Authenticate. POST your credentials to POST /api/auth/login. The response contains a token — save it.
2
Pass the token. Add Authorization: Bearer <token> to every request. Tokens are long-lived; re-authenticate if you receive a 401.
3
For machine-to-machine integrations, create an API Key in Settings → API Keys and pass it as x-api-key: <key> to any /api/external/* route instead of a Bearer token.
curl
# Step 1 — obtain a tokencurl -X POST https://autovella.cloud/api/auth/login \
-H "Content-Type: application/json" \
-d '{"email":"you@company.com","password":"••••••••"}'# Step 2 — use the tokencurlhttps://autovella.cloud/api/projects \
-H "Authorization: Bearer <your_token>"# External API key (machine-to-machine)curlhttps://autovella.cloud/api/external/projects \
-H "x-api-key: <your_api_key>"
🔒Authentication
Method
Endpoint
Auth
Description
POST
/api/auth/login
none
Obtain a JWT token
POST
/api/auth/forgot-password
none
Send password reset email
POST
/api/auth/reset-password
none
Set new password via reset token
GET
/api/auth/me
JWT
Get current user profile
GET
/api/auth/me/storage
JWT
Get org storage usage
PUT
/api/auth/profile
JWT
Update my profile
PUT
/api/auth/password
JWT
Change my password
GET
/api/auth/users/directory
JWT
List users (lightweight, for @mentions)
👥Users
Method
Endpoint
Auth
Description
GET
/api/auth/users
JWT
List all users (paginated)
GET
/api/auth/users/:id
JWT
Get a user by ID
POST
/api/auth/users
JWT
Create a new user
PUT
/api/auth/users/:id
JWT
Update a user
DELETE
/api/auth/users/:id
JWT
Delete a user
POST
/api/auth/users/:id/send-reset
JWT
Send password reset to user
POST
/api/auth/users/:id/unlock
JWT
Unlock a locked account
GET
/api/auth/users/:id/login-history
JWT
Get login history
GET
/api/users/search
JWT
Search users by name or email
📁Projects
Method
Endpoint
Auth
Description
GET
/api/projects
JWT
List projects
GET
/api/projects/search
JWT
Search projects
GET
/api/projects/gantt/all
JWT
Gantt data for all projects
GET
/api/projects/:id
JWT
Get a project
GET
/api/projects/:id/tasks
JWT
Get all tasks in a project
GET
/api/projects/:id/gantt
JWT
Project Gantt data
GET
/api/projects/:id/history
JWT
Project audit history
POST
/api/projects
JWT
Create a project
PUT
/api/projects/:id
JWT
Update a project
DELETE
/api/projects/:id
JWT
Delete a project
POST
/api/projects/:id/members
JWT
Add a member to project
PATCH
/api/projects/:id/members/:userId
JWT
Update member role
DELETE
/api/projects/:id/members/:userId
JWT
Remove a member
✅Tasks & Subtasks
Method
Endpoint
Auth
Description
GET
/api/tasks
JWT
List tasks
GET
/api/tasks/search
JWT
Search tasks
GET
/api/tasks/:id
JWT
Get a task
GET
/api/tasks/:id/history
JWT
Task change history
GET
/api/tasks/:id/subtasks
JWT
List subtasks
POST
/api/tasks
JWT
Create a task
POST
/api/tasks/:id/subtasks
JWT
Create a subtask
PUT
/api/tasks/:id
JWT
Update a task
PATCH
/api/tasks/:id/status
JWT
Update task status only
PATCH
/api/tasks/:id/move
JWT
Move task to another section/order
DELETE
/api/tasks/:id
JWT
Delete a task
GET
/api/subtasks/:id
JWT
Get a subtask
PUT
/api/subtasks/:id
JWT
Update a subtask
PATCH
/api/subtasks/:id/complete
JWT
Toggle subtask complete
DELETE
/api/subtasks/:id
JWT
Delete a subtask
📋Sections
Method
Endpoint
Auth
Description
GET
/api/sections
JWT
List sections (pass projectId)
GET
/api/sections/search
JWT
Search sections
GET
/api/sections/:id
JWT
Get a section
POST
/api/sections
JWT
Create a section
POST
/api/sections/reorder
JWT
Reorder sections
PUT
/api/sections/:id
JWT
Update a section
DELETE
/api/sections/:id
JWT
Delete a section
🏃Sprints
Method
Endpoint
Auth
Description
GET
/api/sprints
JWT
List sprints
GET
/api/sprints/search
JWT
Search sprints
GET
/api/sprints/velocity
JWT
Sprint velocity chart data
GET
/api/sprints/:id
JWT
Get a sprint
GET
/api/sprints/:id/tasks
JWT
Get sprint tasks
GET
/api/sprints/:id/burndown
JWT
Burndown chart data
POST
/api/sprints
JWT
Create a sprint
PUT
/api/sprints/:id
JWT
Update a sprint
POST
/api/sprints/:id/tasks
JWT
Bulk assign tasks to sprint
POST
/api/sprints/:id/complete
JWT
Complete a sprint
DELETE
/api/sprints/:id
JWT
Delete a sprint
⏱Timesheets
Method
Endpoint
Auth
Description
GET
/api/timesheets
JWT
List timesheets
GET
/api/timesheets/report
JWT
Timesheet report by date range
GET
/api/timesheets/:id
JWT
Get a timesheet entry
POST
/api/timesheets
JWT
Log time
PUT
/api/timesheets/:id
JWT
Update a timesheet entry
PATCH
/api/timesheets/:id/submit
JWT
Submit for approval
PATCH
/api/timesheets/:id/approve
JWT
Approve a timesheet
PATCH
/api/timesheets/:id/reject
JWT
Reject a timesheet
DELETE
/api/timesheets/:id
JWT
Delete a timesheet entry
💰Expenses
Method
Endpoint
Auth
Description
GET
/api/expenses
JWT
List expenses
GET
/api/expenses/report
JWT
Expense report by date range
GET
/api/expenses/:id
JWT
Get an expense
POST
/api/expenses
JWT
Create expense (multipart, receipt optional)
PATCH
/api/expenses/:id/approve
JWT
Approve an expense
PATCH
/api/expenses/:id/reject
JWT
Reject an expense
DELETE
/api/expenses/:id
JWT
Delete an expense
🧾Invoices
Method
Endpoint
Auth
Description
GET
/api/invoices
JWT
List invoices
GET
/api/invoices/search
JWT
Search invoices
GET
/api/invoices/stats
JWT
Invoice stats (total, paid, overdue)
GET
/api/invoices/:id
JWT
Get an invoice
GET
/api/invoices/:id/pdf
JWT
Download invoice as PDF
POST
/api/invoices
JWT
Create an invoice
POST
/api/invoices/generate
JWT
Generate invoice from timesheets
PUT
/api/invoices/:id
JWT
Update an invoice
PATCH
/api/invoices/:id/send
JWT
Send invoice to client
PATCH
/api/invoices/:id/pay
JWT
Mark as paid
PATCH
/api/invoices/:id/cancel
JWT
Cancel an invoice
POST
/api/invoices/:id/render
JWT
Render invoice HTML
DELETE
/api/invoices/:id
JWT
Delete an invoice
🏢CRM — Accounts
Method
Endpoint
Auth
Description
GET
/api/accounts
JWT
List accounts
GET
/api/accounts/search
JWT
Search accounts
GET
/api/accounts/:id
JWT
Get an account
GET
/api/accounts/:id/projects
JWT
Get account's projects
POST
/api/accounts
JWT
Create an account
PUT
/api/accounts/:id
JWT
Update an account
DELETE
/api/accounts/:id
JWT
Delete an account
👤CRM — Contacts
Method
Endpoint
Auth
Description
GET
/api/contacts
JWT
List contacts
GET
/api/contacts/search
JWT
Search contacts
GET
/api/contacts/:id
JWT
Get a contact
POST
/api/contacts
JWT
Create a contact
PUT
/api/contacts/:id
JWT
Update a contact
DELETE
/api/contacts/:id
JWT
Delete a contact
💼CRM — Deals
Method
Endpoint
Auth
Description
GET
/api/deals
JWT
List deals
GET
/api/deals/search
JWT
Search deals
GET
/api/deals/:id
JWT
Get a deal
POST
/api/deals
JWT
Create a deal
PUT
/api/deals/:id
JWT
Update a deal
POST
/api/deals/:id/convert
JWT
Convert deal to project
DELETE
/api/deals/:id
JWT
Delete a deal
👨👩👧Teams
Method
Endpoint
Auth
Description
GET
/api/teams
JWT
List teams
GET
/api/teams/:id
JWT
Get a team
POST
/api/teams
JWT
Create a team
PUT
/api/teams/:id
JWT
Update a team
DELETE
/api/teams/:id
JWT
Delete a team
POST
/api/teams/:id/members
JWT
Add a member
DELETE
/api/teams/:id/members/:userId
JWT
Remove a member
POST
/api/teams/:id/assign
JWT
Assign team to project
🕐Attendance
Method
Endpoint
Auth
Description
GET
/api/attendance/me/today
JWT
Get my attendance for today
POST
/api/attendance/check-in
JWT
Check in
POST
/api/attendance/check-out
JWT
Check out
POST
/api/attendance/punch
JWT
Record a punch (in/out)
GET
/api/attendance
JWT
List attendance records
GET
/api/attendance/summary
JWT
Monthly attendance summary
GET
/api/attendance/:id
JWT
Get an attendance record
GET
/api/attendance/:id/punches
JWT
Get punch log for a record
POST
/api/attendance
JWT
Upsert an attendance record
PUT
/api/attendance/:id
JWT
Update an attendance record
DELETE
/api/attendance/:id
JWT
Delete an attendance record
DELETE
/api/attendance/punches/:punchId
JWT
Delete a punch entry
🏖Time Off
Method
Endpoint
Auth
Description
GET
/api/time-off/summary
JWT
Leave balance summary
GET
/api/time-off/team
JWT
Team time-off calendar
GET
/api/time-off
JWT
List time-off requests
GET
/api/time-off/:id
JWT
Get a time-off request
POST
/api/time-off
JWT
Submit time-off request
PUT
/api/time-off/:id
JWT
Update a request
PATCH
/api/time-off/:id/cancel
JWT
Cancel request
PATCH
/api/time-off/:id/approve
JWT
Approve request
PATCH
/api/time-off/:id/reject
JWT
Reject request
DELETE
/api/time-off/:id
JWT
Delete a request
🗓Holidays
Method
Endpoint
Auth
Description
GET
/api/holidays
JWT
List holiday calendars
GET
/api/holidays/upcoming
JWT
Upcoming holidays
GET
/api/holidays/locations
JWT
Available holiday locations
GET
/api/holidays/:id
JWT
Get a calendar
POST
/api/holidays
JWT
Create a holiday calendar
PUT
/api/holidays/:id
JWT
Update a calendar
POST
/api/holidays/:id/items
JWT
Add a holiday date
PUT
/api/holidays/:id/items/:itemId
JWT
Update a holiday date
DELETE
/api/holidays/:id/items/:itemId
JWT
Delete a holiday date
POST
/api/holidays/:id/items/:itemId/assign
JWT
Assign users to holiday
DELETE
/api/holidays/:id
JWT
Delete a calendar
💬Comments
Method
Endpoint
Auth
Description
GET
/api/comments
JWT
List comments (pass entityType & entityId)
GET
/api/comments/mentions/me
JWT
Comments where I'm mentioned
GET
/api/comments/:id
JWT
Get a comment
POST
/api/comments
JWT
Post a comment
PUT
/api/comments/:id
JWT
Edit a comment
DELETE
/api/comments/:id
JWT
Delete a comment
📎Attachments
Method
Endpoint
Auth
Description
GET
/api/attachments
JWT
List attachments (entityType & entityId)
GET
/api/attachments/latest-images
JWT
Recently uploaded images
POST
/api/attachments
JWT
Upload a file (multipart/form-data)
DELETE
/api/attachments/:id
JWT
Delete an attachment
🔔Notifications & Analytics
Method
Endpoint
Auth
Description
GET
/api/notifications
JWT
List notifications
GET
/api/notifications/unread-count
JWT
Unread notification count
PUT
/api/notifications/read-all
JWT
Mark all notifications read
PUT
/api/notifications/:id/read
JWT
Mark one notification read
📊Analytics & Search
Method
Endpoint
Auth
Description
GET
/api/analytics/summary
JWT
Org-level analytics summary
GET
/api/analytics/teams
JWT
Team comparison metrics
GET
/api/analytics/kpis
JWT
Key performance indicators
GET
/api/analytics/resource/:userId
JWT
Resource utilisation for a user
GET
/api/search
JWT
Global search across all resources
GET
/api/health
none
API health check
External API — Machine-to-machine integrations
1
Create an API key in Settings → API Keys and select the relevant scope (attendance, timesheets, or projects).
2
Pass the key as x-api-key: <your-key> on every request. No Bearer token needed.
3
Requests are scoped to your organisation automatically — no tenant headers required.
🔌External API — Biometric
Method
Endpoint
Auth
Description
POST
/api/external/biometric/punch
API Key
Record a punch (in or out)
POST
/api/external/biometric/check-in
API Key
Check employee in
POST
/api/external/biometric/check-out
API Key
Check employee out
GET
/api/external/biometric/status
API Key
Get employee attendance status
POST
/api/external/biometric/bulk-punch
API Key
Bulk punch (batch from device)
🔌External API — Timesheets
Method
Endpoint
Auth
Description
POST
/api/external/timesheets
API Key
Log a timesheet entry
POST
/api/external/timesheets/bulk
API Key
Bulk import timesheet entries
GET
/api/external/timesheets
API Key
List timesheet entries
GET
/api/external/timesheets/projects
API Key
List available projects
GET
/api/external/timesheets/:id
API Key
Get a timesheet entry
PATCH
/api/external/timesheets/:id
API Key
Update an entry
DELETE
/api/external/timesheets/:id
API Key
Delete an entry
🔌External API — Projects & Tasks
Method
Endpoint
Auth
Description
GET
/api/external/projects
API Key
List projects
GET
/api/external/projects/:id
API Key
Get a project
POST
/api/external/projects
API Key
Create a project
PATCH
/api/external/projects/:id
API Key
Update a project
DELETE
/api/external/projects/:id
API Key
Delete a project
GET
/api/external/projects/:id/tasks
API Key
List tasks in project
POST
/api/external/projects/:id/tasks
API Key
Create task in project
GET
/api/external/tasks
API Key
List tasks
GET
/api/external/tasks/:id
API Key
Get a task
POST
/api/external/tasks
API Key
Create a task
PATCH
/api/external/tasks/:id
API Key
Update a task
DELETE
/api/external/tasks/:id
API Key
Delete a task
Need help integrating?
We're happy to help
Our team can walk you through the API, help with custom integrations, or point you to the right endpoint for your use case.
💬Comments