependency lines ("Red Strings") of a board
  • Cards

    • deldelete_board_cards_bulk
    • postpost_board_cards_labels
    • getget_board_customFieldValue
    • getget_board_cards_count
    • getget_board_list_cards
    • postpost_board_list_cards
    • getget_board_list_card
    • putput_board_list_card
    • deldelete_board_list_card
    • postpost_board_list_card_archive
    • postpost_board_list_card_assignee
    • deldelete_board_list_card_assignee
    • postpost_board_list_card_copy
    • postpost_board_list_card_customField
    • getExport a single card to Excel (.xlsx), formatted for DIN A4 Portrait printing.
    • postpost_board_list_card_member
    • deldelete_board_list_card_member
    • postpost_board_list_card_unarchive
    • postpost_board_list_cards_bulk
    • getget_board_list_cards_count
    • getget_board_swimlane_cards
    • getget_card
    • getget_user_cards
    • postImport an iCalendar (.ics) file into a board as cards
  • CustomFields

    • getget_board_custom-fields
    • postpost_board_custom-fields
    • getget_board_customField
    • putput_board_customField
    • deldelete_board_customField
    • postpost_board_customField_dropdown-items
    • putput_board_customField_dropdownItem
    • deldelete_board_customField_dropdownItem
  • getget_board_integrations

  • postpost_board_integrations

  • getget_board_int

  • putput_board_int

  • deldelete_board_int

  • deldelete_board_int_activities

  • postpost_board_int_activities

  • Lists

    • getget_board_lists
    • postpost_board_lists
    • getget_board_list
    • putput_board_list
    • deldelete_board_list
    • postpost_board_list_copy
    • postpost_board_list_move
  • Rules

    • getGet the list of automation rules of a board
    • getGet the list of automation rules of a board
    • postAdd an automation rule to a board
    • postAdd an automation rule to a board
    • getGet a single automation rule
    • getGet a single automation rule
    • putEdit an automation rule
    • putEdit an automation rule
    • delRemove an automation rule (and its trigger and action)
    • delRemove an automation rule (and its trigger and action)
  • Swimlanes

    • getget_board_swimlanes
    • postpost_board_swimlanes
    • getget_board_swimlane
    • putput_board_swimlane
    • deldelete_board_swimlane
    • postpost_board_swimlane_copy
    • postpost_board_swimlane_move
  • Attachments

    • postUpload a file as a card attachment
    • postUpload a board background image
    • getDownload the board's current background image as base64
    • getDownload an attachment as base64
    • getGet attachment metadata
    • getList all attachments of a board
    • getList attachments of a board filtered by swimlane
    • getList attachments of a board filtered by swimlane and list
    • getList attachments of a single card
    • postCopy an attachment to another card
    • postMove an attachment to another card
    • delDelete an attachment

API docs by Redocly

Wekan REST API (v9.83)

Download OpenAPI specification:

The REST API allows you to control and extend Wekan with ease.

If you are an end-user and not a dev or a tester, create an issue to request new APIs.

All API calls in the documentation are made using curl. However, you are free to use Java / Python / PHP / Golang / Ruby / Swift / Objective-C / Rust / Scala / C# or any other programming languages.

Production Security Concerns

When calling a production Wekan server, ensure it is running via HTTPS and has a valid SSL Certificate. The login method requires you to post your username and password in plaintext, which is why we highly suggest only calling the REST login api over HTTPS. Also, few things to note:

  • Only call via HTTPS
  • Implement a timed authorization token expiration strategy
  • Ensure the calling user only has permissions for what they are calling and no more

Login

Login with REST API

Request Body schema: application/jsonapplication/x-www-form-urlencodedapplication/json required

Login credentials

| username required |

string

Your username

| | password required |

string <password>

Your password

|

Responses

200

Successful authentication

400

Error in authentication

default

Error in authentication

post/users/login

/users/login

Request samples

  • Payload

Content type application/jsonapplication/x-www-form-urlencodedapplication/json

Copy

`{

"username": "string",

"password": "pa$$word"

}`

Register with REST API

Notes:

  • You will need to provide the token for any of the authenticated methods.
Request Body schema: application/x-www-form-urlencoded required

| username required |

string

Your username

| | password required |

string <password>

Your password

| | email required |

string

Your email

|

Responses

200

Successful registration

400

Error in registration

default

Error in registration

post/users/register

/users/register

AttachmentStorageSettings

Get the attachment storage / upload-block settings (GlobalAdmin)

Only the global admin can call this. Returns the Admin Panel > Attachments settings document, including limitSettings.attachmentsUploadBlocked and limitSettings.avatarsUploadBlocked plus the size limits. Cloud-storage secret keys (S3 secretAccessKey, Azure accountKey/connectionString, GCS credentials) are masked and never returned; a boolean <field>Set marker shows whether a value exists.

Authorizations:

UserSecurity

Responses

200

200 response

get/api/admin/attachment-settings

/api/admin/attachment-settings

Response samples

  • 200

Content type application/json

Copy

null

Update the attachment storage / upload-block settings (GlobalAdmin)

Only the global admin can call this. The request body is a partial settings object (for example {"limitSettings": {"avatarsUploadBlocked": true}}). It is applied through the same update path as the updateAttachmentStorageSettings Meteor method, so validation and $set semantics are identical: cloud-storage secrets left blank are preserved. The masked, updated settings document is returned.

Authorizations:

UserSecurity

Responses

200

200 response

put/api/admin/attachment-settings

/api/admin/attachment-settings

Response samples

  • 200

Content type application/json

Copy

null

Settings

Get the attachment storage / upload-block settings (GlobalAdmin)

Only the global admin can call this. Returns the Admin Panel > Attachments settings document, including limitSettings.attachmentsUploadBlocked and limitSettings.avatarsUploadBlocked plus the size limits. Cloud-storage secret keys (S3 secretAccessKey, Azure accountKey/connectionString, GCS credentials) are masked and never returned; a boolean <field>Set marker shows whether a value exists.

Authorizations:

UserSecurity

Responses

200

200 response

get/api/admin/attachment-settings

/api/admin/attachment-settings

Response samples

  • 200

Content type application/json

Copy

null

Update the attachment storage / upload-block settings (GlobalAdmin)

Only the global admin can call this. The request body is a partial settings object (for example {"limitSettings": {"avatarsUploadBlocked": true}}). It is applied through the same update path as the updateAttachmentStorageSettings Meteor method, so validation and $set semantics are identical: cloud-storage secrets left blank are preserved. The masked, updated settings document is returned.

Authorizations:

UserSecurity

Responses

200

200 response

put/api/admin/attachment-settings

/api/admin/attachment-settings

Response samples

  • 200

Content type application/json

Copy

null

Get the global Admin Panel settings

Only the global admin can call this. SMTP/mail-server credentials are never returned.

Authorizations:

UserSecurity

Responses

200

200 response

get/api/settings

/api/settings

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`{

"disableRegistration": true,

"disableForgotPassword": true,

"mailServer": {

"username": "string",

"password": "string",

"host": "string",

"port": "string",

"enableTLS": true,

"from": "string"

},

"productName": "string",

"displayAuthenticationMethod": true,

"defaultAuthenticationMethod": "string",

"spinnerName": "string",

"hideLogo": true,

"hideCardCounterList": true,

"hideBoardMemberList": true,

"customLoginLogoImageUrl": "string",

"customLoginLogoLinkUrl": "string",

"customHelpLinkUrl": "string",

"textBelowCustomLoginLogo": "string",

"automaticLinkedUrlSchemes": "string",

"customTopLeftCornerLogoImageUrl": "string",

"customTopLeftCornerLogoLinkUrl": "string",

"customTopLeftCornerLogoHeight": "string",

"oidcBtnText": "string",

"mailDomainName": "string",

"legalNotice": "string",

"customHeadEnabled": true,

"customHeadMetaTags": "string",

"customHeadLinkTags": "string",

"customManifestEnabled": true,

"customManifestContent": "string",

"customAssetLinksEnabled": true,

"customAssetLinksContent": "string",

"accessibilityPageEnabled": true,

"accessibilityTitle": "string",

"accessibilityContent": "string",

"supportPopupText": "string",

"supportPageEnabled": true,

"supportPagePublic": true,

"boardMembersFromSameOrgOrTeamOnly": true,

"supportTitle": "string",

"supportPageText": "string",

"createdAt": "string",

"modifiedAt": "string"

}`

Get the global Admin Panel settings

Only the global admin can call this. SMTP/mail-server credentials are never returned.

Authorizations:

UserSecurity

Responses

200

200 response

get/api/settings

/api/settings

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`{

"disableRegistration": true,

"disableForgotPassword": true,

"mailServer": {

"username": "string",

"password": "string",

"host": "string",

"port": "string",

"enableTLS": true,

"from": "string"

},

"productName": "string",

"displayAuthenticationMethod": true,

"defaultAuthenticationMethod": "string",

"spinnerName": "string",

"hideLogo": true,

"hideCardCounterList": true,

"hideBoardMemberList": true,

"customLoginLogoImageUrl": "string",

"customLoginLogoLinkUrl": "string",

"customHelpLinkUrl": "string",

"textBelowCustomLoginLogo": "string",

"automaticLinkedUrlSchemes": "string",

"customTopLeftCornerLogoImageUrl": "string",

"customTopLeftCornerLogoLinkUrl": "string",

"customTopLeftCornerLogoHeight": "string",

"oidcBtnText": "string",

"mailDomainName": "string",

"legalNotice": "string",

"customHeadEnabled": true,

"customHeadMetaTags": "string",

"customHeadLinkTags": "string",

"customManifestEnabled": true,

"customManifestContent": "string",

"customAssetLinksEnabled": true,

"customAssetLinksContent": "string",

"accessibilityPageEnabled": true,

"accessibilityTitle": "string",

"accessibilityContent": "string",

"supportPopupText": "string",

"supportPageEnabled": true,

"supportPagePublic": true,

"boardMembersFromSameOrgOrTeamOnly": true,

"supportTitle": "string",

"supportPageText": "string",

"createdAt": "string",

"modifiedAt": "string"

}`

Update the global Admin Panel settings

Only the global admin can call this. The request body is an object whose keys are settings fields to update (see get_global_settings for the list). Unknown keys and mailServer are ignored.

Authorizations:

UserSecurity

Responses

200

200 response

put/api/settings

/api/settings

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`{

"disableRegistration": true,

"disableForgotPassword": true,

"mailServer": {

"username": "string",

"password": "string",

"host": "string",

"port": "string",

"enableTLS": true,

"from": "string"

},

"productName": "string",

"displayAuthenticationMethod": true,

"defaultAuthenticationMethod": "string",

"spinnerName": "string",

"hideLogo": true,

"hideCardCounterList": true,

"hideBoardMemberList": true,

"customLoginLogoImageUrl": "string",

"customLoginLogoLinkUrl": "string",

"customHelpLinkUrl": "string",

"textBelowCustomLoginLogo": "string",

"automaticLinkedUrlSchemes": "string",

"customTopLeftCornerLogoImageUrl": "string",

"customTopLeftCornerLogoLinkUrl": "string",

"customTopLeftCornerLogoHeight": "string",

"oidcBtnText": "string",

"mailDomainName": "string",

"legalNotice": "string",

"customHeadEnabled": true,

"customHeadMetaTags": "string",

"customHeadLinkTags": "string",

"customManifestEnabled": true,

"customManifestContent": "string",

"customAssetLinksEnabled": true,

"customAssetLinksContent": "string",

"accessibilityPageEnabled": true,

"accessibilityTitle": "string",

"accessibilityContent": "string",

"supportPopupText": "string",

"supportPageEnabled": true,

"supportPagePublic": true,

"boardMembersFromSameOrgOrTeamOnly": true,

"supportTitle": "string",

"supportPageText": "string",

"createdAt": "string",

"modifiedAt": "string"

}`

Update the global Admin Panel settings

Only the global admin can call this. The request body is an object whose keys are settings fields to update (see get_global_settings for the list). Unknown keys and mailServer are ignored.

Authorizations:

UserSecurity

Responses

200

200 response

put/api/settings

/api/settings

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`{

"disableRegistration": true,

"disableForgotPassword": true,

"mailServer": {

"username": "string",

"password": "string",

"host": "string",

"port": "string",

"enableTLS": true,

"from": "string"

},

"productName": "string",

"displayAuthenticationMethod": true,

"defaultAuthenticationMethod": "string",

"spinnerName": "string",

"hideLogo": true,

"hideCardCounterList": true,

"hideBoardMemberList": true,

"customLoginLogoImageUrl": "string",

"customLoginLogoLinkUrl": "string",

"customHelpLinkUrl": "string",

"textBelowCustomLoginLogo": "string",

"automaticLinkedUrlSchemes": "string",

"customTopLeftCornerLogoImageUrl": "string",

"customTopLeftCornerLogoLinkUrl": "string",

"customTopLeftCornerLogoHeight": "string",

"oidcBtnText": "string",

"mailDomainName": "string",

"legalNotice": "string",

"customHeadEnabled": true,

"customHeadMetaTags": "string",

"customHeadLinkTags": "string",

"customManifestEnabled": true,

"customManifestContent": "string",

"customAssetLinksEnabled": true,

"customAssetLinksContent": "string",

"accessibilityPageEnabled": true,

"accessibilityTitle": "string",

"accessibilityContent": "string",

"supportPopupText": "string",

"supportPageEnabled": true,

"supportPagePublic": true,

"boardMembersFromSameOrgOrTeamOnly": true,

"supportTitle": "string",

"supportPageText": "string",

"createdAt": "string",

"modifiedAt": "string"

}`

Users

List email domains with their user counts (GlobalAdmin)

Only the global admin can call this. Counts every user by the domain part of their primary email address (the first address in emails), mirroring the Admin Panel > People domain grouping. Domains are returned sorted by descending count, then alphabetically.

Authorizations:

UserSecurity

Responses

200

200 response

get/api/admin/domains

/api/admin/domains

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"domain": "string",

"count": 0

}

]`

List email domains with their user counts (GlobalAdmin)

Only the global admin can call this. Counts every user by the domain part of their primary email address (the first address in emails), mirroring the Admin Panel > People domain grouping. Domains are returned sorted by descending count, then alphabetically.

Authorizations:

UserSecurity

Responses

200

200 response

get/api/admin/domains

/api/admin/domains

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"domain": "string",

"count": 0

}

]`

post_board_user_add

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | user required |

string

the user value

|

Request Body schema: multipart/form-data required

| action required |

string

the action value

| | role required |

string

the role value

|

Responses

200

200 response

post/api/boards/{board}/members/{user}/add

/api/boards/{board}/members/{user}/add

post_board_user_remove

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | user required |

string

the user value

|

Request Body schema: multipart/form-data required

| action required |

string

the action value

|

Responses

200

200 response

post/api/boards/{board}/members/{user}/remove

/api/boards/{board}/members/{user}/remove

post_user

Authorizations:

UserSecurity

path Parameters

| user required |

string

the user value

|

Responses

200

200 response

post/api/createtoken/{user}

/api/createtoken/{user}

post_deletetoken

Authorizations:

UserSecurity

Request Body schema: multipart/form-data required

| userId required |

string

the userId value

| | token required |

string

the token value

|

Responses

200

200 response

post/api/deletetoken

/api/deletetoken

get_user

Authorizations:

UserSecurity

Responses

200

200 response

get/api/user

/api/user

get_users

Authorizations:

UserSecurity

Responses

200

200 response

get/api/users

/api/users

post_users

Authorizations:

UserSecurity

Request Body schema: multipart/form-data required

| username required |

string

the username value

| | email required |

string

the email value

| | password required |

string

the password value

|

Responses

200

200 response

post/api/users

/api/users

get_user

Authorizations:

UserSecurity

path Parameters

| user required |

string

the user value

|

Responses

200

200 response

get/api/users/{user}

/api/users/{user}

put_user

Authorizations:

UserSecurity

path Parameters

| user required |

string

the user value

|

Request Body schema: multipart/form-data required

| action required |

string

the action value

|

Responses

200

200 response

put/api/users/{user}

/api/users/{user}

delete_user

Authorizations:

UserSecurity

path Parameters

| user required |

string

the user value

|

Responses

200

200 response

delete/api/users/{user}

/api/users/{user}

Org

List organizations with their feature toggles (GlobalAdmin)

Only the global admin can call this. Returns every organization with its identifying fields and the per-org feature toggles shown as columns in Admin Panel > People > Organizations.

Authorizations:

UserSecurity

Responses

200

200 response

get/api/admin/orgs

/api/admin/orgs

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"_id": "string",

"orgDisplayName": "string",

"orgShortName": "string",

"orgSharedTemplates": true,

"orgPropagateMembersToBoards": true,

"orgSyncMembersFromAuth": true

}

]`

Set feature toggles on one organization (GlobalAdmin)

Only the global admin can call this. The request body may contain any of orgSharedTemplates, orgPropagateMembersToBoards and orgSyncMembersFromAuth (booleans); only those whitelisted fields are $set on the organization. Returns the updated organization.

Authorizations:

UserSecurity

path Parameters

| org required |

string

the ID of the organization

|

Responses

200

200 response

put/api/admin/orgs/{org}/features

/api/admin/orgs/{org}/features

Response samples

  • 200

Content type application/json

Copy

null

Set one feature toggle on all organizations (GlobalAdmin)

Only the global admin can call this. The request body is { field, value } where field is one of orgSharedTemplates, orgPropagateMembersToBoards or orgSyncMembersFromAuth and value is a boolean. The field is $set on ALL organizations. Returns the number of organizations updated.

Authorizations:

UserSecurity

Responses

200

200 response

put/api/admin/orgs/features

/api/admin/orgs/features

Response samples

  • 200

Content type application/json

Copy

`{ "updated": 0

}`

Organizations

List organizations with their feature toggles (GlobalAdmin)

Only the global admin can call this. Returns every organization with its identifying fields and the per-org feature toggles shown as columns in Admin Panel > People > Organizations.

Authorizations:

UserSecurity

Responses

200

200 response

get/api/admin/orgs

/api/admin/orgs

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"_id": "string",

"orgDisplayName": "string",

"orgShortName": "string",

"orgSharedTemplates": true,

"orgPropagateMembersToBoards": true,

"orgSyncMembersFromAuth": true

}

]`

Set feature toggles on one organization (GlobalAdmin)

Only the global admin can call this. The request body may contain any of orgSharedTemplates, orgPropagateMembersToBoards and orgSyncMembersFromAuth (booleans); only those whitelisted fields are $set on the organization. Returns the updated organization.

Authorizations:

UserSecurity

path Parameters

| org required |

string

the ID of the organization

|

Responses

200

200 response

put/api/admin/orgs/{org}/features

/api/admin/orgs/{org}/features

Response samples

  • 200

Content type application/json

Copy

null

Set one feature toggle on all organizations (GlobalAdmin)

Only the global admin can call this. The request body is { field, value } where field is one of orgSharedTemplates, orgPropagateMembersToBoards or orgSyncMembersFromAuth and value is a boolean. The field is $set on ALL organizations. Returns the number of organizations updated.

Authorizations:

UserSecurity

Responses

200

200 response

put/api/admin/orgs/features

/api/admin/orgs/features

Response samples

  • 200

Content type application/json

Copy

`{ "updated": 0

}`

Team

List teams with their feature toggles (GlobalAdmin)

Only the global admin can call this. Returns every team with its identifying fields and the per-team feature toggles shown as columns in Admin Panel > People > Teams.

Authorizations:

UserSecurity

Responses

200

200 response

get/api/admin/teams

/api/admin/teams

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"_id": "string",

"teamDisplayName": "string",

"teamShortName": "string",

"teamSharedTemplates": true,

"teamPropagateMembersToBoards": true,

"teamSyncMembersFromAuth": true

}

]`

Set feature toggles on one team (GlobalAdmin)

Only the global admin can call this. The request body may contain any of teamSharedTemplates, teamPropagateMembersToBoards and teamSyncMembersFromAuth (booleans); only those whitelisted fields are $set on the team. Returns the updated team.

Authorizations:

UserSecurity

path Parameters

| team required |

string

the ID of the team

|

Responses

200

200 response

put/api/admin/teams/{team}/features

/api/admin/teams/{team}/features

Response samples

  • 200

Content type application/json

Copy

null

Set one feature toggle on all teams (GlobalAdmin)

Only the global admin can call this. The request body is { field, value } where field is one of teamSharedTemplates, teamPropagateMembersToBoards or teamSyncMembersFromAuth and value is a boolean. The field is $set on ALL teams. Returns the number of teams updated.

Authorizations:

UserSecurity

Responses

200

200 response

put/api/admin/teams/features

/api/admin/teams/features

Response samples

  • 200

Content type application/json

Copy

`{ "updated": 0

}`

Teams

List teams with their feature toggles (GlobalAdmin)

Only the global admin can call this. Returns every team with its identifying fields and the per-team feature toggles shown as columns in Admin Panel > People > Teams.

Authorizations:

UserSecurity

Responses

200

200 response

get/api/admin/teams

/api/admin/teams

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"_id": "string",

"teamDisplayName": "string",

"teamShortName": "string",

"teamSharedTemplates": true,

"teamPropagateMembersToBoards": true,

"teamSyncMembersFromAuth": true

}

]`

Set feature toggles on one team (GlobalAdmin)

Only the global admin can call this. The request body may contain any of teamSharedTemplates, teamPropagateMembersToBoards and teamSyncMembersFromAuth (booleans); only those whitelisted fields are $set on the team. Returns the updated team.

Authorizations:

UserSecurity

path Parameters

| team required |

string

the ID of the team

|

Responses

200

200 response

put/api/admin/teams/{team}/features

/api/admin/teams/{team}/features

Response samples

  • 200

Content type application/json

Copy

null

Set one feature toggle on all teams (GlobalAdmin)

Only the global admin can call this. The request body is { field, value } where field is one of teamSharedTemplates, teamPropagateMembersToBoards or teamSyncMembersFromAuth and value is a boolean. The field is $set on ALL teams. Returns the number of teams updated.

Authorizations:

UserSecurity

Responses

200

200 response

put/api/admin/teams/features

/api/admin/teams/features

Response samples

  • 200

Content type application/json

Copy

`{ "updated": 0

}`

Boards

get_boards

Authorizations:

UserSecurity

Responses

200

200 response

get/api/boards

/api/boards

post_boards

Authorizations:

UserSecurity

Responses

200

200 response

post/api/boards

/api/boards

get_board

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

get/api/boards/{board}

/api/boards/{board}

delete_board

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

delete/api/boards/{board}

/api/boards/{board}

get_board_attachments

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

get/api/boards/{board}/attachments

/api/boards/{board}/attachments

This route is used to export a attachement to a json file format.

If user is already logged-in, pass loginToken as param "authToken": '/api/boards/:boardId/attachments/:attachmentId/export?authToken=:token'

Authorizations:

UserSecurity

path Parameters

| board required |

string

the ID of the board we are exporting

| | attachment required |

string

the ID of the attachment we are exporting

|

Responses

200

200 response

get/api/boards/{board}/attachments/{attachment}/export

/api/boards/{board}/attachments/{attachment}/export

get_board_cardSettings

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

get/api/boards/{board}/cardSettings

/api/boards/{board}/cardSettings

put_board_cardSettings

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Request Body schema: multipart/form-data required

| key required |

string

the key value

|

Responses

200

200 response

put/api/boards/{board}/cardSettings

/api/boards/{board}/cardSettings

post_board_copy

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Request Body schema: multipart/form-data required

| title required |

string

the title value

|

Responses

200

200 response

post/api/boards/{board}/copy

/api/boards/{board}/copy

Get the email domains a board is shared with

#5850: returns the domains array of a board. Each entry is an object { domain: "example.com", isActive: true }. Anyone able to read the board may list its domains. Requires the caller to be authenticated.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

|

Responses

200

200 response

get/api/boards/{board}/domains

/api/boards/{board}/domains

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"domain": "string",

"isActive": true

}

]`

Get the email domains a board is shared with

#5850: returns the domains array of a board. Each entry is an object { domain: "example.com", isActive: true }. Anyone able to read the board may list its domains. Requires the caller to be authenticated.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

|

Responses

200

200 response

get/api/boards/{board}/domains

/api/boards/{board}/domains

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"domain": "string",

"isActive": true

}

]`

Share a board with an email domain

#5850: add a single email domain to a board's domains array with isActive: true, leaving any existing domains in place. The domain is trimmed and lowercased and must look like a domain (contain a '.', no '@' and no whitespace); it is added only if not already present. Requires the caller to be a board admin (or site admin). Returns the updated domains array.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

|

Request Body schema: multipart/form-data required

| domain required |

string

the email domain to add, e.g. "example.com"

|

Responses

200

200 response

post/api/boards/{board}/domains

/api/boards/{board}/domains

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"domain": "string",

"isActive": true

}

]`

Share a board with an email domain

#5850: add a single email domain to a board's domains array with isActive: true, leaving any existing domains in place. The domain is trimmed and lowercased and must look like a domain (contain a '.', no '@' and no whitespace); it is added only if not already present. Requires the caller to be a board admin (or site admin). Returns the updated domains array.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

|

Request Body schema: multipart/form-data required

| domain required |

string

the email domain to add, e.g. "example.com"

|

Responses

200

200 response

post/api/boards/{board}/domains

/api/boards/{board}/domains

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"domain": "string",

"isActive": true

}

]`

Stop sharing a board with an email domain

#5850: remove a single email domain from a board's domains array. The domain in the path is trimmed and lowercased before matching. Requires the caller to be a board admin (or site admin). Returns the updated domains array.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

| | domain required |

string

the email domain to remove, e.g. "example.com"

|

Responses

200

200 response

delete/api/boards/{board}/domains/{domain}

/api/boards/{board}/domains/{domain}

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"domain": "string",

"isActive": true

}

]`

Stop sharing a board with an email domain

#5850: remove a single email domain from a board's domains array. The domain in the path is trimmed and lowercased before matching. Requires the caller to be a board admin (or site admin). Returns the updated domains array.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

| | domain required |

string

the email domain to remove, e.g. "example.com"

|

Responses

200

200 response

delete/api/boards/{board}/domains/{domain}

/api/boards/{board}/domains/{domain}

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"domain": "string",

"isActive": true

}

]`

This route is used to export the board to a json file format.

If user is already logged-in, pass loginToken as param "authToken": '/api/boards/:boardId/export?authToken=:token'

See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/ for detailed explanations

Authorizations:

UserSecurity

path Parameters

| board required |

string

the ID of the board we are exporting

|

Responses

200

200 response

get/api/boards/{board}/export

/api/boards/{board}/export

Export the board as a NextCloud Deck / OpenProject / GitHub / GitLab / Gitea / Forgejo style JSON.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the ID of the board we are exporting

| | format required |

string

the format value

|

Responses

200

200 response

get/api/boards/{board}/export/{format}

/api/boards/{board}/export/{format}

This route is used to export the board to a CSV or TSV file format.

If user is already logged-in, pass loginToken as param

See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/ for detailed explanations

Authorizations:

UserSecurity

path Parameters

| board required |

string

the ID of the board we are exporting

|

Responses

200

200 response

get/api/boards/{board}/export/csv

/api/boards/{board}/export/csv

Export the board as a Kanboard-style JSON (columns + tasks).

Pass the loginToken as the authToken query param for private boards: /api/boards/:boardId/export/kanboard?authToken=:token.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the ID of the board we are exporting

|

Responses

200

200 response

get/api/boards/{board}/export/kanboard

/api/boards/{board}/export/kanboard

This route is used to export the board Excel.

If user is already logged-in, pass loginToken as param "authToken": '/api/boards/:boardId/exportExcel?authToken=:token'

See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/ for detailed explanations

Authorizations:

UserSecurity

path Parameters

| board required |

string

the ID of the board we are exporting

|

Responses

200

200 response

get/api/boards/{board}/exportExcel

/api/boards/{board}/exportExcel

Export a whole board to PDF (board title, lists and their cards).

Pass the loginToken as the authToken query param for private boards: /api/boards/:boardId/exportPDF?authToken=:token.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the ID of the board to export

|

Responses

200

200 response

get/api/boards/{board}/exportPDF

/api/boards/{board}/exportPDF

put_board_labels

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

put/api/boards/{board}/labels

/api/boards/{board}/labels

This route is used to export the board Excel.

If user is already logged-in, pass loginToken as param "authToken": '/api/boards/:boardId/exportExcel?authToken=:token'

See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/ for detailed explanations

Authorizations:

UserSecurity

path Parameters

| board required |

string

the ID of the board we are exporting

| | list required |

string

the list value

| | card required |

string

the card value

|

Responses

200

200 response

get/api/boards/{board}/lists/{list}/cards/{card}/exportPDF

/api/boards/{board}/lists/{list}/cards/{card}/exportPDF

post_board_member

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | member required |

string

the member value

|

Request Body schema: multipart/form-data required

| role required |

string

the role value

|

Responses

200

200 response

post/api/boards/{board}/members/{member}

/api/boards/{board}/members/{member}

put_board_title

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Request Body schema: multipart/form-data required

| title required |

string

the title value

|

Responses

200

200 response

put/api/boards/{board}/title

/api/boards/{board}/title

Import a whole board (with its lists, cards, swimlanes, custom fields and automation rules) from a WeKan board export

Accepts a WeKan board export JSON (the body returned by GET /api/boards/:boardId/export) and recreates the board — including its rules / triggers / actions (workflows) and other data — in the authenticated user's account. Combined with the export endpoint, this allows migrating all boards (and their workflows) from another WeKan instance over the REST API: list the remote boards, export each, then POST each here. An optional membersMapping ({ sourceUserId: localUserId }) maps members; unmapped members are simply not added.

Authorizations:

UserSecurity

Request Body schema: multipart/form-data required

| board required |

object

the WeKan board export object

| | membersMapping |

object

map of source user id -> local user id

|

Responses

200

200 response

post/api/boards/import

/api/boards/import

Response samples

  • 200

Content type application/json

Copy

`{ "_id": "string"

}`

Import a whole board (with its lists, cards, swimlanes, custom fields and automation rules) from a WeKan board export

Accepts a WeKan board export JSON (the body returned by GET /api/boards/:boardId/export) and recreates the board — including its rules / triggers / actions (workflows) and other data — in the authenticated user's account. Combined with the export endpoint, this allows migrating all boards (and their workflows) from another WeKan instance over the REST API: list the remote boards, export each, then POST each here. An optional membersMapping ({ sourceUserId: localUserId }) maps members; unmapped members are simply not added.

Authorizations:

UserSecurity

Request Body schema: multipart/form-data required

| board required |

object

the WeKan board export object

| | membersMapping |

object

map of source user id -> local user id

|

Responses

200

200 response

post/api/boards/import

/api/boards/import

Response samples

  • 200

Content type application/json

Copy

`{ "_id": "string"

}`

Import a board from another tool's export

Generalized import: :source is one of trello, wekan, csv, jira, kanboard, excel, deck (NextCloud Deck), openproject, github, gitlab, gitea, forgejo, asana, zenkit. The request body is that tool's export JSON (sent directly, or wrapped as { "board": <export> }); an optional membersMapping maps members. Reuses the same import engine as the UI.

Authorizations:

UserSecurity

path Parameters

| source required |

string

the import source

|

Responses

200

200 response

post/api/boards/import/{source}

/api/boards/import/{source}

Response samples

  • 200

Content type application/json

Copy

`{ "_id": "string"

}`

Import a board from another tool's export

Generalized import: :source is one of trello, wekan, csv, jira, kanboard, excel, deck (NextCloud Deck), openproject, github, gitlab, gitea, forgejo, asana, zenkit. The request body is that tool's export JSON (sent directly, or wrapped as { "board": <export> }); an optional membersMapping maps members. Reuses the same import engine as the UI.

Authorizations:

UserSecurity

path Parameters

| source required |

string

the import source

|

Responses

200

200 response

post/api/boards/import/{source}

/api/boards/import/{source}

Response samples

  • 200

Content type application/json

Copy

`{ "_id": "string"

}`

get_boards_count

Authorizations:

UserSecurity

Responses

200

200 response

get/api/boards_count

/api/boards_count

get_user_boards

Authorizations:

UserSecurity

path Parameters

| user required |

string

the user value

|

Responses

200

200 response

get/api/users/{user}/boards

/api/users/{user}/boards

Get a board's card settings (display toggles + card aging)

Authorizations:

UserSecurity

path Parameters

| boardId required |

string

|

Responses

200

Card settings returned

401

Missing or invalid authentication

404

Board not found

get/api/boards/{boardId}/cardSettings

/api/boards/{boardId}/cardSettings

Update a board's card settings (display toggles + card aging)

Boolean keys (the allows* display toggles and cardAging) accept true/false. Numeric keys cardAgingDays1, cardAgingDays2, cardAgingDays3 set the three card-aging fade-tier day thresholds (default 7 / 14 / 28).

Authorizations:

UserSecurity

path Parameters

| boardId required |

string

|

Request Body schema: application/json required

| cardAging |

boolean

Enable visual card aging on the board

| | cardAgingDays1 |

integer

Idle days for the first (lightest) fade tier

| | cardAgingDays2 |

integer

Idle days for the second fade tier

| | cardAgingDays3 |

integer

Idle days for the third (heaviest) fade tier

|

Responses

200

Updated card settings returned

400

No recognized card settings in body

401

Missing or invalid authentication

404

Board not found

put/api/boards/{boardId}/cardSettings

/api/boards/{boardId}/cardSettings

Request samples

  • Payload

Content type application/json

Copy

`{

"cardAging": true,

"cardAgingDays1": 0,

"cardAgingDays2": 0,

"cardAgingDays3": 0

}`

Checklists

get_board_card_checklists

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | card required |

string

the card value

|

Responses

200

200 response

get/api/boards/{board}/cards/{card}/checklists

/api/boards/{board}/cards/{card}/checklists

post_board_card_checklists

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | card required |

string

the card value

|

Request Body schema: multipart/form-data required

| items required |

string

the items value

|

Responses

200

200 response

post/api/boards/{board}/cards/{card}/checklists

/api/boards/{board}/cards/{card}/checklists

get_board_card_checklist

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | card required |

string

the card value

| | checklist required |

string

the checklist value

|

Responses

200

200 response

get/api/boards/{board}/cards/{card}/checklists/{checklist}

/api/boards/{board}/cards/{card}/checklists/{checklist}

delete_board_card_checklist

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | card required |

string

the card value

| | checklist required |

string

the checklist value

|

Responses

200

200 response

delete/api/boards/{board}/cards/{card}/checklists/{checklist}

/api/boards/{board}/cards/{card}/checklists/{checklist}

ChecklistItems

post_board_card_checklist_items

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | card required |

string

the card value

| | checklist required |

string

the checklist value

|

Responses

200

200 response

post/api/boards/{board}/cards/{card}/checklists/{checklist}/items

/api/boards/{board}/cards/{card}/checklists/{checklist}/items

get_board_card_checklist_item

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | card required |

string

the card value

| | checklist required |

string

the checklist value

| | item required |

string

the item value

|

Responses

200

200 response

get/api/boards/{board}/cards/{card}/checklists/{checklist}/items/{item}

/api/boards/{board}/cards/{card}/checklists/{checklist}/items/{item}

put_board_card_checklist_item

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | card required |

string

the card value

| | checklist required |

string

the checklist value

| | item required |

string

the item value

|

Responses

200

200 response

put/api/boards/{board}/cards/{card}/checklists/{checklist}/items/{item}

/api/boards/{board}/cards/{card}/checklists/{checklist}/items/{item}

delete_board_card_checklist_item

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | card required |

string

the card value

| | checklist required |

string

the checklist value

| | item required |

string

the item value

|

Responses

200

200 response

delete/api/boards/{board}/cards/{card}/checklists/{checklist}/items/{item}

/api/boards/{board}/cards/{card}/checklists/{checklist}/items/{item}

CardComments

get_board_card_comments

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | card required |

string

the card value

|

Responses

200

200 response

get/api/boards/{board}/cards/{card}/comments

/api/boards/{board}/cards/{card}/comments

post_board_card_comments

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | card required |

string

the card value

|

Responses

200

200 response

post/api/boards/{board}/cards/{card}/comments

/api/boards/{board}/cards/{card}/comments

get_board_card_comment

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | card required |

string

the card value

| | comment required |

string

the comment value

|

Responses

200

200 response

get/api/boards/{board}/cards/{card}/comments/{comment}

/api/boards/{board}/cards/{card}/comments/{comment}

delete_board_card_comment

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | card required |

string

the card value

| | comment required |

string

the comment value

|

Responses

200

200 response

delete/api/boards/{board}/cards/{card}/comments/{comment}

/api/boards/{board}/cards/{card}/comments/{comment}

Dependencies

Get one card's dependencies

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

| | card required |

string

the card ID

|

Responses

200

200 response

get/api/boards/{board}/cards/{card}/dependencies

/api/boards/{board}/cards/{card}/dependencies

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"cardId": "string",

"type": "string",

"color": "string",

"icon": "string"

}

]`

Add (or update) a typed dependency line from a card to another card

The target card must be on the same board. If the dependency already exists, its type/color/icon are updated.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

| | card required |

string

the source card ID

|

Request Body schema: multipart/form-data required

| cardId required |

string

the source card ID

| | dependsOn required |

string

the dependsOn value

| | type |

string

relation type: related-to | blocks | is-blocked-by | fixes | is-fixed-by

| | color |

string

line/badge color, any CSS color e.g. "#eb144c"

| | icon |

string

FontAwesome icon name without the "fa-" prefix

|

Responses

200

200 response

post/api/boards/{board}/cards/{card}/dependencies

/api/boards/{board}/cards/{card}/dependencies

Response samples

  • 200

Content type application/json

Copy

`{

"_id": "string",

"cardId": "string",

"type": "string",

"color": "string",

"icon": "string"

}`

Edit a dependency line's type, color or icon

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

| | card required |

string

the source card ID

| | target required |

string

the target card ID of the dependency

|

Request Body schema: multipart/form-data

| type |

string

relation type: related-to | blocks | is-blocked-by | fixes | is-fixed-by

| | key required |

string

the key value

|

Responses

200

200 response

put/api/boards/{board}/cards/{card}/dependencies/{target}

/api/boards/{board}/cards/{card}/dependencies/{target}

Response samples

  • 200

Content type application/json

Copy

`{ "_id": "string"

}`

Remove a dependency line from a card

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

| | card required |

string

the source card ID

| | target required |

string

the target card ID of the dependency to remove

|

Responses

200

200 response

delete/api/boards/{board}/cards/{card}/dependencies/{target}

/api/boards/{board}/cards/{card}/dependencies/{target}

Response samples

  • 200

Content type application/json

Copy

`{ "_id": "string"

}`

Get all card dependency lines ("Red Strings") of a board

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

|

Responses

200

200 response

get/api/boards/{board}/dependencies

/api/boards/{board}/dependencies

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"from": "string",

"fromTitle": "string",

"fromCardNumber": 0,

"to": "string",

"toTitle": "string",

"toCardNumber": 0,

"type": "string",

"color": "string",

"icon": "string"

}

]`

Cards

delete_board_cards_bulk

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

delete/api/boards/{board}/cards/bulk

/api/boards/{board}/cards/bulk

post_board_cards_labels

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Request Body schema: multipart/form-data required

| cardIds required |

string

the cardIds value

|

Responses

200

200 response

post/api/boards/{board}/cards/labels

/api/boards/{board}/cards/labels

get_board_customFieldValue

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | customField required |

string

the customField value

| | customFieldValue required |

string

the customFieldValue value

|

Responses

200

200 response

get/api/boards/{board}/cardsByCustomField/{customField}/{customFieldValue}

/api/boards/{board}/cardsByCustomField/{customField}/{customFieldValue}

get_board_cards_count

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

get/api/boards/{board}/cards_count

/api/boards/{board}/cards_count

get_board_list_cards

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

|

Responses

200

200 response

get/api/boards/{board}/lists/{list}/cards

/api/boards/{board}/lists/{list}/cards

post_board_list_cards

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

|

Request Body schema: multipart/form-data required

| linkedId required |

string

the linkedId value

| | dateField required |

string

the dateField value

|

Responses

200

200 response

post/api/boards/{board}/lists/{list}/cards

/api/boards/{board}/lists/{list}/cards

get_board_list_card

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

| | card required |

string

the card value

|

Responses

200

200 response

get/api/boards/{board}/lists/{list}/cards/{card}

/api/boards/{board}/lists/{list}/cards/{card}

put_board_list_card

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

| | card required |

string

the card value

|

Request Body schema: multipart/form-data required

| title required |

string

the title value

| | sort required |

string

the sort value

| | parentId required |

string

the parentId value

| | description required |

string

the description value

| | color required |

string

the color value

| | vote required |

string

the vote value

| | poker required |

string

the poker value

| | labelIds required |

string

the labelIds value

| | requestedBy required |

string

the requestedBy value

| | assignedBy required |

string

the assignedBy value

| | spentTime required |

string

the spentTime value

| | isOverTime required |

string

the isOverTime value

| | customFields required |

string

the customFields value

| | members required |

string

the members value

| | assignees required |

string

the assignees value

| | stickers required |

string

the stickers value

| | locations required |

string

the locations value

|

Responses

200

200 response

put/api/boards/{board}/lists/{list}/cards/{card}

/api/boards/{board}/lists/{list}/cards/{card}

delete_board_list_card

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

| | card required |

string

the card value

|

Responses

200

200 response

delete/api/boards/{board}/lists/{list}/cards/{card}

/api/boards/{board}/lists/{list}/cards/{card}

post_board_list_card_archive

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

| | card required |

string

the card value

|

Responses

200

200 response

post/api/boards/{board}/lists/{list}/cards/{card}/archive

/api/boards/{board}/lists/{list}/cards/{card}/archive

post_board_list_card_assignee

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

| | card required |

string

the card value

| | assignee required |

string

the assignee value

|

Responses

200

200 response

post/api/boards/{board}/lists/{list}/cards/{card}/assignees/{assignee}

/api/boards/{board}/lists/{list}/cards/{card}/assignees/{assignee}

delete_board_list_card_assignee

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

| | card required |

string

the card value

| | assignee required |

string

the assignee value

|

Responses

200

200 response

delete/api/boards/{board}/lists/{list}/cards/{card}/assignees/{assignee}

/api/boards/{board}/lists/{list}/cards/{card}/assignees/{assignee}

post_board_list_card_copy

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

| | card required |

string

the card value

|

Request Body schema: multipart/form-data required

| toBoardId required |

string

the toBoardId value

| | toSwimlaneId required |

string

the toSwimlaneId value

| | toListId required |

string

the toListId value

| | position required |

string

the position value

|

Responses

200

200 response

post/api/boards/{board}/lists/{list}/cards/{card}/copy

/api/boards/{board}/lists/{list}/cards/{card}/copy

post_board_list_card_customField

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

| | card required |

string

the card value

| | customField required |

string

the customField value

|

Request Body schema: multipart/form-data required

| value required |

string

the value value

|

Responses

200

200 response

post/api/boards/{board}/lists/{list}/cards/{card}/customFields/{customField}

/api/boards/{board}/lists/{list}/cards/{card}/customFields/{customField}

Export a single card to Excel (.xlsx), formatted for DIN A4 Portrait printing.

If user is already logged-in, pass loginToken as param "authToken": '/api/boards/:boardId/lists/:listId/cards/:cardId/exportExcel?authToken=:token'

Optional query param "fields" is a comma-separated list of sections to include. Valid values: people, board-info, dates, description, checklists, subtasks, comments Omitting "fields" includes all sections.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the ID of the board

| | list required |

string

the ID of the list

| | card required |

string

the ID of the card to export

|

Responses

200

200 response

get/api/boards/{board}/lists/{list}/cards/{card}/exportExcel

/api/boards/{board}/lists/{list}/cards/{card}/exportExcel

post_board_list_card_member

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

| | card required |

string

the card value

| | member required |

string

the member value

|

Responses

200

200 response

post/api/boards/{board}/lists/{list}/cards/{card}/members/{member}

/api/boards/{board}/lists/{list}/cards/{card}/members/{member}

delete_board_list_card_member

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

| | card required |

string

the card value

| | member required |

string

the member value

|

Responses

200

200 response

delete/api/boards/{board}/lists/{list}/cards/{card}/members/{member}

/api/boards/{board}/lists/{list}/cards/{card}/members/{member}

post_board_list_card_unarchive

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

| | card required |

string

the card value

|

Responses

200

200 response

post/api/boards/{board}/lists/{list}/cards/{card}/unarchive

/api/boards/{board}/lists/{list}/cards/{card}/unarchive

post_board_list_cards_bulk

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

|

Request Body schema: multipart/form-data required

| cards required |

string

the cards value

|

Responses

200

200 response

post/api/boards/{board}/lists/{list}/cards/bulk

/api/boards/{board}/lists/{list}/cards/bulk

get_board_list_cards_count

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

|

Responses

200

200 response

get/api/boards/{board}/lists/{list}/cards_count

/api/boards/{board}/lists/{list}/cards_count

get_board_swimlane_cards

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | swimlane required |

string

the swimlane value

|

Responses

200

200 response

get/api/boards/{board}/swimlanes/{swimlane}/cards

/api/boards/{board}/swimlanes/{swimlane}/cards

get_card

Authorizations:

UserSecurity

path Parameters

| card required |

string

the card value

|

Responses

200

200 response

get/api/cards/{card}

/api/cards/{card}

get_user_cards

Authorizations:

UserSecurity

Responses

200

200 response

get/api/user/cards

/api/user/cards

Import an iCalendar (.ics) file into a board as cards

Parses the supplied iCalendar text and creates one card per VEVENT on the given board / list / swimlane, populating each card's startAt (DTSTART) and dueAt (DTEND, or DTSTART when there is no DTEND) so the imported events appear on the Calendar and Gantt views.

Permissions: requires a valid auth token and write access to the board (read-only / comment-only / worker members are rejected; site admins are allowed).

Authorizations:

UserSecurity

path Parameters

| boardId required |

string

the board ID

| | swimlaneId required |

string

the swimlane ID the cards are created in

| | listId required |

string

the list ID the cards are created in

|

Request Body schema: application/json required

| ics required |

string

the raw .ics (iCalendar) file contents

|

Responses

200

Import succeeded. Returns the number of cards created and their ids, e.g. { "created": 3, "cardIds": ["abc", "def", "ghi"] }.

400

Missing or empty ics body field

401

Missing or invalid authentication, or no write access to the board

404

Board, list or swimlane not found

post/api/boards/{boardId}/swimlanes/{swimlaneId}/lists/{listId}/ics

/api/boards/{boardId}/swimlanes/{swimlaneId}/lists/{listId}/ics

Request samples

  • Payload

Content type application/json

Copy

`{ "ics": "string"

}`

CustomFields

get_board_custom-fields

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

get/api/boards/{board}/custom-fields

/api/boards/{board}/custom-fields

post_board_custom-fields

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

post/api/boards/{board}/custom-fields

/api/boards/{board}/custom-fields

get_board_customField

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | customField required |

string

the customField value

|

Responses

200

200 response

get/api/boards/{board}/custom-fields/{customField}

/api/boards/{board}/custom-fields/{customField}

put_board_customField

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | customField required |

string

the customField value

|

Responses

200

200 response

put/api/boards/{board}/custom-fields/{customField}

/api/boards/{board}/custom-fields/{customField}

delete_board_customField

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | customField required |

string

the customField value

|

Responses

200

200 response

delete/api/boards/{board}/custom-fields/{customField}

/api/boards/{board}/custom-fields/{customField}

post_board_customField_dropdown-items

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | customField required |

string

the customField value

|

Request Body schema: multipart/form-data required

| items required |

string

the items value

|

Responses

200

200 response

post/api/boards/{board}/custom-fields/{customField}/dropdown-items

/api/boards/{board}/custom-fields/{customField}/dropdown-items

put_board_customField_dropdownItem

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | customField required |

string

the customField value

| | dropdownItem required |

string

the dropdownItem value

|

Request Body schema: multipart/form-data required

| name required |

string

the name value

|

Responses

200

200 response

put/api/boards/{board}/custom-fields/{customField}/dropdown-items/{dropdownItem}

/api/boards/{board}/custom-fields/{customField}/dropdown-items/{dropdownItem}

delete_board_customField_dropdownItem

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | customField required |

string

the customField value

| | dropdownItem required |

string

the dropdownItem value

|

Responses

200

200 response

delete/api/boards/{board}/custom-fields/{customField}/dropdown-items/{dropdownItem}

/api/boards/{board}/custom-fields/{customField}/dropdown-items/{dropdownItem}

get_board_integrations

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

get/api/boards/{board}/integrations

/api/boards/{board}/integrations

post_board_integrations

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

post/api/boards/{board}/integrations

/api/boards/{board}/integrations

get_board_int

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | int required |

string

the int value

|

Responses

200

200 response

get/api/boards/{board}/integrations/{int}

/api/boards/{board}/integrations/{int}

put_board_int

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | int required |

string

the int value

|

Responses

200

200 response

put/api/boards/{board}/integrations/{int}

/api/boards/{board}/integrations/{int}

delete_board_int

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | int required |

string

the int value

|

Responses

200

200 response

delete/api/boards/{board}/integrations/{int}

/api/boards/{board}/integrations/{int}

delete_board_int_activities

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | int required |

string

the int value

|

Responses

200

200 response

delete/api/boards/{board}/integrations/{int}/activities

/api/boards/{board}/integrations/{int}/activities

post_board_int_activities

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | int required |

string

the int value

|

Request Body schema: multipart/form-data required

| activities required |

string

the activities value

|

Responses

200

200 response

post/api/boards/{board}/integrations/{int}/activities

/api/boards/{board}/integrations/{int}/activities

Lists

get_board_lists

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

get/api/boards/{board}/lists

/api/boards/{board}/lists

post_board_lists

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

post/api/boards/{board}/lists

/api/boards/{board}/lists

get_board_list

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

|

Responses

200

200 response

get/api/boards/{board}/lists/{list}

/api/boards/{board}/lists/{list}

put_board_list

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

|

Responses

200

200 response

put/api/boards/{board}/lists/{list}

/api/boards/{board}/lists/{list}

delete_board_list

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

|

Responses

200

200 response

delete/api/boards/{board}/lists/{list}

/api/boards/{board}/lists/{list}

post_board_list_copy

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

|

Request Body schema: multipart/form-data required

| toBoardId required |

string

the toBoardId value

|

Responses

200

200 response

post/api/boards/{board}/lists/{list}/copy

/api/boards/{board}/lists/{list}/copy

post_board_list_move

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | list required |

string

the list value

|

Request Body schema: multipart/form-data required

| toBoardId required |

string

the toBoardId value

| | toSwimlaneId required |

string

the toSwimlaneId value

|

Responses

200

200 response

post/api/boards/{board}/lists/{list}/move

/api/boards/{board}/lists/{list}/move

Rules

Get the list of automation rules of a board

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

|

Responses

200

200 response

get/api/boards/{board}/rules

/api/boards/{board}/rules

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"_id": "string",

"title": "string",

"trigger": { },

"action": { }

}

]`

Get the list of automation rules of a board

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

|

Responses

200

200 response

get/api/boards/{board}/rules

/api/boards/{board}/rules

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`[ {

"_id": "string",

"title": "string",

"trigger": { },

"action": { }

}

]`

Add an automation rule to a board

The trigger and action are embedded inline. See the Rules documentation for the available trigger activityTypes and action actionTypes.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

|

Request Body schema: multipart/form-data required

| title required |

string

the rule title

| | trigger required |

object

the trigger document (must include activityType)

| | action required |

object

the action document (must include actionType)

|

Responses

200

200 response

post/api/boards/{board}/rules

/api/boards/{board}/rules

Response samples

  • 200

Content type application/json

Copy

`{

"_id": "string",

"triggerId": "string",

"actionId": "string"

}`

Add an automation rule to a board

The trigger and action are embedded inline. See the Rules documentation for the available trigger activityTypes and action actionTypes.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

|

Request Body schema: multipart/form-data required

| title required |

string

the rule title

| | trigger required |

object

the trigger document (must include activityType)

| | action required |

object

the action document (must include actionType)

|

Responses

200

200 response

post/api/boards/{board}/rules

/api/boards/{board}/rules

Response samples

  • 200

Content type application/json

Copy

`{

"_id": "string",

"triggerId": "string",

"actionId": "string"

}`

Get a single automation rule

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

| | rule required |

string

the rule ID

|

Responses

200

200 response

get/api/boards/{board}/rules/{rule}

/api/boards/{board}/rules/{rule}

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`{

"_id": "string",

"title": "string",

"trigger": { },

"action": { }

}`

Get a single automation rule

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

| | rule required |

string

the rule ID

|

Responses

200

200 response

get/api/boards/{board}/rules/{rule}

/api/boards/{board}/rules/{rule}

Response samples

  • 200

Content type application/json

Copy Expand all Collapse all

`{

"_id": "string",

"title": "string",

"trigger": { },

"action": { }

}`

Edit an automation rule

Any of title, trigger and action may be supplied; the trigger and action documents are replaced ($set) when present.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

| | rule required |

string

the rule ID

|

Request Body schema: multipart/form-data

| title |

string

the new rule title

| | trigger |

object

the new trigger document

| | action |

object

the new action document

|

Responses

200

200 response

put/api/boards/{board}/rules/{rule}

/api/boards/{board}/rules/{rule}

Response samples

  • 200

Content type application/json

Copy

`{ "_id": "string"

}`

Edit an automation rule

Any of title, trigger and action may be supplied; the trigger and action documents are replaced ($set) when present.

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

| | rule required |

string

the rule ID

|

Request Body schema: multipart/form-data

| title |

string

the new rule title

| | trigger |

object

the new trigger document

| | action |

object

the new action document

|

Responses

200

200 response

put/api/boards/{board}/rules/{rule}

/api/boards/{board}/rules/{rule}

Response samples

  • 200

Content type application/json

Copy

`{ "_id": "string"

}`

Remove an automation rule (and its trigger and action)

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

| | rule required |

string

the rule ID

|

Responses

200

200 response

delete/api/boards/{board}/rules/{rule}

/api/boards/{board}/rules/{rule}

Response samples

  • 200

Content type application/json

Copy

`{ "_id": "string"

}`

Remove an automation rule (and its trigger and action)

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board ID

| | rule required |

string

the rule ID

|

Responses

200

200 response

delete/api/boards/{board}/rules/{rule}

/api/boards/{board}/rules/{rule}

Response samples

  • 200

Content type application/json

Copy

`{ "_id": "string"

}`

Swimlanes

get_board_swimlanes

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

get/api/boards/{board}/swimlanes

/api/boards/{board}/swimlanes

post_board_swimlanes

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

|

Responses

200

200 response

post/api/boards/{board}/swimlanes

/api/boards/{board}/swimlanes

get_board_swimlane

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | swimlane required |

string

the swimlane value

|

Responses

200

200 response

get/api/boards/{board}/swimlanes/{swimlane}

/api/boards/{board}/swimlanes/{swimlane}

put_board_swimlane

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | swimlane required |

string

the swimlane value

|

Responses

200

200 response

put/api/boards/{board}/swimlanes/{swimlane}

/api/boards/{board}/swimlanes/{swimlane}

delete_board_swimlane

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | swimlane required |

string

the swimlane value

|

Responses

200

200 response

delete/api/boards/{board}/swimlanes/{swimlane}

/api/boards/{board}/swimlanes/{swimlane}

post_board_swimlane_copy

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | swimlane required |

string

the swimlane value

|

Request Body schema: multipart/form-data required

| toBoardId required |

string

the toBoardId value

|

Responses

200

200 response

post/api/boards/{board}/swimlanes/{swimlane}/copy

/api/boards/{board}/swimlanes/{swimlane}/copy

post_board_swimlane_move

Authorizations:

UserSecurity

path Parameters

| board required |

string

the board value

| | swimlane required |

string

the swimlane value

|

Request Body schema: multipart/form-data required

| toBoardId required |

string

the toBoardId value

|

Responses

200

200 response

post/api/boards/{board}/swimlanes/{swimlane}/move

/api/boards/{board}/swimlanes/{swimlane}/move

Attachments

Upload a file as a card attachment

Upload a file to a card. The file content is sent base64-encoded in the JSON body. The maximum size is bounded by the admin Attachment Storage Settings (apiUploadMaxBytes) and a hard server safety cap (64 MB).

Permissions: requires a valid auth token, write access to the target board (read-only / comment-only / worker members are rejected), and the board must allow attachments.

Authorizations:

UserSecurity

Request Body schema: application/json required

| boardId required |

string

ID of the board the card belongs to

| | swimlaneId required |

string

ID of the card's swimlane (must match the card)

| | listId required |

string

ID of the card's list (must match the card)

| | cardId required |

string

ID of the card to attach the file to

| | fileName required |

string

Name to store the file under

| | fileType |

string

MIME type of the file (optional)

| | fileData required |

string

Base64-encoded file contents

|

Responses

200

Attachment uploaded successfully

400

Missing/invalid parameters or card/board/list/swimlane mismatch

401

Missing or invalid authentication

403

Uploads disabled, not a board member, or attachments not allowed on this board

404

Card or board not found

413

Attachment exceeds the API upload limit

post/api/attachment/upload

/api/attachment/upload

Request samples

  • Payload

Content type application/json

Copy

`{

"boardId": "string",

"swimlaneId": "string",

"listId": "string",

"cardId": "string",

"fileName": "string",

"fileType": "string",

"fileData": "string"

}`

Upload a board background image

Upload an image and set it as the board's active background. The file content is sent base64-encoded in the JSON body and stored using the current Admin Panel / Attachments / Default Storage backend (the same storage used by card attachment uploads). Board-admin is required.

Authorizations:

UserSecurity

Request Body schema: application/json required

| boardId required |

string

ID of the board

| | fileName required |

string

Name to store the image under

| | fileType |

string

MIME type of the image (optional, defaults to image/png)

| | fileData required |

string

Base64-encoded image contents

|

Responses

200

Background uploaded and set as the board background

400

Missing or invalid parameters

401

Missing or invalid authentication

403

Uploads disabled or caller is not a board admin

404

Board not found

413

Background exceeds the API upload limit

post/api/attachment/upload-background

/api/attachment/upload-background

Request samples

  • Payload

Content type application/json

Copy

`{

"boardId": "string",

"fileName": "string",

"fileType": "string",

"fileData": "string"

}`

Download the board's current background image as base64

Returns the board's active background image metadata together with the image bytes base64-encoded in base64Data. Requires board membership.

Authorizations:

UserSecurity

path Parameters

| boardId required |

string

ID of the board

|

Responses

200

Background image returned

401

Missing or invalid authentication

403

Downloads disabled or caller is not a board member

404

Board has no background, or board not found

413

Background exceeds the API download limit

get/api/attachment/download-background/{boardId}

/api/attachment/download-background/{boardId}

Download an attachment as base64

Returns the attachment metadata together with the file contents base64-encoded in base64Data. The maximum size is bounded by the admin Attachment Storage Settings (apiDownloadMaxBytes).

Permissions: requires active membership of the attachment's board.

Authorizations:

UserSecurity

path Parameters

| attachmentId required |

string

ID of the attachment to download

|

Responses

200

Attachment contents returned (base64Data)

401

Missing or invalid authentication

403

Downloads disabled, or not a member of the attachment's board

404

Attachment or stored file not found

413

Attachment exceeds the API download limit

get/api/attachment/download/{attachmentId}

/api/attachment/download/{attachmentId}

Get attachment metadata

Returns attachment metadata (name, size, type, storage backend, board / swimlane / list / card IDs and available versions) without the file contents.

Permissions: requires active membership of the attachment's board.

Authorizations:

UserSecurity

path Parameters

| attachmentId required |

string

ID of the attachment

|

Responses

200

Attachment metadata returned

401

Missing or invalid authentication

403

Not a member of the attachment's board

404

Attachment not found

get/api/attachment/info/{attachmentId}

/api/attachment/info/{attachmentId}

List all attachments of a board

List every attachment on a board. Use the swimlane / list / card variants of this path to narrow the result.

Permissions: requires active membership of the board.

Authorizations:

UserSecurity

path Parameters

| boardId required |

string

ID of the board

|

Responses

200

List of attachments with metadata

401

Missing or invalid authentication

403

Not a member of the board

get/api/attachment/list/{boardId}

/api/attachment/list/{boardId}

List attachments of a board filtered by swimlane

Authorizations:

UserSecurity

path Parameters

| boardId required |

string

| | swimlaneId required |

string

|

Responses

200

List of attachments with metadata

401

Missing or invalid authentication

403

Not a member of the board

get/api/attachment/list/{boardId}/{swimlaneId}

/api/attachment/list/{boardId}/{swimlaneId}

List attachments of a board filtered by swimlane and list

Authorizations:

UserSecurity

path Parameters

| boardId required |

string

| | swimlaneId required |

string

| | listId required |

string

|

Responses

200

List of attachments with metadata

401

Missing or invalid authentication

403

Not a member of the board

get/api/attachment/list/{boardId}/{swimlaneId}/{listId}

/api/attachment/list/{boardId}/{swimlaneId}/{listId}

List attachments of a single card

List attachments filtered down to one card. The card must belong to the given board.

Permissions: requires active membership of the board.

Authorizations:

UserSecurity

path Parameters

| boardId required |

string

| | swimlaneId required |

string

| | listId required |

string

| | cardId required |

string

|

Responses

200

List of attachments with metadata

401

Missing or invalid authentication

403

Not a member of the board

404

Card not found or does not belong to the board

get/api/attachment/list/{boardId}/{swimlaneId}/{listId}/{cardId}

/api/attachment/list/{boardId}/{swimlaneId}/{listId}/{cardId}

Copy an attachment to another card

Copy an existing attachment to a target card, creating a new attachment.

Permissions: requires membership of the source board (to read it) and write access to the target board, which must allow attachments. Honours the admin API upload limits.

Authorizations:

UserSecurity

Request Body schema: application/json required

| attachmentId required |

string

ID of the source attachment

| | targetBoardId required |

string

| | targetSwimlaneId required |

string

| | targetListId required |

string

| | targetCardId required |

string

|

Responses

200

Attachment copied (newAttachmentId returned)

400

Target card/board/list/swimlane mismatch

401

Missing or invalid authentication

403

Not a member of source or target board, or attachments not allowed

404

Source attachment, target card, or stored file not found

post/api/attachment/copy

/api/attachment/copy

Request samples

  • Payload

Content type application/json

Copy

`{

"attachmentId": "string",

"targetBoardId": "string",

"targetSwimlaneId": "string",

"targetListId": "string",

"targetCardId": "string"

}`

Move an attachment to another card

Move an existing attachment to a target card by updating its metadata.

Permissions: requires write access to both the source board (the attachment is removed from it) and the target board, which must allow attachments.

Authorizations:

UserSecurity

Request Body schema: application/json required

| attachmentId required |

string

ID of the attachment to move

| | targetBoardId required |

string

| | targetSwimlaneId required |

string

| | targetListId required |

string

| | targetCardId required |

string

|

Responses

200

Attachment moved

400

Target card/board/list/swimlane mismatch

401

Missing or invalid authentication

403

Not a member of source or target board, or attachments not allowed

404

Source attachment or target card not found

post/api/attachment/move

/api/attachment/move

Request samples

  • Payload

Content type application/json

Copy

`{

"attachmentId": "string",

"targetBoardId": "string",

"targetSwimlaneId": "string",

"targetListId": "string",

"targetCardId": "string"

}`

Delete an attachment

Delete an attachment.

Permissions: requires write access to the attachment's board (read-only / comment-only / worker members are rejected).

Authorizations:

UserSecurity

path Parameters

| attachmentId required |

string

ID of the attachment to delete

|

Responses

200

Attachment deleted

401

Missing or invalid authentication

403

Not a member of the attachment's board

404

Attachment not found

delete/api/attachment/delete/{attachmentId}

/api/attachment/delete/{attachmentId}