Skip to main content

SiteHut API Overview

The SiteHut REST API lets you integrate with workspaces programmatically: projects, tasks, finances, directory, files, and more. The web app uses the same API with JWT sessions; integrations may use API keys where your workspace allows them.

Base URL

All requests use HTTPS. The API is mounted under the /api/ prefix on your environment’s host.

Production (example):

https://api.sitehut.app/api/

Replace the host if your organisation uses a custom API endpoint. There is no /v1 segment in the current layout—paths begin with /api/.

Interactive docs (OpenAPI)

When enabled on the server, you can browse the live schema and try requests:

  • OpenAPI schema: GET /api/schema/
  • Swagger UI: GET /api/docs/

Use these on the same host as your API (e.g. https://api.sitehut.app/api/docs/).

Authentication

JWT (browser and scripts)

  1. Obtain a pair of tokens with your credentials (see POST /api/auth/token/ in the schema—field names match your login flow, typically email/username and password).
  2. Send the access token on each request:
Authorization: Bearer <access_token>
  1. Refresh with POST /api/auth/token/refresh/ using the refresh token when the access token expires.

API keys

Workspace and user API keys may be available under Settings depending on role and subscription. Keys are created and revoked in the app; send them using the header format shown in /api/docs/ for your deployment (often Authorization: Api-Key plus the secret).

Always store keys outside source control and rotate them if leaked.

Workspace context

After authentication, scoped requests usually need the active workspace. The web client sends:

X-Workspace-Id: <numeric id>
X-Workspace-Slug: <slug>

Use the same headers in integrations so the API knows which workspace to use. Some routes also embed the workspace slug in the URL path.

Example: health check

No auth required:

curl -sS "https://api.sitehut.app/api/healthz/"

Example: authenticated request

Replace placeholders with a real token and workspace:

curl -sS -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "X-Workspace-Id: $WORKSPACE_ID" \
  -H "X-Workspace-Slug: $WORKSPACE_SLUG" \
  "https://api.sitehut.app/api/auth/me/"

Exact paths and payloads are defined in /api/schema/—prefer that as the source of truth as endpoints evolve.

Rate limits

The API may throttle anonymous and authenticated traffic. If you receive 429 Too Many Requests, back off and reduce concurrency; contact support if you need higher limits for a server-side integration.

In-app: Configure integrations under Settings → Workspace Settings where your role allows.