Public Api

Public HTTP API (v1)

Org API keys (yns_...) authenticate GET routes on the product app. Pass the key in the header:

Authorization: Bearer yns_...

Base URL is the product origin (same host as /api/auth), e.g. https://app.example.com or http://localhost:3001 in local dev.

Method	Path	Description
`GET`	`/api/v1/me`	API key id/name and organization summary.
`GET`	`/api/v1/org`	Organization `id`, `name`, `slug`.
`GET`	`/api/v1/projects`	List projects for the key's workspace.
`GET`	`/api/v1/tasks`	List tasks; optional query `?projectId=<uuid>` to filter.

JSON body shape on failure:

{ "error": "unauthorized", "message": "Invalid or missing API key" }

HTTP status	Typical cause
`401`	Missing/invalid/revoked API key.
`400`	Invalid `projectId` query parameter (malformed UUID).

System overview — API keys in settings; outbound webhooks use separate signed delivery (project.*, task.*, etc.).
Environment variables