Overview
App
Items
- POSTCreates a new item within a container.
- POSTDuplicates an existing item within the same container.
- POSTAdds a parent-child dependency between two items.
- POSTRemoves an item from its dependency tree, making it a standalone item that retains its children.
- POSTExecutes a filter query against items and returns paginated results.
- POSTFinds items by container ID and/or sequence number.
- POSTLists items in a container with optional filtering and pagination.
- POSTSearches for items matching a keyword across one or more containers, filtered by user permissions.
- POSTLists items assigned to a specific resource (user or job role).
- POSTReturns the screen layout definition for adding or updating an item, including field definitions and workflow states.
- DELDeletes an item by its identifier.
- POSTRetrieves a single item by its identifier, returning an empty item if the user lacks permission.
- PUTUpdates an existing item.
- GETRetrieves the full dependency tree for an item, filtered to items the user can see.
- POSTSends an outbound ticket reply as an annotation on an item.
Boards
- GETLists all boards visible to the current user.
- POSTCreates a new board.
- GETLists all cycles across all boards.
- GETReturns a portfolio-level summary across all boards: aggregate metrics and per-board health, financials, item counts, cycle counts, and status distribution.
- GETReturns item count statistics grouped by board.
- GETLists all cycles for a specific board.
- POSTCreates a new cycle on the specified board.
- DELDeletes a cycle by ID, only if it belongs to the specified board.
- GETRetrieves a single cycle by ID within a board.
- PUTUpdates an existing cycle, and automatically approves all item time entries if the cycle is being closed.
- GETLists all items assigned to a specific cycle within a board.
- DELDeletes a board by ID.
- GETRetrieves a single board by ID.
- PUTUpdates an existing board.
- GETReturns item count statistics grouped by cycle.
Containers
- GETLists all areas for the current tenant.
- POSTCreates a new area (super admin only).
- PUTUpdates an existing area.
- DELDeletes an area by its identifier (super admin only).
- GETRetrieves a single area by its identifier.
- GETLists all containers the current user has view permission for.
- POSTCreates a new container.
- PUTUpdates an existing container.
- GETLists all filters for a container.
- POSTCreates a new filter within a container.
- DELDeletes a filter from a container.
- GETRetrieves a single filter within a container.
- PUTUpdates an existing filter within a container.
- DELDeletes a container by its identifier.
- GETRetrieves a single container by its identifier.
- POSTRe-sequences item numbers within a container.
- GETLists all labels for the current tenant.
- POSTCreates a new label (super admin only).
- PUTUpdates an existing label (super admin only).
- DELDeletes a label by its identifier (super admin only).
- GETRetrieves a single label by its identifier.
Users
- GETLists all user groups for the current tenant, ordered by name.
- POSTCreates a new custom user group (super admin only).
- PUTUpdates an existing user group (super admin only, system groups cannot be deleted via update).
- DELDeletes a custom user group by its identifier (super admin only, system groups cannot be deleted).
- GETRetrieves a single user group by its identifier.
- GETLists all users for the current tenant.
- POSTCreates a new user (super admin only).
- PUTUpdates an existing user (non-admins can only update their own record).
- DELDeletes a user by their identifier (super admin only).
- GETRetrieves a single user by their identifier (non-admins can only retrieve their own record).
Time
Finance
- GETLists all cost centers for the current tenant.
- POSTCreates a new cost center.
- PUTUpdates an existing cost center.
- DELDeletes a cost center by its identifier.
- GETRetrieves a single cost center by its identifier.
- GETLists all CRM records for the current tenant.
- POSTCreates a new CRM record.
- PUTUpdates an existing CRM record.
- DELDeletes a CRM record by its identifier.
- GETRetrieves a single CRM record by its identifier.
- GETLists all non-billable codes for the current tenant.
- POSTCreates a new non-billable code.
- DELDeletes a non-billable code by its identifier.
- GETRetrieves a single non-billable code by its identifier.
- PUTUpdates an existing non-billable code.
- GETLists all budget reason codes for the current tenant.
- POSTCreates a new budget reason code.
- PUTUpdates an existing budget reason code.
- DELDeletes a budget reason code by its identifier.
- GETRetrieves a single budget reason code by its identifier.
- GETLists all job roles for the current tenant.
- POSTCreates a new job role.
- PUTUpdates an existing job role.
- DELDeletes a job role by its identifier.
- GETRetrieves a single job role by its identifier.
- GETLists all SKUs for the current tenant.
- POSTCreates a new SKU.
- PUTUpdates an existing SKU.
- DELDeletes a SKU by its identifier.
- GETRetrieves a single SKU by its identifier.
Data & Fields
- GETLists all constraints for the current tenant.
- POSTCreates a new constraint.
- GETLists all constraints that belong to a specific container.
- DELDeletes a constraint by its identifier.
- GETRetrieves a single constraint by its identifier.
- PUTUpdates an existing constraint.
- GETReturns the complete collection of core and custom fields for the current tenant.
- POSTCreates a new custom date field.
- PUTUpdates an existing custom date field.
- POSTCreates a new custom decimal field.
- PUTUpdates an existing custom decimal field.
- POSTCreates a new custom integer field.
- PUTUpdates an existing custom integer field.
- POSTCreates a new custom list (dropdown) field.
- PUTUpdates an existing custom list (dropdown) field.
- PUTUpdates the list values (and default-value pointer) of a list field.
- POSTCreates a new custom percent field.
- PUTUpdates an existing custom percent field.
- POSTCreates a new custom picker field.
- PUTUpdates an existing custom picker field.
- POSTCreates a new custom text field.
- PUTUpdates an existing custom text field.
- POSTCreates a new custom time field.
- PUTUpdates an existing custom time field.
- POSTCreates a new custom toggle (boolean) field.
- PUTUpdates an existing custom toggle (boolean) field.
- GETLists all content templates for the current tenant.
- POSTCreates a new content template.
- PUTUpdates an existing content template.
- DELDeletes a content template by its identifier.
- GETRetrieves a single content template by its identifier.
Workflow
- GETLists all business clock configurations for the current tenant.
- POSTCreates a new business clock configuration.
- DELDeletes a business clock configuration by identifier.
- GETRetrieves a single business clock configuration by identifier.
- PUTUpdates an existing business clock configuration.
- GETLists all workflow process configurations for the current tenant.
- POSTCreates a new workflow process configuration.
- GETReturns item count statistics grouped by process type.
- DELDeletes a workflow process and removes it from all containers.
- GETRetrieves a single workflow process configuration by identifier.
- PUTUpdates an existing workflow process and synchronizes field removals across all containers.
- GETLists all automation rule configurations for the current tenant.
- POSTCreates a new automation rule configuration.
- PUTUpdates an existing automation rule configuration.
- DELDeletes an automation rule configuration by identifier.
- GETRetrieves a single automation rule configuration by identifier.
Auth
- GETLists all access control rules for the current tenant.
- POSTCreates a new access control area with default roles (View, Add, Manage, Change, Delete).
- PUTUpdates an existing access control rule.
- DELDeletes an access control rule by its identifier.
- GETRetrieves a single access control rule by its identifier.
- GETReturns the public Entra ID configuration (tenant ID, app ID) needed by the front-end MSAL login flow.
- GETRetrieves the Microsoft Entra ID authentication configuration for the current tenant.
- PUTUpdates the Microsoft Entra ID authentication configuration for the current tenant.
- GETRetrieves the forms-based authentication configuration for the current tenant.
- PUTUpdates the forms-based authentication configuration for the current tenant.
Insights & Reports
- POSTReturns billable item data for the specified reporting period.
- POSTReturns a per-user summary of logged time for the specified reporting period.
- POSTReturns detailed timesheet entries for a specific user and reporting period.
- POSTReturns profitability data for the specified reporting period.
- POSTReturns detailed profitability drilldown data for a specific item or grouping.
- POSTReturns board cycle time risk analysis for the specified reporting period.
- POSTReturns work estimate versus time logged risk data for the specified reporting period.
- POSTReturns time code distribution data for the specified reporting period.
- POSTReturns a weekly summary of logged time for the specified reporting period.
Notifications
- GETLists all scheduled notification configurations for the current tenant.
- POSTCreates a new scheduled notification configuration.
- PUTUpdates an existing scheduled notification configuration.
- DELDeletes a notification configuration by identifier.
- GETRetrieves a single notification configuration by identifier.
Mailbox
- GETRetrieves the general mail settings including signature and stop lists.
- PUTReplaces the general mail settings with the provided configuration.
- PUTAdds a domain or subject to the mail block list.
- GETLists all mailbox configurations with decrypted credentials.
- POSTCreates a new mailbox configuration, encrypting credentials before storage.
- DELDeletes a mailbox configuration by identifier.
- GETRetrieves a single mailbox configuration by identifier with decrypted credentials.
- PUTUpdates an existing mailbox configuration, encrypting credentials before storage.
- GETTests connectivity to the mail server for the specified mailbox.
- GETLists all ticketing configurations for the current tenant.
- POSTCreates a new ticketing configuration for processing incoming email into tickets.
- DELDeletes a ticketing configuration by identifier.
- GETRetrieves a single ticketing configuration by identifier.
- PUTUpdates an existing ticketing configuration.
- GETRuns a test ticketing cycle for the specified configuration to verify end-to-end processing.
Docs
- POSTCreates a new document and initializes its empty content record.
- DELDeletes a document by its identifier.
- GETRetrieves a single document by its identifier.
- PUTUpdates an existing document by its identifier.
- GETRetrieves the content body of a document.
- PUTUpdates the content body of a document.
- GETLists all document folders visible to the current user.
- POSTCreates a new document folder.
- DELDeletes a document folder by its identifier.
- GETRetrieves a single document folder by its identifier.
- PUTUpdates an existing document folder by its identifier.
- GETLists all active documents within a specific folder, filtered by user permissions.
Files & Storage
- GETDownloads a file's binary content from cloud storage.
- POSTUploads a single file and attaches it to the specified owner entity. Returns the created DataFile record so callers (CLI / SDK / migration scripts) can capture the new file id without a follow-up list-and-filter call.
- DELDeletes a file and removes its blob from cloud storage.
- GETRetrieves a single file's metadata by its identifier. Useful when you have the file id (e.g. from an upload response) and want to verify existence or fetch metadata without listing the owner's full file list.
- GETLists all files attached to a specific owner, filtered by the current user's view permissions.
Links, Annotations & Watch
- POSTCreates a new annotation on the specified owner entity.
- GETLists all annotations belonging to a specific owner, ordered by creation date ascending.
- GETReturns the list of supported annotation content types.
- DELDeletes an annotation by its identifier.
- GETRetrieves a single annotation by its identifier.
- PUTUpdates an existing annotation by its identifier.
- POSTCreates a new link between two entities.
- DELDeletes a link by its identifier.
- GETRetrieves all resolved links for a given entity, including linked item details.
- POSTCreates a new watch (pin or subscription) on an entity for a watcher.
- GETLists all watches for a specific owner entity (e.g. Container, Board, Item).
- GETLists all watches created by a specific watcher (e.g. User, Email, User Group).
- DELDeletes a watch by its identifier.
- GETRetrieves a single watch by its identifier.
- PUTUpdates an existing watch by its identifier.
Tenant & Settings
- GETLists all API keys for the current tenant (most recently created first). Hashes are stripped from the returned records; only the display prefix and metadata are visible.
- POSTMints a new API key. The full plaintext key is returned in the response EXACTLY ONCE. The caller must capture and store it immediately -- there is no way to retrieve it later.
- DELRevokes an API key. Soft-delete -- the row is preserved for audit; the key stops working immediately. Idempotent: revoking an already-revoked key is a no-op.
- GETRetrieves the webhook configuration for the current tenant.
- PUTUpdates the webhook configuration for the current tenant.
- GETLists all application settings for the current tenant.
- POSTCreates a new application setting.
- PUTUpdates an existing application setting.
- DELDeletes an application setting by identifier.
- GETRetrieves a single application setting by identifier.
- PUTUpdates the current tenant's profile information such as name, locale, and admin contact details.
- GETRetrieves the AI provider configuration for the current tenant. Hidden from the SDK/CLI because the response shape carries provider API keys; AI config is tenant infrastructure, not customer data ops or migration scope.
- PUTUpdates the AI provider configuration for the current tenant. Hidden from the SDK/CLI because the payload carries provider API keys; AI config is tenant infrastructure, not customer data ops or migration scope. Configure AI through the admin UI instead.
Planning
- GETReturns the count of unplanned items per board the user can view. Lightweight endpoint for badge display.
- GETReturns unplanned items across the board's whitelisted containers. Items without a board/cycle assignment that the user can see.
- GETCalculates capacity for a board cycle: per-resource hours, utilization, and aggregates.
- GETReturns a resource-by-cycle utilization heatmap for a board.
- POSTAI planning assistant. Accepts a question and returns suggestions for item planning. Uses read-only MCP tools — cannot mutate data.
- POSTNOT USED: Auto-schedule frontend has been removed as part of the Board Revamp. This endpoint is retained for potential future use. Suggests optimal resource assignments for backlog items using greedy capacity balancing. Read-only — does not mutate data.
- POSTBatch-plans items into a cycle. All-or-nothing: if any item fails validation, none are saved.
- POSTMoves an item from one cycle to another within the same board. Updates ordering in both source and target cycles.
- POSTReplaces the item ordering within a cycle.
- POSTRemoves an item from a board and cycle, returning it to the backlog.
Mints a new API key. The full plaintext key is returned in the response EXACTLY ONCE.
The caller must capture and store it immediately -- there is no way to retrieve it later.
curl --request POST \
--url https://{tenant}.ekso.app/api/admin/api-key \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"name": "<string>",
"expiresAt": "2023-11-07T05:31:56Z"
}
'Tenant & Settings
Mints a new API key. The full plaintext key is returned in the response EXACTLY ONCE. The caller must capture and store it immediately -- there is no way to retrieve it later.
POST
/
api
/
admin
/
api-key
Mints a new API key. The full plaintext key is returned in the response EXACTLY ONCE.
The caller must capture and store it immediately -- there is no way to retrieve it later.
curl --request POST \
--url https://{tenant}.ekso.app/api/admin/api-key \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"name": "<string>",
"expiresAt": "2023-11-07T05:31:56Z"
}
'Authorizations
JWT Bearer token. Obtain via the OAuth 2.0 token endpoint.
Body
application/jsonapplication/*+json
Name (required) and optional ExpiresAt.
Response
Key minted. Capture the RawKey field NOW.
Lists all API keys for the current tenant (most recently created first). Hashes are
stripped from the returned records; only the display prefix and metadata are visible.
Previous
Revokes an API key. Soft-delete -- the row is preserved for audit; the key stops
working immediately. Idempotent: revoking an already-revoked key is a no-op.
Next
⌘I