Skip to main content

API Overview

Developers6 min read

The SiteHut REST API lets you integrate with workspaces programmatically: projects, tasks, finances, directory, files, and more. The web app uses the same API with JWT sessions; server integrations may use API keys where your role allows.

Base URL

All requests use HTTPS. The API is mounted under the /api/ prefix on your environment's host.

Production (example):

https://api.sitehut.app/api/

Replace the host if your organisation uses a custom API endpoint. There is no /v1 segment—paths begin with /api/.

Interactive docs (OpenAPI)

When enabled on the server, browse the live schema and try requests:

ResourcePath
OpenAPI schemaGET /api/schema/
Swagger UIGET /api/docs/

Use the same host as your API (e.g. https://api.sitehut.app/api/docs/).

Authentication

JWT (browser and scripts)

  1. Obtain tokens with your credentials (POST /api/auth/token/—field names match your login flow).
  2. Send the access token on each request:
Authorization: Bearer <access_token>
  1. Refresh with POST /api/auth/token/refresh/ when the access token expires.

API keys

Workspace and user keys are created in the app—see Integrations and Account settings. Store secrets outside source control; rotate if leaked. Header format is shown in /api/docs/ for your deployment.

Workspace context

Scoped requests usually need the active workspace. The web client sends:

X-Workspace-Id: <numeric id>
X-Workspace-Slug: <slug>

Send the same headers in integrations. Some routes also embed the workspace slug in the URL path.

Examples

Health check (no auth):

curl -sS "https://api.sitehut.app/api/healthz/"

Authenticated request (replace placeholders):

curl -sS -H "Authorization: Bearer $ACCESS_TOKEN" \
-H "X-Workspace-Id: $WORKSPACE_ID" \
-H "X-Workspace-Slug: $WORKSPACE_SLUG" \
"https://api.sitehut.app/api/auth/me/"

Rate limits

The API may return 429 Too Many Requests. Back off and reduce concurrency; contact support@sitehut.app if you need higher limits for a server integration.