Product
Start free
API reference

One API. Every screen. Your scripts too.

Everything the app does, the API does. Documented as OpenAPI; the same endpoints your frontend uses are the ones you can script against.

Base URL

https://api.product-starter.xyz

Authentication

Authentication is session-cookie based. Sign in at app.product-starter.xyz/login to receive a session cookie, then make API calls from the same origin (or any origin with credentials forwarded). Server-to-server calls should use an API token — see the personal-access-token section in the docs for issuing one.

Response shape

All responses are JSON. List endpoints return a cursor-paginated envelope: 

{
  "items": [...],
  "nextCursor": "tsk_…" | null
}

Errors return a non-2xx status and a JSON body with a message and optional code. Validation errors include a details array describing the offending fields.

Tasks

Create, list, fetch, update, and delete tasks. Includes custom-field payloads.

  • GET /api/tasks
  • POST /api/tasks
  • GET /api/tasks/{id}
  • PATCH /api/tasks/{id}
  • DELETE /api/tasks/{id}

Sessions

Look up the authenticated user. Authentication itself is handled at /api/auth/*.

  • GET /api/session
The full OpenAPI specification is served live at https://api.product-starter.xyz/openapi.json — drop it into any compatible tool (Stoplight, Postman, Insomnia, generated SDKs) for a deeper interactive reference.