Skip to content

API Endpoints Reference

This document provides a comprehensive reference of all available API endpoints in the Rego backend.

Base URL

http://localhost:8000

All endpoints are relative to this base URL.

Authentication

Most endpoints require authentication. Include the JWT token in one of these ways:

Bearer Token (recommended): 

Authorization: Bearer <your_jwt_token>

Cookie: 

Cookie: rego_auth=<your_jwt_token>

Response Format

All responses are JSON formatted. Successful responses return the requested data. Error responses follow this structure:

{
  "detail": "Human-readable error message",
  "error_type": "ErrorClassName"
}

Authentication Endpoints

Register User

Create a new user account.

POST /auth/register

Request Body: 

{
  "email": "user@example.com",
  "username": "johndoe",
  "password": "SecurePassword123!",
  "firstname": "John",
  "lastname": "Doe"
}

Response (201): 

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "email": "user@example.com",
  "username": "johndoe",
  "firstname": "John",
  "lastname": "Doe",
  "is_active": true,
  "is_verified": false,
  "is_superuser": false
}

Login

Authenticate and receive JWT token.

POST /auth/login
Content-Type: application/x-www-form-urlencoded

Request Body: 

username=user@example.com&password=SecurePassword123!

Response (200): 

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer"
}

Logout

End the current session.

POST /auth/logout
Authorization: Bearer <token>

Response (200): 

{
  "detail": "Successfully logged out"
}

Get Current User

Retrieve authenticated user's profile.

GET /auth/me
Authorization: Bearer <token>

Response (200): 

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "email": "user@example.com",
  "username": "johndoe",
  "firstname": "John",
  "lastname": "Doe",
  "is_active": true,
  "is_verified": false,
  "is_superuser": false
}

Update Profile

Modify the current user's profile.

PATCH /auth/me
Authorization: Bearer <token>

Request Body: 

{
  "firstname": "Jonathan",
  "lastname": "Smith"
}

Response (200): Updated user object

Board Endpoints

Create Board

Create a new board. The creator is automatically added as owner.

POST /boards
Authorization: Bearer <token>

Request Body: 

{
  "title": "My Project",
  "description": "Project board for Q1 2024"
}

Response (201): 

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "title": "My Project",
  "description": "Project board for Q1 2024",
  "created_at": "2024-01-15T10:00:00Z",
  "updated_at": "2024-01-15T10:00:00Z"
}

List User's Boards

Get all boards the authenticated user is a member of.

GET /boards
Authorization: Bearer <token>

Response (200): 

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "title": "My Project",
    "description": "Project board for Q1 2024",
    "created_at": "2024-01-15T10:00:00Z",
    "updated_at": "2024-01-15T10:00:00Z"
  }
]

Get Board Details

Retrieve a board with all its columns, cards, labels, and members.

GET /boards/{board_id}
Authorization: Bearer <token>

Response (200): 

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "title": "My Project",
  "description": "Project board",
  "columns": [
    {
      "id": "...",
      "title": "To Do",
      "rank": 1000,
      "cards": [...]
    }
  ],
  "labels": [...],
  "members": [...]
}

Permissions: Requires board membership

Update Board

Update board title or description.

PATCH /boards/{board_id}
Authorization: Bearer <token>

Request Body: 

{
  "title": "Updated Project Name",
  "description": "New description"
}

Response (200): Updated board object

Permissions: Requires owner role

Delete Board

Permanently delete a board and all its data.

DELETE /boards/{board_id}
Authorization: Bearer <token>

Response (204): No content

Permissions: Requires owner role

Invite User to Board

Add a user to the board as a member.

POST /boards/{board_id}/invite
Authorization: Bearer <token>

Request Body: 

{
  "user_id": "456e7890-e89b-12d3-a456-426614174000",
  "role": "member"
}

Response (200): 

{
  "user_id": "456e7890-e89b-12d3-a456-426614174000",
  "role": "member"
}

Permissions: Requires owner role

Get Board Labels

List all labels defined for a board.

GET /boards/{board_id}/labels
Authorization: Bearer <token>

Response (200): 

[
  {
    "id": "...",
    "name": "Bug",
    "color": "#FF5733",
    "board_id": "..."
  }
]

Get Label Statistics

Get usage statistics for all labels on a board.

GET /boards/{board_id}/labels/stats
Authorization: Bearer <token>

Response (200): 

[
  {
    "label_id": "...",
    "name": "Bug",
    "color": "#FF5733",
    "card_count": 12
  }
]

Column Endpoints

Create Column

Add a new column to a board.

POST /boards/{board_id}/columns
Authorization: Bearer <token>

Request Body: 

{
  "title": "In Progress",
  "color": "#3498db",
  "is_done_column": false,
  "position": 1
}

Response (201): 

{
  "id": "...",
  "board_id": "...",
  "title": "In Progress",
  "rank": 1500,
  "color": "#3498db",
  "is_done_column": false
}

Permissions: Requires board membership

Update Column

Modify column title, color, or done status.

PATCH /columns/{column_id}
Authorization: Bearer <token>

Request Body: 

{
  "title": "Done",
  "color": "#27ae60",
  "is_done_column": true
}

Response (200): Updated column object

Permissions: Requires board membership

Delete Column

Remove a column and all its cards.

DELETE /columns/{column_id}
Authorization: Bearer <token>

Response (204): No content

Permissions: Requires board membership

Move Column

Reorder a column to a new position.

POST /columns/{column_id}/move
Authorization: Bearer <token>

Request Body: 

{
  "position": 2
}

Response (200): Updated column object

Permissions: Requires board membership

Card Endpoints

Create Card

Add a new card to a column.

POST /boards/{board_id}/columns/{column_id}/cards
Authorization: Bearer <token>

Request Body: 

{
  "title": "Fix login bug",
  "description": "Users can't log in with special characters in password",
  "position": 0
}

Response (201): 

{
  "id": "...",
  "column_id": "...",
  "title": "Fix login bug",
  "description": "Users can't log in...",
  "rank": 500,
  "labels": [],
  "assignees": [],
  "is_completed": false,
  "is_archived": false,
  "start_date": null,
  "due_date": null,
  "created_at": "2024-01-15T10:00:00Z",
  "updated_at": "2024-01-15T10:00:00Z"
}

Permissions: Requires board membership

Get Card Details

Retrieve a card with all its data.

GET /cards/{card_id}
Authorization: Bearer <token>

Response (200): 

{
  "id": "...",
  "column_id": "...",
  "title": "Fix login bug",
  "description": "...",
  "rank": 500,
  "labels": [...],
  "assignees": [...],
  "checklists": [...],
  "attachments": [...]
}

Permissions: Requires board membership

Update Card

Modify card details.

PATCH /cards/{card_id}
Authorization: Bearer <token>

Request Body: 

{
  "title": "Fix critical login bug",
  "description": "Updated description",
  "is_completed": true,
  "due_date": "2024-02-01T00:00:00Z"
}

Response (200): Updated card object

Permissions: Requires board membership

Delete Card

Remove a card permanently.

DELETE /cards/{card_id}
Authorization: Bearer <token>

Response (204): No content

Permissions: Requires board membership

Move Card

Move a card to a different column or position.

POST /cards/{card_id}/move
Authorization: Bearer <token>

Request Body: 

{
  "column_id": "...",
  "position": 2
}

Response (200): Updated card object

Permissions: Requires board membership

Set Card Assignees

Assign users to a card.

PUT /cards/{card_id}/assignees
Authorization: Bearer <token>

Request Body: 

{
  "user_ids": [
    "456e7890-e89b-12d3-a456-426614174000",
    "789e0123-e89b-12d3-a456-426614174000"
  ]
}

Response (200): Updated card object with assignees

Permissions: Requires board membership. All users must be board members.

Add Label to Card

Apply a label to a card.

POST /cards/{card_id}/labels/{label_id}
Authorization: Bearer <token>

Response (200): Updated card object

Permissions: Requires board membership

Remove Label from Card

Remove a label from a card.

DELETE /cards/{card_id}/labels/{label_id}
Authorization: Bearer <token>

Response (200): Updated card object

Permissions: Requires board membership

Label Endpoints

Create Label

Define a new label for a board.

POST /boards/{board_id}/labels
Authorization: Bearer <token>

Request Body: 

{
  "name": "Urgent",
  "color": "#e74c3c"
}

Response (201): 

{
  "id": "...",
  "board_id": "...",
  "name": "Urgent",
  "color": "#e74c3c"
}

Permissions: Requires board membership

Update Label

Modify label name or color.

PATCH /labels/{label_id}
Authorization: Bearer <token>

Request Body: 

{
  "name": "Critical",
  "color": "#c0392b"
}

Response (200): Updated label object

Permissions: Requires board membership

Delete Label

Remove a label from the board.

DELETE /labels/{label_id}
Authorization: Bearer <token>

Response (204): No content

Permissions: Requires board membership

Checklist Endpoints

Create Checklist

Add a checklist to a card.

POST /cards/{card_id}/checklists
Authorization: Bearer <token>

Request Body: 

{
  "title": "Testing Steps"
}

Response (201): 

{
  "id": "...",
  "card_id": "...",
  "title": "Testing Steps",
  "rank": 1000,
  "items": []
}

Permissions: Requires board membership

Update Checklist

Modify checklist title.

PATCH /checklists/{checklist_id}
Authorization: Bearer <token>

Request Body: 

{
  "title": "Updated Testing Steps"
}

Response (200): Updated checklist object

Permissions: Requires board membership

Delete Checklist

Remove a checklist and all its items.

DELETE /checklists/{checklist_id}
Authorization: Bearer <token>

Response (204): No content

Permissions: Requires board membership

Move Checklist

Reorder a checklist within a card.

POST /checklists/{checklist_id}/move
Authorization: Bearer <token>

Request Body: 

{
  "position": 1
}

Response (200): Updated checklist object

Permissions: Requires board membership

Create Checklist Item

Add an item to a checklist.

POST /checklists/{checklist_id}/items
Authorization: Bearer <token>

Request Body: 

{
  "content": "Run unit tests",
  "due_date": "2024-02-01T00:00:00Z"
}

Response (201): 

{
  "id": "...",
  "checklist_id": "...",
  "content": "Run unit tests",
  "rank": 1000,
  "is_completed": false,
  "due_date": "2024-02-01T00:00:00Z",
  "assignees": []
}

Permissions: Requires board membership

Update Checklist Item

Modify item content or completion status.

PATCH /items/{item_id}
Authorization: Bearer <token>

Request Body: 

{
  "content": "Run all unit tests",
  "is_completed": true
}

Response (200): Updated item object

Permissions: Requires board membership

Delete Checklist Item

Remove an item from a checklist.

DELETE /items/{item_id}
Authorization: Bearer <token>

Response (204): No content

Permissions: Requires board membership

Move Checklist Item

Reorder an item within a checklist.

POST /items/{item_id}/move
Authorization: Bearer <token>

Request Body: 

{
  "position": 2
}

Response (200): Updated item object

Permissions: Requires board membership

Set Item Assignees

Assign users to a checklist item.

PUT /items/{item_id}/assignees
Authorization: Bearer <token>

Request Body: 

{
  "user_ids": ["456e7890-e89b-12d3-a456-426614174000"]
}

Response (200): Updated item object with assignees

Permissions: Requires board membership. All users must be board members.

Attachment Endpoints

Upload Attachment

Upload a file to a card.

POST /cards/{card_id}/attachments
Authorization: Bearer <token>
Content-Type: multipart/form-data

Request Body: Form data with file field

Response (201): 

{
  "id": "...",
  "card_id": "...",
  "name": "screenshot.png",
  "mime_type": "image/png",
  "size": 102400,
  "created_at": "2024-01-15T10:00:00Z"
}

Permissions: Requires board membership

Download Attachment

Download an attached file.

GET /attachments/{attachment_id}
Authorization: Bearer <token>

Response (200): Binary file content with appropriate headers

Permissions: Requires board membership

Delete Attachment

Remove an attachment from a card.

DELETE /attachments/{attachment_id}
Authorization: Bearer <token>

Response (204): No content

Permissions: Requires board membership

Automation Endpoints

Create Automation Rule

Define a new automation rule for a board.

POST /boards/{board_id}/automations
Authorization: Bearer <token>

Request Body: 

{
  "name": "Auto-assign bugs",
  "trigger_type": "label_added",
  "trigger_label_id": "...",
  "action_type": "assign_member",
  "action_user_id": "...",
  "is_enabled": true
}

Response (201): 

{
  "id": "...",
  "board_id": "...",
  "name": "Auto-assign bugs",
  "trigger_type": "label_added",
  "trigger_label_id": "...",
  "action_type": "assign_member",
  "action_user_id": "...",
  "is_enabled": true
}

Permissions: Requires owner role

List Board Automations

Get all automation rules for a board.

GET /boards/{board_id}/automations
Authorization: Bearer <token>

Response (200): Array of automation rule objects

Permissions: Requires board membership

Update Automation Rule

Modify an automation rule.

PATCH /automations/{rule_id}
Authorization: Bearer <token>

Request Body: 

{
  "name": "Updated rule name",
  "is_enabled": false
}

Response (200): Updated automation rule object

Permissions: Requires owner role

Delete Automation Rule

Remove an automation rule.

DELETE /automations/{rule_id}
Authorization: Bearer <token>

Response (204): No content

Permissions: Requires owner role

WebSocket Endpoints

Connect to Board

Establish WebSocket connection for real-time updates.

WS /ws/boards/{board_id}?token=<jwt_token>

Messages from server:

{
  "type": "card.created",
  "data": { ... },
  "user_id": "...",
  "timestamp": "2024-01-15T10:00:00Z"
}

Messages to server:

{
  "type": "pong"
}

Permissions: Requires board membership

Get Board Presence

List users currently viewing a board.

GET /ws/boards/{board_id}/presence
Authorization: Bearer <token>

Response (200): 

{
  "board_id": "...",
  "online_users": [
    {
      "user_id": "...",
      "username": "alice"
    }
  ]
}

Permissions: Requires board membership

User Endpoints

Get User by ID

Retrieve a user's public profile.

GET /users/{user_id}
Authorization: Bearer <token>

Response (200): 

{
  "id": "...",
  "username": "johndoe",
  "firstname": "John",
  "lastname": "Doe"
}

Search Users

Search for users by username or email.

GET /users?q=john
Authorization: Bearer <token>

Response (200): Array of user objects matching query

Health Check

Get System Health

Check status of all services.

GET /health

Response (200): 

{
  "status": "healthy",
  "environment": "development",
  "debug": true,
  "postgres": "connected",
  "redis": "connected",
  "subscriber": "running",
  "websocket": {
    "total_boards": 3,
    "total_connections": 7
  }
}

No authentication required

Error Codes

Status Code Description
200 Success
201 Created
204 No Content (successful deletion)
400 Bad Request (validation error)
401 Unauthorized (missing/invalid token)
403 Forbidden (insufficient permissions)
404 Not Found
409 Conflict (constraint violation)
422 Unprocessable Entity (validation error)
429 Too Many Requests (rate limit exceeded)
500 Internal Server Error

Rate Limiting

All endpoints are rate limited. Rate limit info is included in response headers:

RateLimit-Limit: 100
RateLimit-Remaining: 87
RateLimit-Reset: 42
Retry-After: 42

Default limits: - Read operations (GET): 100 requests/minute - Write operations (POST/PUT/PATCH/DELETE): 50 requests/minute

When rate limit is exceeded, the API returns 429 with retry information.