API Overview
The SiteHut REST API lets you integrate with workspaces programmatically: projects, tasks, finances, directory, files, and more. The web app uses the same API with JWT sessions; server integrations may use API keys where your role allows.
Base URL
All requests use HTTPS. The API is mounted under the /api/ prefix on your environment's host.
Production (example):
https://api.sitehut.app/api/
Replace the host if your organisation uses a custom API endpoint. There is no /v1 segment—paths begin with /api/.
Interactive docs (OpenAPI)
When enabled on the server, browse the live schema and try requests:
| Resource | Path |
|---|---|
| OpenAPI schema | GET /api/schema/ |
| Swagger UI | GET /api/docs/ |
Use the same host as your API (e.g. https://api.sitehut.app/api/docs/).
Authentication
JWT (browser and scripts)
- Obtain tokens with your credentials (
POST /api/auth/token/—field names match your login flow). - Send the access token on each request:
Authorization: Bearer <access_token>
- Refresh with
POST /api/auth/token/refresh/when the access token expires.
API keys
Workspace and user keys are created in the app—see Integrations and Account settings. Store secrets outside source control; rotate if leaked. Header format is shown in /api/docs/ for your deployment.
Workspace context
Scoped requests usually need the active workspace. The web client sends:
X-Workspace-Id: <numeric id>
X-Workspace-Slug: <slug>
Send the same headers in integrations. Some routes also embed the workspace slug in the URL path.
Examples
Health check (no auth):
curl -sS "https://api.sitehut.app/api/healthz/"
Authenticated request (replace placeholders):
curl -sS -H "Authorization: Bearer $ACCESS_TOKEN" \
-H "X-Workspace-Id: $WORKSPACE_ID" \
-H "X-Workspace-Slug: $WORKSPACE_SLUG" \
"https://api.sitehut.app/api/auth/me/"
Rate limits
The API may return 429 Too Many Requests. Back off and reduce concurrency; contact support@sitehut.app if you need higher limits for a server integration.