Files
fizzy/docs/api/README.md
T
Mike Dalessio e70047ca0f Default development environment to app.fizzy.localhost (#2822)
Using fizzy.localhost causes CORS errors when using minio for Active
Storage because the minio endpoint is at minio.fizzy.localhost — a
sibling subdomain, not a subdomain of the app host. Switching to
app.fizzy.localhost makes both hosts subdomains of fizzy.localhost,
resolving the CORS issue. See #2814 for the related minio CORS fix.

fizzy.localhost will continue to work if people want to use it, but all
docs and scripts have been updated to point to app.fizzy.localhost.
2026-04-09 12:43:01 -04:00

151 lines
4.9 KiB
Markdown

# Fizzy API
Fizzy has an API that allows you to integrate your application with it or to create
a bot to perform various actions for you.
## API Endpoints
- [Authentication](sections/authentication.md)
- [Identity](sections/identity.md)
- [Account](sections/account.md)
- [Boards](sections/boards.md)
- [Columns](sections/columns.md)
- [Cards](sections/cards.md)
- [Pins](sections/pins.md)
- [Steps](sections/steps.md)
- [Comments](sections/comments.md)
- [Reactions](sections/reactions.md)
- [Tags](sections/tags.md)
- [Users](sections/users.md)
- [Activities](sections/activities.md)
- [Notifications](sections/notifications.md)
- [Rich Text](sections/rich_text.md)
- [Exports](sections/exports.md)
- [Webhooks](sections/webhooks.md)
## Authentication
There are two ways to authenticate with the Fizzy API:
1. **Personal access tokens** - Long-lived tokens for scripts and integrations
2. **Magic link authentication** - Session-based authentication for native apps
Read the [authentication guide](sections/authentication.md) to get started.
## Caching
Most endpoints return [ETag](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/ETag) and [Cache-Control](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control) headers. You can use these to avoid re-downloading unchanged data.
### Using ETags
When you make a request, the response includes an `ETag` header:
```
HTTP/1.1 200 OK
ETag: "abc123"
Cache-Control: max-age=0, private, must-revalidate
```
On subsequent requests, include the ETag value in the `If-None-Match` header:
```
GET /1234567/cards/42.json
If-None-Match: "abc123"
```
If the resource hasn't changed, you'll receive a `304 Not Modified` response with no body, saving bandwidth and processing time:
```
HTTP/1.1 304 Not Modified
ETag: "abc123"
```
If the resource has changed, you'll receive the full response with a new ETag.
__Example in Ruby:__
```ruby
# Store the ETag from the response
etag = response.headers["ETag"]
# On next request, send it back
headers = { "If-None-Match" => etag }
response = client.get("/1234567/cards/42.json", headers: headers)
if response.status == 304
# Nothing to do, the card hasn't changed
else
# The card has changed, process the new data
end
```
## Error Responses
When a request fails, the API response will communicate the source of the problem through the HTTP status code.
| Status Code | Description |
|-------------|-------------|
| `400 Bad Request` | The request was malformed or missing required parameters |
| `401 Unauthorized` | Authentication failed or access token is invalid |
| `403 Forbidden` | You don't have permission to perform this action |
| `404 Not Found` | The requested resource doesn't exist or you don't have access to it |
| `422 Unprocessable Entity` | Validation failed (see error response format above) |
| `500 Internal Server Error` | An unexpected error occurred on the server |
If a request contains invalid data for fields, such as entering a string into a number field, in most cases the API will respond with a `500 Internal Server Error`. Clients are expected to perform some validation on their end before making a request.
A validation error will produce a `422 Unprocessable Entity` response, which will sometimes be accompanied by details about the error:
```json
{
"avatar": ["must be a JPEG, PNG, GIF, or WebP image"]
}
```
## Pagination
All endpoints that return a list of items are paginated. The page size can vary from endpoint to endpoint,
and we use a dynamic page size where initial pages return fewer results than later pages.
If there are more results to fetch, the response will include a `Link` header with a `rel="next"` link to the next page of results:
```bash
curl -H "Authorization: Bearer put-your-access-token-here" -H "Accept: application/json" -v http://app.fizzy.localhost:3006/686465299/cards
# ...
< link: <http://app.fizzy.localhost:3006/686465299/cards?page=2>; rel="next"
# ...
```
## List parameters
When an endpoint accepts a list of values as a parameter, you can provide multiple values by repeating the parameter name:
```
?tag_ids[]=tag1&tag_ids[]=tag2&tag_ids[]=tag3
```
List parameters always end with `[]`.
## File Uploads
Some endpoints accept file uploads. To upload a file, send a `multipart/form-data` request instead of JSON.
You can combine file uploads with other parameters in the same request.
__Example using curl:__
```bash
curl -X PUT \
-H "Authorization: Bearer put-your-access-token-here" \
-F "user[name]=David H. Hansson" \
-F "user[avatar]=@/path/to/avatar.jpg" \
http://app.fizzy.localhost:3006/686465299/users/03f5v9zjw7pz8717a4no1h8a7
```
## Rich Text Fields
Some fields accept rich text content. These fields accept HTML input, which will be sanitized to remove unsafe tags and attributes.
See the [rich text guide](sections/rich_text.md) for more information, including how to attach files to rich text fields using the direct upload flow.