AAayu
← All topics· Integrations

Public API access

Mint API keys, scopes, available endpoints.

The Pro plan exposes /api/v1/* for read-only access to projects, IPCs, POs, vendors, and the audit log, plus a write scope for marking payments. Mint keys at Settings → API keys.

Authentication

Bearer token in Authorization. The cleartext key is shown once on creation; we store only the SHA-256 hash. Lose it and you'll need to revoke + re-mint.

Scopes

  • read:projects — list + detail under /api/v1/projects
  • read:ipcs — same shape for IPCs
  • read:pos — POs
  • read:vendors — vendors
  • read:audit — audit log paginated, with hash chain
  • write:payments — mark IPCs paid (single endpoint)

Rate limits

Per-key token bucket: 60 req/min sustained, 120 burst. 429 with Retry-After header when exceeded.

OpenAPI

Spec lives at /api/v1/_openapi.json — point a Postman / Insomnia / Bruno workspace at it for a typed playground.

Anything missing here? Email support — include the URL and your firm name.