public/api/wekan.html
Production Security Concerns
Login
AttachmentStorageSettings
Settings
Users
Org
Organizations
Team
Teams
Boards
Checklists
ChecklistItems
CardComments
Dependencies
Cards
CustomFields
getget_board_integrations
postpost_board_integrations
getget_board_int
putput_board_int
deldelete_board_int
deldelete_board_int_activities
postpost_board_int_activities
Lists
Rules
Swimlanes
Attachments
Download OpenAPI specification:
The REST API allows you to control and extend Wekan with ease.
If you are an end-user and not a dev or a tester, create an issue to request new APIs.
All API calls in the documentation are made using
curl. However, you are free to use Java / Python / PHP / Golang / Ruby / Swift / Objective-C / Rust / Scala / C# or any other programming languages.
When calling a production Wekan server, ensure it is running via HTTPS and has a valid SSL Certificate. The login method requires you to post your username and password in plaintext, which is why we highly suggest only calling the REST login api over HTTPS. Also, few things to note:
Login credentials
| username required |
string
Your username
| | password required |
string <password>
Your password
|
200
Successful authentication
400
Error in authentication
default
Error in authentication
post/users/login
/users/login
Content type application/jsonapplication/x-www-form-urlencodedapplication/json
Copy
`{
"username": "string",
"password": "pa$$word"
}`
Notes:
| username required |
string
Your username
| | password required |
string <password>
Your password
| | email required |
string
Your email
|
200
Successful registration
400
Error in registration
default
Error in registration
post/users/register
/users/register
Only the global admin can call this. Returns the Admin Panel > Attachments settings document, including limitSettings.attachmentsUploadBlocked and limitSettings.avatarsUploadBlocked plus the size limits. Cloud-storage secret keys (S3 secretAccessKey, Azure accountKey/connectionString, GCS credentials) are masked and never returned; a boolean <field>Set marker shows whether a value exists.
UserSecurity
200
200 response
get/api/admin/attachment-settings
/api/admin/attachment-settings
Content type application/json
Copy
null
Only the global admin can call this. The request body is a partial settings object (for example {"limitSettings": {"avatarsUploadBlocked": true}}). It is applied through the same update path as the updateAttachmentStorageSettings Meteor method, so validation and $set semantics are identical: cloud-storage secrets left blank are preserved. The masked, updated settings document is returned.
UserSecurity
200
200 response
put/api/admin/attachment-settings
/api/admin/attachment-settings
Content type application/json
Copy
null
Only the global admin can call this. Returns the Admin Panel > Attachments settings document, including limitSettings.attachmentsUploadBlocked and limitSettings.avatarsUploadBlocked plus the size limits. Cloud-storage secret keys (S3 secretAccessKey, Azure accountKey/connectionString, GCS credentials) are masked and never returned; a boolean <field>Set marker shows whether a value exists.
UserSecurity
200
200 response
get/api/admin/attachment-settings
/api/admin/attachment-settings
Content type application/json
Copy
null
Only the global admin can call this. The request body is a partial settings object (for example {"limitSettings": {"avatarsUploadBlocked": true}}). It is applied through the same update path as the updateAttachmentStorageSettings Meteor method, so validation and $set semantics are identical: cloud-storage secrets left blank are preserved. The masked, updated settings document is returned.
UserSecurity
200
200 response
put/api/admin/attachment-settings
/api/admin/attachment-settings
Content type application/json
Copy
null
Only the global admin can call this. SMTP/mail-server credentials are never returned.
UserSecurity
200
200 response
get/api/settings
/api/settings
Content type application/json
Copy Expand all Collapse all
`{
"disableRegistration": true,
"disableForgotPassword": true,
"mailServer": {
"username": "string",
"password": "string",
"host": "string",
"port": "string",
"enableTLS": true,
"from": "string"
},
"productName": "string",
"displayAuthenticationMethod": true,
"defaultAuthenticationMethod": "string",
"spinnerName": "string",
"hideLogo": true,
"hideCardCounterList": true,
"hideBoardMemberList": true,
"customLoginLogoImageUrl": "string",
"customLoginLogoLinkUrl": "string",
"customHelpLinkUrl": "string",
"textBelowCustomLoginLogo": "string",
"automaticLinkedUrlSchemes": "string",
"customTopLeftCornerLogoImageUrl": "string",
"customTopLeftCornerLogoLinkUrl": "string",
"customTopLeftCornerLogoHeight": "string",
"oidcBtnText": "string",
"mailDomainName": "string",
"legalNotice": "string",
"customHeadEnabled": true,
"customHeadMetaTags": "string",
"customHeadLinkTags": "string",
"customManifestEnabled": true,
"customManifestContent": "string",
"customAssetLinksEnabled": true,
"customAssetLinksContent": "string",
"accessibilityPageEnabled": true,
"accessibilityTitle": "string",
"accessibilityContent": "string",
"supportPopupText": "string",
"supportPageEnabled": true,
"supportPagePublic": true,
"boardMembersFromSameOrgOrTeamOnly": true,
"supportTitle": "string",
"supportPageText": "string",
"createdAt": "string",
"modifiedAt": "string"
}`
Only the global admin can call this. SMTP/mail-server credentials are never returned.
UserSecurity
200
200 response
get/api/settings
/api/settings
Content type application/json
Copy Expand all Collapse all
`{
"disableRegistration": true,
"disableForgotPassword": true,
"mailServer": {
"username": "string",
"password": "string",
"host": "string",
"port": "string",
"enableTLS": true,
"from": "string"
},
"productName": "string",
"displayAuthenticationMethod": true,
"defaultAuthenticationMethod": "string",
"spinnerName": "string",
"hideLogo": true,
"hideCardCounterList": true,
"hideBoardMemberList": true,
"customLoginLogoImageUrl": "string",
"customLoginLogoLinkUrl": "string",
"customHelpLinkUrl": "string",
"textBelowCustomLoginLogo": "string",
"automaticLinkedUrlSchemes": "string",
"customTopLeftCornerLogoImageUrl": "string",
"customTopLeftCornerLogoLinkUrl": "string",
"customTopLeftCornerLogoHeight": "string",
"oidcBtnText": "string",
"mailDomainName": "string",
"legalNotice": "string",
"customHeadEnabled": true,
"customHeadMetaTags": "string",
"customHeadLinkTags": "string",
"customManifestEnabled": true,
"customManifestContent": "string",
"customAssetLinksEnabled": true,
"customAssetLinksContent": "string",
"accessibilityPageEnabled": true,
"accessibilityTitle": "string",
"accessibilityContent": "string",
"supportPopupText": "string",
"supportPageEnabled": true,
"supportPagePublic": true,
"boardMembersFromSameOrgOrTeamOnly": true,
"supportTitle": "string",
"supportPageText": "string",
"createdAt": "string",
"modifiedAt": "string"
}`
Only the global admin can call this. The request body is an object whose keys are settings fields to update (see get_global_settings for the list). Unknown keys and mailServer are ignored.
UserSecurity
200
200 response
put/api/settings
/api/settings
Content type application/json
Copy Expand all Collapse all
`{
"disableRegistration": true,
"disableForgotPassword": true,
"mailServer": {
"username": "string",
"password": "string",
"host": "string",
"port": "string",
"enableTLS": true,
"from": "string"
},
"productName": "string",
"displayAuthenticationMethod": true,
"defaultAuthenticationMethod": "string",
"spinnerName": "string",
"hideLogo": true,
"hideCardCounterList": true,
"hideBoardMemberList": true,
"customLoginLogoImageUrl": "string",
"customLoginLogoLinkUrl": "string",
"customHelpLinkUrl": "string",
"textBelowCustomLoginLogo": "string",
"automaticLinkedUrlSchemes": "string",
"customTopLeftCornerLogoImageUrl": "string",
"customTopLeftCornerLogoLinkUrl": "string",
"customTopLeftCornerLogoHeight": "string",
"oidcBtnText": "string",
"mailDomainName": "string",
"legalNotice": "string",
"customHeadEnabled": true,
"customHeadMetaTags": "string",
"customHeadLinkTags": "string",
"customManifestEnabled": true,
"customManifestContent": "string",
"customAssetLinksEnabled": true,
"customAssetLinksContent": "string",
"accessibilityPageEnabled": true,
"accessibilityTitle": "string",
"accessibilityContent": "string",
"supportPopupText": "string",
"supportPageEnabled": true,
"supportPagePublic": true,
"boardMembersFromSameOrgOrTeamOnly": true,
"supportTitle": "string",
"supportPageText": "string",
"createdAt": "string",
"modifiedAt": "string"
}`
Only the global admin can call this. The request body is an object whose keys are settings fields to update (see get_global_settings for the list). Unknown keys and mailServer are ignored.
UserSecurity
200
200 response
put/api/settings
/api/settings
Content type application/json
Copy Expand all Collapse all
`{
"disableRegistration": true,
"disableForgotPassword": true,
"mailServer": {
"username": "string",
"password": "string",
"host": "string",
"port": "string",
"enableTLS": true,
"from": "string"
},
"productName": "string",
"displayAuthenticationMethod": true,
"defaultAuthenticationMethod": "string",
"spinnerName": "string",
"hideLogo": true,
"hideCardCounterList": true,
"hideBoardMemberList": true,
"customLoginLogoImageUrl": "string",
"customLoginLogoLinkUrl": "string",
"customHelpLinkUrl": "string",
"textBelowCustomLoginLogo": "string",
"automaticLinkedUrlSchemes": "string",
"customTopLeftCornerLogoImageUrl": "string",
"customTopLeftCornerLogoLinkUrl": "string",
"customTopLeftCornerLogoHeight": "string",
"oidcBtnText": "string",
"mailDomainName": "string",
"legalNotice": "string",
"customHeadEnabled": true,
"customHeadMetaTags": "string",
"customHeadLinkTags": "string",
"customManifestEnabled": true,
"customManifestContent": "string",
"customAssetLinksEnabled": true,
"customAssetLinksContent": "string",
"accessibilityPageEnabled": true,
"accessibilityTitle": "string",
"accessibilityContent": "string",
"supportPopupText": "string",
"supportPageEnabled": true,
"supportPagePublic": true,
"boardMembersFromSameOrgOrTeamOnly": true,
"supportTitle": "string",
"supportPageText": "string",
"createdAt": "string",
"modifiedAt": "string"
}`
Only the global admin can call this. Counts every user by the domain part of their primary email address (the first address in emails), mirroring the Admin Panel > People domain grouping. Domains are returned sorted by descending count, then alphabetically.
UserSecurity
200
200 response
get/api/admin/domains
/api/admin/domains
Content type application/json
Copy Expand all Collapse all
`[ {
"domain": "string",
"count": 0
}
]`
Only the global admin can call this. Counts every user by the domain part of their primary email address (the first address in emails), mirroring the Admin Panel > People domain grouping. Domains are returned sorted by descending count, then alphabetically.
UserSecurity
200
200 response
get/api/admin/domains
/api/admin/domains
Content type application/json
Copy Expand all Collapse all
`[ {
"domain": "string",
"count": 0
}
]`
UserSecurity
| board required |
string
the board value
| | user required |
string
the user value
|
| action required |
string
the action value
| | role required |
string
the role value
|
200
200 response
post/api/boards/{board}/members/{user}/add
/api/boards/{board}/members/{user}/add
UserSecurity
| board required |
string
the board value
| | user required |
string
the user value
|
| action required |
string
the action value
|
200
200 response
post/api/boards/{board}/members/{user}/remove
/api/boards/{board}/members/{user}/remove
UserSecurity
| user required |
string
the user value
|
200
200 response
post/api/createtoken/{user}
/api/createtoken/{user}
UserSecurity
| userId required |
string
the userId value
| | token required |
string
the token value
|
200
200 response
post/api/deletetoken
/api/deletetoken
UserSecurity
200
200 response
get/api/user
/api/user
UserSecurity
200
200 response
get/api/users
/api/users
UserSecurity
| username required |
string
the username value
| | email required |
string
the email value
| | password required |
string
the password value
|
200
200 response
post/api/users
/api/users
UserSecurity
| user required |
string
the user value
|
200
200 response
get/api/users/{user}
/api/users/{user}
UserSecurity
| user required |
string
the user value
|
| action required |
string
the action value
|
200
200 response
put/api/users/{user}
/api/users/{user}
UserSecurity
| user required |
string
the user value
|
200
200 response
delete/api/users/{user}
/api/users/{user}
Only the global admin can call this. Returns every organization with its identifying fields and the per-org feature toggles shown as columns in Admin Panel > People > Organizations.
UserSecurity
200
200 response
get/api/admin/orgs
/api/admin/orgs
Content type application/json
Copy Expand all Collapse all
`[ {
"_id": "string",
"orgDisplayName": "string",
"orgShortName": "string",
"orgSharedTemplates": true,
"orgPropagateMembersToBoards": true,
"orgSyncMembersFromAuth": true
}
]`
Only the global admin can call this. The request body may contain any of orgSharedTemplates, orgPropagateMembersToBoards and orgSyncMembersFromAuth (booleans); only those whitelisted fields are $set on the organization. Returns the updated organization.
UserSecurity
| org required |
string
the ID of the organization
|
200
200 response
put/api/admin/orgs/{org}/features
/api/admin/orgs/{org}/features
Content type application/json
Copy
null
Only the global admin can call this. The request body is { field, value } where field is one of orgSharedTemplates, orgPropagateMembersToBoards or orgSyncMembersFromAuth and value is a boolean. The field is $set on ALL organizations. Returns the number of organizations updated.
UserSecurity
200
200 response
put/api/admin/orgs/features
/api/admin/orgs/features
Content type application/json
Copy
`{ "updated": 0
}`
Only the global admin can call this. Returns every organization with its identifying fields and the per-org feature toggles shown as columns in Admin Panel > People > Organizations.
UserSecurity
200
200 response
get/api/admin/orgs
/api/admin/orgs
Content type application/json
Copy Expand all Collapse all
`[ {
"_id": "string",
"orgDisplayName": "string",
"orgShortName": "string",
"orgSharedTemplates": true,
"orgPropagateMembersToBoards": true,
"orgSyncMembersFromAuth": true
}
]`
Only the global admin can call this. The request body may contain any of orgSharedTemplates, orgPropagateMembersToBoards and orgSyncMembersFromAuth (booleans); only those whitelisted fields are $set on the organization. Returns the updated organization.
UserSecurity
| org required |
string
the ID of the organization
|
200
200 response
put/api/admin/orgs/{org}/features
/api/admin/orgs/{org}/features
Content type application/json
Copy
null
Only the global admin can call this. The request body is { field, value } where field is one of orgSharedTemplates, orgPropagateMembersToBoards or orgSyncMembersFromAuth and value is a boolean. The field is $set on ALL organizations. Returns the number of organizations updated.
UserSecurity
200
200 response
put/api/admin/orgs/features
/api/admin/orgs/features
Content type application/json
Copy
`{ "updated": 0
}`
Only the global admin can call this. Returns every team with its identifying fields and the per-team feature toggles shown as columns in Admin Panel > People > Teams.
UserSecurity
200
200 response
get/api/admin/teams
/api/admin/teams
Content type application/json
Copy Expand all Collapse all
`[ {
"_id": "string",
"teamDisplayName": "string",
"teamShortName": "string",
"teamSharedTemplates": true,
"teamPropagateMembersToBoards": true,
"teamSyncMembersFromAuth": true
}
]`
Only the global admin can call this. The request body may contain any of teamSharedTemplates, teamPropagateMembersToBoards and teamSyncMembersFromAuth (booleans); only those whitelisted fields are $set on the team. Returns the updated team.
UserSecurity
| team required |
string
the ID of the team
|
200
200 response
put/api/admin/teams/{team}/features
/api/admin/teams/{team}/features
Content type application/json
Copy
null
Only the global admin can call this. The request body is { field, value } where field is one of teamSharedTemplates, teamPropagateMembersToBoards or teamSyncMembersFromAuth and value is a boolean. The field is $set on ALL teams. Returns the number of teams updated.
UserSecurity
200
200 response
put/api/admin/teams/features
/api/admin/teams/features
Content type application/json
Copy
`{ "updated": 0
}`
Only the global admin can call this. Returns every team with its identifying fields and the per-team feature toggles shown as columns in Admin Panel > People > Teams.
UserSecurity
200
200 response
get/api/admin/teams
/api/admin/teams
Content type application/json
Copy Expand all Collapse all
`[ {
"_id": "string",
"teamDisplayName": "string",
"teamShortName": "string",
"teamSharedTemplates": true,
"teamPropagateMembersToBoards": true,
"teamSyncMembersFromAuth": true
}
]`
Only the global admin can call this. The request body may contain any of teamSharedTemplates, teamPropagateMembersToBoards and teamSyncMembersFromAuth (booleans); only those whitelisted fields are $set on the team. Returns the updated team.
UserSecurity
| team required |
string
the ID of the team
|
200
200 response
put/api/admin/teams/{team}/features
/api/admin/teams/{team}/features
Content type application/json
Copy
null
Only the global admin can call this. The request body is { field, value } where field is one of teamSharedTemplates, teamPropagateMembersToBoards or teamSyncMembersFromAuth and value is a boolean. The field is $set on ALL teams. Returns the number of teams updated.
UserSecurity
200
200 response
put/api/admin/teams/features
/api/admin/teams/features
Content type application/json
Copy
`{ "updated": 0
}`
UserSecurity
200
200 response
get/api/boards
/api/boards
UserSecurity
200
200 response
post/api/boards
/api/boards
UserSecurity
| board required |
string
the board value
|
200
200 response
get/api/boards/{board}
/api/boards/{board}
UserSecurity
| board required |
string
the board value
|
200
200 response
delete/api/boards/{board}
/api/boards/{board}
UserSecurity
| board required |
string
the board value
|
200
200 response
get/api/boards/{board}/attachments
/api/boards/{board}/attachments
If user is already logged-in, pass loginToken as param "authToken": '/api/boards/:boardId/attachments/:attachmentId/export?authToken=:token'
UserSecurity
| board required |
string
the ID of the board we are exporting
| | attachment required |
string
the ID of the attachment we are exporting
|
200
200 response
get/api/boards/{board}/attachments/{attachment}/export
/api/boards/{board}/attachments/{attachment}/export
UserSecurity
| board required |
string
the board value
|
200
200 response
get/api/boards/{board}/cardSettings
/api/boards/{board}/cardSettings
UserSecurity
| board required |
string
the board value
|
| key required |
string
the key value
|
200
200 response
put/api/boards/{board}/cardSettings
/api/boards/{board}/cardSettings
UserSecurity
| board required |
string
the board value
|
| title required |
string
the title value
|
200
200 response
post/api/boards/{board}/copy
/api/boards/{board}/copy
#5850: returns the domains array of a board. Each entry is an object { domain: "example.com", isActive: true }. Anyone able to read the board may list its domains. Requires the caller to be authenticated.
UserSecurity
| board required |
string
the board ID
|
200
200 response
get/api/boards/{board}/domains
/api/boards/{board}/domains
Content type application/json
Copy Expand all Collapse all
`[ {
"domain": "string",
"isActive": true
}
]`
#5850: returns the domains array of a board. Each entry is an object { domain: "example.com", isActive: true }. Anyone able to read the board may list its domains. Requires the caller to be authenticated.
UserSecurity
| board required |
string
the board ID
|
200
200 response
get/api/boards/{board}/domains
/api/boards/{board}/domains
Content type application/json
Copy Expand all Collapse all
`[ {
"domain": "string",
"isActive": true
}
]`
#5850: add a single email domain to a board's domains array with isActive: true, leaving any existing domains in place. The domain is trimmed and lowercased and must look like a domain (contain a '.', no '@' and no whitespace); it is added only if not already present. Requires the caller to be a board admin (or site admin). Returns the updated domains array.
UserSecurity
| board required |
string
the board ID
|
| domain required |
string
the email domain to add, e.g. "example.com"
|
200
200 response
post/api/boards/{board}/domains
/api/boards/{board}/domains
Content type application/json
Copy Expand all Collapse all
`[ {
"domain": "string",
"isActive": true
}
]`
#5850: add a single email domain to a board's domains array with isActive: true, leaving any existing domains in place. The domain is trimmed and lowercased and must look like a domain (contain a '.', no '@' and no whitespace); it is added only if not already present. Requires the caller to be a board admin (or site admin). Returns the updated domains array.
UserSecurity
| board required |
string
the board ID
|
| domain required |
string
the email domain to add, e.g. "example.com"
|
200
200 response
post/api/boards/{board}/domains
/api/boards/{board}/domains
Content type application/json
Copy Expand all Collapse all
`[ {
"domain": "string",
"isActive": true
}
]`
#5850: remove a single email domain from a board's domains array. The domain in the path is trimmed and lowercased before matching. Requires the caller to be a board admin (or site admin). Returns the updated domains array.
UserSecurity
| board required |
string
the board ID
| | domain required |
string
the email domain to remove, e.g. "example.com"
|
200
200 response
delete/api/boards/{board}/domains/{domain}
/api/boards/{board}/domains/{domain}
Content type application/json
Copy Expand all Collapse all
`[ {
"domain": "string",
"isActive": true
}
]`
#5850: remove a single email domain from a board's domains array. The domain in the path is trimmed and lowercased before matching. Requires the caller to be a board admin (or site admin). Returns the updated domains array.
UserSecurity
| board required |
string
the board ID
| | domain required |
string
the email domain to remove, e.g. "example.com"
|
200
200 response
delete/api/boards/{board}/domains/{domain}
/api/boards/{board}/domains/{domain}
Content type application/json
Copy Expand all Collapse all
`[ {
"domain": "string",
"isActive": true
}
]`
If user is already logged-in, pass loginToken as param "authToken": '/api/boards/:boardId/export?authToken=:token'
See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/ for detailed explanations
UserSecurity
| board required |
string
the ID of the board we are exporting
|
200
200 response
get/api/boards/{board}/export
/api/boards/{board}/export
UserSecurity
| board required |
string
the ID of the board we are exporting
| | format required |
string
the format value
|
200
200 response
get/api/boards/{board}/export/{format}
/api/boards/{board}/export/{format}
If user is already logged-in, pass loginToken as param
See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/ for detailed explanations
UserSecurity
| board required |
string
the ID of the board we are exporting
|
200
200 response
get/api/boards/{board}/export/csv
/api/boards/{board}/export/csv
Pass the loginToken as the authToken query param for private boards: /api/boards/:boardId/export/kanboard?authToken=:token.
UserSecurity
| board required |
string
the ID of the board we are exporting
|
200
200 response
get/api/boards/{board}/export/kanboard
/api/boards/{board}/export/kanboard
If user is already logged-in, pass loginToken as param "authToken": '/api/boards/:boardId/exportExcel?authToken=:token'
See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/ for detailed explanations
UserSecurity
| board required |
string
the ID of the board we are exporting
|
200
200 response
get/api/boards/{board}/exportExcel
/api/boards/{board}/exportExcel
Pass the loginToken as the authToken query param for private boards: /api/boards/:boardId/exportPDF?authToken=:token.
UserSecurity
| board required |
string
the ID of the board to export
|
200
200 response
get/api/boards/{board}/exportPDF
/api/boards/{board}/exportPDF
UserSecurity
| board required |
string
the board value
|
200
200 response
put/api/boards/{board}/labels
/api/boards/{board}/labels
If user is already logged-in, pass loginToken as param "authToken": '/api/boards/:boardId/exportExcel?authToken=:token'
See https://blog.kayla.com.au/server-side-route-authentication-in-meteor/ for detailed explanations
UserSecurity
| board required |
string
the ID of the board we are exporting
| | list required |
string
the list value
| | card required |
string
the card value
|
200
200 response
get/api/boards/{board}/lists/{list}/cards/{card}/exportPDF
/api/boards/{board}/lists/{list}/cards/{card}/exportPDF
UserSecurity
| board required |
string
the board value
| | member required |
string
the member value
|
| role required |
string
the role value
|
200
200 response
post/api/boards/{board}/members/{member}
/api/boards/{board}/members/{member}
UserSecurity
| board required |
string
the board value
|
| title required |
string
the title value
|
200
200 response
put/api/boards/{board}/title
/api/boards/{board}/title
Accepts a WeKan board export JSON (the body returned by GET /api/boards/:boardId/export) and recreates the board — including its rules / triggers / actions (workflows) and other data — in the authenticated user's account. Combined with the export endpoint, this allows migrating all boards (and their workflows) from another WeKan instance over the REST API: list the remote boards, export each, then POST each here. An optional membersMapping ({ sourceUserId: localUserId }) maps members; unmapped members are simply not added.
UserSecurity
| board required |
object
the WeKan board export object
| | membersMapping |
object
map of source user id -> local user id
|
200
200 response
post/api/boards/import
/api/boards/import
Content type application/json
Copy
`{ "_id": "string"
}`
Accepts a WeKan board export JSON (the body returned by GET /api/boards/:boardId/export) and recreates the board — including its rules / triggers / actions (workflows) and other data — in the authenticated user's account. Combined with the export endpoint, this allows migrating all boards (and their workflows) from another WeKan instance over the REST API: list the remote boards, export each, then POST each here. An optional membersMapping ({ sourceUserId: localUserId }) maps members; unmapped members are simply not added.
UserSecurity
| board required |
object
the WeKan board export object
| | membersMapping |
object
map of source user id -> local user id
|
200
200 response
post/api/boards/import
/api/boards/import
Content type application/json
Copy
`{ "_id": "string"
}`
Generalized import: :source is one of trello, wekan, csv, jira, kanboard, excel, deck (NextCloud Deck), openproject, github, gitlab, gitea, forgejo, asana, zenkit. The request body is that tool's export JSON (sent directly, or wrapped as { "board": <export> }); an optional membersMapping maps members. Reuses the same import engine as the UI.
UserSecurity
| source required |
string
the import source
|
200
200 response
post/api/boards/import/{source}
/api/boards/import/{source}
Content type application/json
Copy
`{ "_id": "string"
}`
Generalized import: :source is one of trello, wekan, csv, jira, kanboard, excel, deck (NextCloud Deck), openproject, github, gitlab, gitea, forgejo, asana, zenkit. The request body is that tool's export JSON (sent directly, or wrapped as { "board": <export> }); an optional membersMapping maps members. Reuses the same import engine as the UI.
UserSecurity
| source required |
string
the import source
|
200
200 response
post/api/boards/import/{source}
/api/boards/import/{source}
Content type application/json
Copy
`{ "_id": "string"
}`
UserSecurity
200
200 response
get/api/boards_count
/api/boards_count
UserSecurity
| user required |
string
the user value
|
200
200 response
get/api/users/{user}/boards
/api/users/{user}/boards
UserSecurity
| boardId required |
string
|
200
Card settings returned
401
Missing or invalid authentication
404
Board not found
get/api/boards/{boardId}/cardSettings
/api/boards/{boardId}/cardSettings
Boolean keys (the allows* display toggles and cardAging) accept true/false. Numeric keys cardAgingDays1, cardAgingDays2, cardAgingDays3 set the three card-aging fade-tier day thresholds (default 7 / 14 / 28).
UserSecurity
| boardId required |
string
|
| cardAging |
boolean
Enable visual card aging on the board
| | cardAgingDays1 |
integer
Idle days for the first (lightest) fade tier
| | cardAgingDays2 |
integer
Idle days for the second fade tier
| | cardAgingDays3 |
integer
Idle days for the third (heaviest) fade tier
|
200
Updated card settings returned
400
No recognized card settings in body
401
Missing or invalid authentication
404
Board not found
put/api/boards/{boardId}/cardSettings
/api/boards/{boardId}/cardSettings
Content type application/json
Copy
`{
"cardAging": true,
"cardAgingDays1": 0,
"cardAgingDays2": 0,
"cardAgingDays3": 0
}`
UserSecurity
| board required |
string
the board value
| | card required |
string
the card value
|
200
200 response
get/api/boards/{board}/cards/{card}/checklists
/api/boards/{board}/cards/{card}/checklists
UserSecurity
| board required |
string
the board value
| | card required |
string
the card value
|
| items required |
string
the items value
|
200
200 response
post/api/boards/{board}/cards/{card}/checklists
/api/boards/{board}/cards/{card}/checklists
UserSecurity
| board required |
string
the board value
| | card required |
string
the card value
| | checklist required |
string
the checklist value
|
200
200 response
get/api/boards/{board}/cards/{card}/checklists/{checklist}
/api/boards/{board}/cards/{card}/checklists/{checklist}
UserSecurity
| board required |
string
the board value
| | card required |
string
the card value
| | checklist required |
string
the checklist value
|
200
200 response
delete/api/boards/{board}/cards/{card}/checklists/{checklist}
/api/boards/{board}/cards/{card}/checklists/{checklist}
UserSecurity
| board required |
string
the board value
| | card required |
string
the card value
| | checklist required |
string
the checklist value
|
200
200 response
post/api/boards/{board}/cards/{card}/checklists/{checklist}/items
/api/boards/{board}/cards/{card}/checklists/{checklist}/items
UserSecurity
| board required |
string
the board value
| | card required |
string
the card value
| | checklist required |
string
the checklist value
| | item required |
string
the item value
|
200
200 response
get/api/boards/{board}/cards/{card}/checklists/{checklist}/items/{item}
/api/boards/{board}/cards/{card}/checklists/{checklist}/items/{item}
UserSecurity
| board required |
string
the board value
| | card required |
string
the card value
| | checklist required |
string
the checklist value
| | item required |
string
the item value
|
200
200 response
put/api/boards/{board}/cards/{card}/checklists/{checklist}/items/{item}
/api/boards/{board}/cards/{card}/checklists/{checklist}/items/{item}
UserSecurity
| board required |
string
the board value
| | card required |
string
the card value
| | checklist required |
string
the checklist value
| | item required |
string
the item value
|
200
200 response
delete/api/boards/{board}/cards/{card}/checklists/{checklist}/items/{item}
/api/boards/{board}/cards/{card}/checklists/{checklist}/items/{item}
UserSecurity
| board required |
string
the board value
| | card required |
string
the card value
|
200
200 response
get/api/boards/{board}/cards/{card}/comments
/api/boards/{board}/cards/{card}/comments
UserSecurity
| board required |
string
the board value
| | card required |
string
the card value
|
200
200 response
post/api/boards/{board}/cards/{card}/comments
/api/boards/{board}/cards/{card}/comments
UserSecurity
| board required |
string
the board value
| | card required |
string
the card value
| | comment required |
string
the comment value
|
200
200 response
get/api/boards/{board}/cards/{card}/comments/{comment}
/api/boards/{board}/cards/{card}/comments/{comment}
UserSecurity
| board required |
string
the board value
| | card required |
string
the card value
| | comment required |
string
the comment value
|
200
200 response
delete/api/boards/{board}/cards/{card}/comments/{comment}
/api/boards/{board}/cards/{card}/comments/{comment}
UserSecurity
| board required |
string
the board ID
| | card required |
string
the card ID
|
200
200 response
get/api/boards/{board}/cards/{card}/dependencies
/api/boards/{board}/cards/{card}/dependencies
Content type application/json
Copy Expand all Collapse all
`[ {
"cardId": "string",
"type": "string",
"color": "string",
"icon": "string"
}
]`
The target card must be on the same board. If the dependency already exists, its type/color/icon are updated.
UserSecurity
| board required |
string
the board ID
| | card required |
string
the source card ID
|
| cardId required |
string
the source card ID
| | dependsOn required |
string
the dependsOn value
| | type |
string
relation type: related-to | blocks | is-blocked-by | fixes | is-fixed-by
| | color |
string
line/badge color, any CSS color e.g. "#eb144c"
| | icon |
string
FontAwesome icon name without the "fa-" prefix
|
200
200 response
post/api/boards/{board}/cards/{card}/dependencies
/api/boards/{board}/cards/{card}/dependencies
Content type application/json
Copy
`{
"_id": "string",
"cardId": "string",
"type": "string",
"color": "string",
"icon": "string"
}`
UserSecurity
| board required |
string
the board ID
| | card required |
string
the source card ID
| | target required |
string
the target card ID of the dependency
|
| type |
string
relation type: related-to | blocks | is-blocked-by | fixes | is-fixed-by
| | key required |
string
the key value
|
200
200 response
put/api/boards/{board}/cards/{card}/dependencies/{target}
/api/boards/{board}/cards/{card}/dependencies/{target}
Content type application/json
Copy
`{ "_id": "string"
}`
UserSecurity
| board required |
string
the board ID
| | card required |
string
the source card ID
| | target required |
string
the target card ID of the dependency to remove
|
200
200 response
delete/api/boards/{board}/cards/{card}/dependencies/{target}
/api/boards/{board}/cards/{card}/dependencies/{target}
Content type application/json
Copy
`{ "_id": "string"
}`
UserSecurity
| board required |
string
the board ID
|
200
200 response
get/api/boards/{board}/dependencies
/api/boards/{board}/dependencies
Content type application/json
Copy Expand all Collapse all
`[ {
"from": "string",
"fromTitle": "string",
"fromCardNumber": 0,
"to": "string",
"toTitle": "string",
"toCardNumber": 0,
"type": "string",
"color": "string",
"icon": "string"
}
]`
UserSecurity
| board required |
string
the board value
|
200
200 response
delete/api/boards/{board}/cards/bulk
/api/boards/{board}/cards/bulk
UserSecurity
| board required |
string
the board value
|
| cardIds required |
string
the cardIds value
|
200
200 response
post/api/boards/{board}/cards/labels
/api/boards/{board}/cards/labels
UserSecurity
| board required |
string
the board value
| | customField required |
string
the customField value
| | customFieldValue required |
string
the customFieldValue value
|
200
200 response
get/api/boards/{board}/cardsByCustomField/{customField}/{customFieldValue}
/api/boards/{board}/cardsByCustomField/{customField}/{customFieldValue}
UserSecurity
| board required |
string
the board value
|
200
200 response
get/api/boards/{board}/cards_count
/api/boards/{board}/cards_count
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
|
200
200 response
get/api/boards/{board}/lists/{list}/cards
/api/boards/{board}/lists/{list}/cards
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
|
| linkedId required |
string
the linkedId value
| | dateField required |
string
the dateField value
|
200
200 response
post/api/boards/{board}/lists/{list}/cards
/api/boards/{board}/lists/{list}/cards
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
| | card required |
string
the card value
|
200
200 response
get/api/boards/{board}/lists/{list}/cards/{card}
/api/boards/{board}/lists/{list}/cards/{card}
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
| | card required |
string
the card value
|
| title required |
string
the title value
| | sort required |
string
the sort value
| | parentId required |
string
the parentId value
| | description required |
string
the description value
| | color required |
string
the color value
| | vote required |
string
the vote value
| | poker required |
string
the poker value
| | labelIds required |
string
the labelIds value
| | requestedBy required |
string
the requestedBy value
| | assignedBy required |
string
the assignedBy value
| | spentTime required |
string
the spentTime value
| | isOverTime required |
string
the isOverTime value
| | customFields required |
string
the customFields value
| | members required |
string
the members value
| | assignees required |
string
the assignees value
| | stickers required |
string
the stickers value
| | locations required |
string
the locations value
|
200
200 response
put/api/boards/{board}/lists/{list}/cards/{card}
/api/boards/{board}/lists/{list}/cards/{card}
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
| | card required |
string
the card value
|
200
200 response
delete/api/boards/{board}/lists/{list}/cards/{card}
/api/boards/{board}/lists/{list}/cards/{card}
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
| | card required |
string
the card value
|
200
200 response
post/api/boards/{board}/lists/{list}/cards/{card}/archive
/api/boards/{board}/lists/{list}/cards/{card}/archive
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
| | card required |
string
the card value
| | assignee required |
string
the assignee value
|
200
200 response
post/api/boards/{board}/lists/{list}/cards/{card}/assignees/{assignee}
/api/boards/{board}/lists/{list}/cards/{card}/assignees/{assignee}
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
| | card required |
string
the card value
| | assignee required |
string
the assignee value
|
200
200 response
delete/api/boards/{board}/lists/{list}/cards/{card}/assignees/{assignee}
/api/boards/{board}/lists/{list}/cards/{card}/assignees/{assignee}
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
| | card required |
string
the card value
|
| toBoardId required |
string
the toBoardId value
| | toSwimlaneId required |
string
the toSwimlaneId value
| | toListId required |
string
the toListId value
| | position required |
string
the position value
|
200
200 response
post/api/boards/{board}/lists/{list}/cards/{card}/copy
/api/boards/{board}/lists/{list}/cards/{card}/copy
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
| | card required |
string
the card value
| | customField required |
string
the customField value
|
| value required |
string
the value value
|
200
200 response
post/api/boards/{board}/lists/{list}/cards/{card}/customFields/{customField}
/api/boards/{board}/lists/{list}/cards/{card}/customFields/{customField}
If user is already logged-in, pass loginToken as param "authToken": '/api/boards/:boardId/lists/:listId/cards/:cardId/exportExcel?authToken=:token'
Optional query param "fields" is a comma-separated list of sections to include. Valid values: people, board-info, dates, description, checklists, subtasks, comments Omitting "fields" includes all sections.
UserSecurity
| board required |
string
the ID of the board
| | list required |
string
the ID of the list
| | card required |
string
the ID of the card to export
|
200
200 response
get/api/boards/{board}/lists/{list}/cards/{card}/exportExcel
/api/boards/{board}/lists/{list}/cards/{card}/exportExcel
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
| | card required |
string
the card value
| | member required |
string
the member value
|
200
200 response
post/api/boards/{board}/lists/{list}/cards/{card}/members/{member}
/api/boards/{board}/lists/{list}/cards/{card}/members/{member}
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
| | card required |
string
the card value
| | member required |
string
the member value
|
200
200 response
delete/api/boards/{board}/lists/{list}/cards/{card}/members/{member}
/api/boards/{board}/lists/{list}/cards/{card}/members/{member}
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
| | card required |
string
the card value
|
200
200 response
post/api/boards/{board}/lists/{list}/cards/{card}/unarchive
/api/boards/{board}/lists/{list}/cards/{card}/unarchive
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
|
| cards required |
string
the cards value
|
200
200 response
post/api/boards/{board}/lists/{list}/cards/bulk
/api/boards/{board}/lists/{list}/cards/bulk
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
|
200
200 response
get/api/boards/{board}/lists/{list}/cards_count
/api/boards/{board}/lists/{list}/cards_count
UserSecurity
| board required |
string
the board value
| | swimlane required |
string
the swimlane value
|
200
200 response
get/api/boards/{board}/swimlanes/{swimlane}/cards
/api/boards/{board}/swimlanes/{swimlane}/cards
UserSecurity
| card required |
string
the card value
|
200
200 response
get/api/cards/{card}
/api/cards/{card}
UserSecurity
200
200 response
get/api/user/cards
/api/user/cards
Parses the supplied iCalendar text and creates one card per VEVENT on the given board / list / swimlane, populating each card's startAt (DTSTART) and dueAt (DTEND, or DTSTART when there is no DTEND) so the imported events appear on the Calendar and Gantt views.
Permissions: requires a valid auth token and write access to the board (read-only / comment-only / worker members are rejected; site admins are allowed).
UserSecurity
| boardId required |
string
the board ID
| | swimlaneId required |
string
the swimlane ID the cards are created in
| | listId required |
string
the list ID the cards are created in
|
| ics required |
string
the raw .ics (iCalendar) file contents
|
200
Import succeeded. Returns the number of cards created and their ids, e.g. { "created": 3, "cardIds": ["abc", "def", "ghi"] }.
400
Missing or empty ics body field
401
Missing or invalid authentication, or no write access to the board
404
Board, list or swimlane not found
post/api/boards/{boardId}/swimlanes/{swimlaneId}/lists/{listId}/ics
/api/boards/{boardId}/swimlanes/{swimlaneId}/lists/{listId}/ics
Content type application/json
Copy
`{ "ics": "string"
}`
UserSecurity
| board required |
string
the board value
|
200
200 response
get/api/boards/{board}/custom-fields
/api/boards/{board}/custom-fields
UserSecurity
| board required |
string
the board value
|
200
200 response
post/api/boards/{board}/custom-fields
/api/boards/{board}/custom-fields
UserSecurity
| board required |
string
the board value
| | customField required |
string
the customField value
|
200
200 response
get/api/boards/{board}/custom-fields/{customField}
/api/boards/{board}/custom-fields/{customField}
UserSecurity
| board required |
string
the board value
| | customField required |
string
the customField value
|
200
200 response
put/api/boards/{board}/custom-fields/{customField}
/api/boards/{board}/custom-fields/{customField}
UserSecurity
| board required |
string
the board value
| | customField required |
string
the customField value
|
200
200 response
delete/api/boards/{board}/custom-fields/{customField}
/api/boards/{board}/custom-fields/{customField}
UserSecurity
| board required |
string
the board value
| | customField required |
string
the customField value
|
| items required |
string
the items value
|
200
200 response
post/api/boards/{board}/custom-fields/{customField}/dropdown-items
/api/boards/{board}/custom-fields/{customField}/dropdown-items
UserSecurity
| board required |
string
the board value
| | customField required |
string
the customField value
| | dropdownItem required |
string
the dropdownItem value
|
| name required |
string
the name value
|
200
200 response
put/api/boards/{board}/custom-fields/{customField}/dropdown-items/{dropdownItem}
/api/boards/{board}/custom-fields/{customField}/dropdown-items/{dropdownItem}
UserSecurity
| board required |
string
the board value
| | customField required |
string
the customField value
| | dropdownItem required |
string
the dropdownItem value
|
200
200 response
delete/api/boards/{board}/custom-fields/{customField}/dropdown-items/{dropdownItem}
/api/boards/{board}/custom-fields/{customField}/dropdown-items/{dropdownItem}
UserSecurity
| board required |
string
the board value
|
200
200 response
get/api/boards/{board}/integrations
/api/boards/{board}/integrations
UserSecurity
| board required |
string
the board value
|
200
200 response
post/api/boards/{board}/integrations
/api/boards/{board}/integrations
UserSecurity
| board required |
string
the board value
| | int required |
string
the int value
|
200
200 response
get/api/boards/{board}/integrations/{int}
/api/boards/{board}/integrations/{int}
UserSecurity
| board required |
string
the board value
| | int required |
string
the int value
|
200
200 response
put/api/boards/{board}/integrations/{int}
/api/boards/{board}/integrations/{int}
UserSecurity
| board required |
string
the board value
| | int required |
string
the int value
|
200
200 response
delete/api/boards/{board}/integrations/{int}
/api/boards/{board}/integrations/{int}
UserSecurity
| board required |
string
the board value
| | int required |
string
the int value
|
200
200 response
delete/api/boards/{board}/integrations/{int}/activities
/api/boards/{board}/integrations/{int}/activities
UserSecurity
| board required |
string
the board value
| | int required |
string
the int value
|
| activities required |
string
the activities value
|
200
200 response
post/api/boards/{board}/integrations/{int}/activities
/api/boards/{board}/integrations/{int}/activities
UserSecurity
| board required |
string
the board value
|
200
200 response
get/api/boards/{board}/lists
/api/boards/{board}/lists
UserSecurity
| board required |
string
the board value
|
200
200 response
post/api/boards/{board}/lists
/api/boards/{board}/lists
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
|
200
200 response
get/api/boards/{board}/lists/{list}
/api/boards/{board}/lists/{list}
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
|
200
200 response
put/api/boards/{board}/lists/{list}
/api/boards/{board}/lists/{list}
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
|
200
200 response
delete/api/boards/{board}/lists/{list}
/api/boards/{board}/lists/{list}
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
|
| toBoardId required |
string
the toBoardId value
|
200
200 response
post/api/boards/{board}/lists/{list}/copy
/api/boards/{board}/lists/{list}/copy
UserSecurity
| board required |
string
the board value
| | list required |
string
the list value
|
| toBoardId required |
string
the toBoardId value
| | toSwimlaneId required |
string
the toSwimlaneId value
|
200
200 response
post/api/boards/{board}/lists/{list}/move
/api/boards/{board}/lists/{list}/move
UserSecurity
| board required |
string
the board ID
|
200
200 response
get/api/boards/{board}/rules
/api/boards/{board}/rules
Content type application/json
Copy Expand all Collapse all
`[ {
"_id": "string",
"title": "string",
"trigger": { },
"action": { }
}
]`
UserSecurity
| board required |
string
the board ID
|
200
200 response
get/api/boards/{board}/rules
/api/boards/{board}/rules
Content type application/json
Copy Expand all Collapse all
`[ {
"_id": "string",
"title": "string",
"trigger": { },
"action": { }
}
]`
The trigger and action are embedded inline. See the Rules documentation for the available trigger activityTypes and action actionTypes.
UserSecurity
| board required |
string
the board ID
|
| title required |
string
the rule title
| | trigger required |
object
the trigger document (must include activityType)
| | action required |
object
the action document (must include actionType)
|
200
200 response
post/api/boards/{board}/rules
/api/boards/{board}/rules
Content type application/json
Copy
`{
"_id": "string",
"triggerId": "string",
"actionId": "string"
}`
The trigger and action are embedded inline. See the Rules documentation for the available trigger activityTypes and action actionTypes.
UserSecurity
| board required |
string
the board ID
|
| title required |
string
the rule title
| | trigger required |
object
the trigger document (must include activityType)
| | action required |
object
the action document (must include actionType)
|
200
200 response
post/api/boards/{board}/rules
/api/boards/{board}/rules
Content type application/json
Copy
`{
"_id": "string",
"triggerId": "string",
"actionId": "string"
}`
UserSecurity
| board required |
string
the board ID
| | rule required |
string
the rule ID
|
200
200 response
get/api/boards/{board}/rules/{rule}
/api/boards/{board}/rules/{rule}
Content type application/json
Copy Expand all Collapse all
`{
"_id": "string",
"title": "string",
"trigger": { },
"action": { }
}`
UserSecurity
| board required |
string
the board ID
| | rule required |
string
the rule ID
|
200
200 response
get/api/boards/{board}/rules/{rule}
/api/boards/{board}/rules/{rule}
Content type application/json
Copy Expand all Collapse all
`{
"_id": "string",
"title": "string",
"trigger": { },
"action": { }
}`
Any of title, trigger and action may be supplied; the trigger and action documents are replaced ($set) when present.
UserSecurity
| board required |
string
the board ID
| | rule required |
string
the rule ID
|
| title |
string
the new rule title
| | trigger |
object
the new trigger document
| | action |
object
the new action document
|
200
200 response
put/api/boards/{board}/rules/{rule}
/api/boards/{board}/rules/{rule}
Content type application/json
Copy
`{ "_id": "string"
}`
Any of title, trigger and action may be supplied; the trigger and action documents are replaced ($set) when present.
UserSecurity
| board required |
string
the board ID
| | rule required |
string
the rule ID
|
| title |
string
the new rule title
| | trigger |
object
the new trigger document
| | action |
object
the new action document
|
200
200 response
put/api/boards/{board}/rules/{rule}
/api/boards/{board}/rules/{rule}
Content type application/json
Copy
`{ "_id": "string"
}`
UserSecurity
| board required |
string
the board ID
| | rule required |
string
the rule ID
|
200
200 response
delete/api/boards/{board}/rules/{rule}
/api/boards/{board}/rules/{rule}
Content type application/json
Copy
`{ "_id": "string"
}`
UserSecurity
| board required |
string
the board ID
| | rule required |
string
the rule ID
|
200
200 response
delete/api/boards/{board}/rules/{rule}
/api/boards/{board}/rules/{rule}
Content type application/json
Copy
`{ "_id": "string"
}`
UserSecurity
| board required |
string
the board value
|
200
200 response
get/api/boards/{board}/swimlanes
/api/boards/{board}/swimlanes
UserSecurity
| board required |
string
the board value
|
200
200 response
post/api/boards/{board}/swimlanes
/api/boards/{board}/swimlanes
UserSecurity
| board required |
string
the board value
| | swimlane required |
string
the swimlane value
|
200
200 response
get/api/boards/{board}/swimlanes/{swimlane}
/api/boards/{board}/swimlanes/{swimlane}
UserSecurity
| board required |
string
the board value
| | swimlane required |
string
the swimlane value
|
200
200 response
put/api/boards/{board}/swimlanes/{swimlane}
/api/boards/{board}/swimlanes/{swimlane}
UserSecurity
| board required |
string
the board value
| | swimlane required |
string
the swimlane value
|
200
200 response
delete/api/boards/{board}/swimlanes/{swimlane}
/api/boards/{board}/swimlanes/{swimlane}
UserSecurity
| board required |
string
the board value
| | swimlane required |
string
the swimlane value
|
| toBoardId required |
string
the toBoardId value
|
200
200 response
post/api/boards/{board}/swimlanes/{swimlane}/copy
/api/boards/{board}/swimlanes/{swimlane}/copy
UserSecurity
| board required |
string
the board value
| | swimlane required |
string
the swimlane value
|
| toBoardId required |
string
the toBoardId value
|
200
200 response
post/api/boards/{board}/swimlanes/{swimlane}/move
/api/boards/{board}/swimlanes/{swimlane}/move
Upload a file to a card. The file content is sent base64-encoded in the JSON body. The maximum size is bounded by the admin Attachment Storage Settings (apiUploadMaxBytes) and a hard server safety cap (64 MB).
Permissions: requires a valid auth token, write access to the target board (read-only / comment-only / worker members are rejected), and the board must allow attachments.
UserSecurity
| boardId required |
string
ID of the board the card belongs to
| | swimlaneId required |
string
ID of the card's swimlane (must match the card)
| | listId required |
string
ID of the card's list (must match the card)
| | cardId required |
string
ID of the card to attach the file to
| | fileName required |
string
Name to store the file under
| | fileType |
string
MIME type of the file (optional)
| | fileData required |
string
Base64-encoded file contents
|
200
Attachment uploaded successfully
400
Missing/invalid parameters or card/board/list/swimlane mismatch
401
Missing or invalid authentication
403
Uploads disabled, not a board member, or attachments not allowed on this board
404
Card or board not found
413
Attachment exceeds the API upload limit
post/api/attachment/upload
/api/attachment/upload
Content type application/json
Copy
`{
"boardId": "string",
"swimlaneId": "string",
"listId": "string",
"cardId": "string",
"fileName": "string",
"fileType": "string",
"fileData": "string"
}`
Upload an image and set it as the board's active background. The file content is sent base64-encoded in the JSON body and stored using the current Admin Panel / Attachments / Default Storage backend (the same storage used by card attachment uploads). Board-admin is required.
UserSecurity
| boardId required |
string
ID of the board
| | fileName required |
string
Name to store the image under
| | fileType |
string
MIME type of the image (optional, defaults to image/png)
| | fileData required |
string
Base64-encoded image contents
|
200
Background uploaded and set as the board background
400
Missing or invalid parameters
401
Missing or invalid authentication
403
Uploads disabled or caller is not a board admin
404
Board not found
413
Background exceeds the API upload limit
post/api/attachment/upload-background
/api/attachment/upload-background
Content type application/json
Copy
`{
"boardId": "string",
"fileName": "string",
"fileType": "string",
"fileData": "string"
}`
Returns the board's active background image metadata together with the image bytes base64-encoded in base64Data. Requires board membership.
UserSecurity
| boardId required |
string
ID of the board
|
200
Background image returned
401
Missing or invalid authentication
403
Downloads disabled or caller is not a board member
404
Board has no background, or board not found
413
Background exceeds the API download limit
get/api/attachment/download-background/{boardId}
/api/attachment/download-background/{boardId}
Returns the attachment metadata together with the file contents base64-encoded in base64Data. The maximum size is bounded by the admin Attachment Storage Settings (apiDownloadMaxBytes).
Permissions: requires active membership of the attachment's board.
UserSecurity
| attachmentId required |
string
ID of the attachment to download
|
200
Attachment contents returned (base64Data)
401
Missing or invalid authentication
403
Downloads disabled, or not a member of the attachment's board
404
Attachment or stored file not found
413
Attachment exceeds the API download limit
get/api/attachment/download/{attachmentId}
/api/attachment/download/{attachmentId}
Returns attachment metadata (name, size, type, storage backend, board / swimlane / list / card IDs and available versions) without the file contents.
Permissions: requires active membership of the attachment's board.
UserSecurity
| attachmentId required |
string
ID of the attachment
|
200
Attachment metadata returned
401
Missing or invalid authentication
403
Not a member of the attachment's board
404
Attachment not found
get/api/attachment/info/{attachmentId}
/api/attachment/info/{attachmentId}
List every attachment on a board. Use the swimlane / list / card variants of this path to narrow the result.
Permissions: requires active membership of the board.
UserSecurity
| boardId required |
string
ID of the board
|
200
List of attachments with metadata
401
Missing or invalid authentication
403
Not a member of the board
get/api/attachment/list/{boardId}
/api/attachment/list/{boardId}
UserSecurity
| boardId required |
string
| | swimlaneId required |
string
|
200
List of attachments with metadata
401
Missing or invalid authentication
403
Not a member of the board
get/api/attachment/list/{boardId}/{swimlaneId}
/api/attachment/list/{boardId}/{swimlaneId}
UserSecurity
| boardId required |
string
| | swimlaneId required |
string
| | listId required |
string
|
200
List of attachments with metadata
401
Missing or invalid authentication
403
Not a member of the board
get/api/attachment/list/{boardId}/{swimlaneId}/{listId}
/api/attachment/list/{boardId}/{swimlaneId}/{listId}
List attachments filtered down to one card. The card must belong to the given board.
Permissions: requires active membership of the board.
UserSecurity
| boardId required |
string
| | swimlaneId required |
string
| | listId required |
string
| | cardId required |
string
|
200
List of attachments with metadata
401
Missing or invalid authentication
403
Not a member of the board
404
Card not found or does not belong to the board
get/api/attachment/list/{boardId}/{swimlaneId}/{listId}/{cardId}
/api/attachment/list/{boardId}/{swimlaneId}/{listId}/{cardId}
Copy an existing attachment to a target card, creating a new attachment.
Permissions: requires membership of the source board (to read it) and write access to the target board, which must allow attachments. Honours the admin API upload limits.
UserSecurity
| attachmentId required |
string
ID of the source attachment
| | targetBoardId required |
string
| | targetSwimlaneId required |
string
| | targetListId required |
string
| | targetCardId required |
string
|
200
Attachment copied (newAttachmentId returned)
400
Target card/board/list/swimlane mismatch
401
Missing or invalid authentication
403
Not a member of source or target board, or attachments not allowed
404
Source attachment, target card, or stored file not found
post/api/attachment/copy
/api/attachment/copy
Content type application/json
Copy
`{
"attachmentId": "string",
"targetBoardId": "string",
"targetSwimlaneId": "string",
"targetListId": "string",
"targetCardId": "string"
}`
Move an existing attachment to a target card by updating its metadata.
Permissions: requires write access to both the source board (the attachment is removed from it) and the target board, which must allow attachments.
UserSecurity
| attachmentId required |
string
ID of the attachment to move
| | targetBoardId required |
string
| | targetSwimlaneId required |
string
| | targetListId required |
string
| | targetCardId required |
string
|
200
Attachment moved
400
Target card/board/list/swimlane mismatch
401
Missing or invalid authentication
403
Not a member of source or target board, or attachments not allowed
404
Source attachment or target card not found
post/api/attachment/move
/api/attachment/move
Content type application/json
Copy
`{
"attachmentId": "string",
"targetBoardId": "string",
"targetSwimlaneId": "string",
"targetListId": "string",
"targetCardId": "string"
}`
Delete an attachment.
Permissions: requires write access to the attachment's board (read-only / comment-only / worker members are rejected).
UserSecurity
| attachmentId required |
string
ID of the attachment to delete
|
200
Attachment deleted
401
Missing or invalid authentication
403
Not a member of the attachment's board
404
Attachment not found
delete/api/attachment/delete/{attachmentId}
/api/attachment/delete/{attachmentId}