REST API Reference

All API routes live under https://asistry.com/api/. Requests require a valid Supabase session token in the Authorization header.

Authentication

Authorization: Bearer <supabase-access-token>

# Get your token after sign-in:
const { data: { session } } = await supabase.auth.getSession()
const token = session.access_token

Rate limits

Route group	Limit	Window
Tasks (write)	`200 requests`	60 seconds
Cron jobs (write)	`60 requests`	60 seconds
TTS	`20 requests`	60 seconds
LLM / chat	`30 requests`	60 seconds
Default	`100 requests`	60 seconds

Exceeded limits return HTTP 429 with a Retry-After header.

Tasks

GET

/api/tasks

List tasks. Query params: status, assignee, board_id, limit.

POST

/api/tasks

Create a task. Body: title, status, board_id, assignee, labels, priority.

GET

/api/tasks/[id]

Get a single task by ID.

PATCH

/api/tasks/[id]

Update task fields (status, assignee, title, description, etc.).

DELETE

/api/tasks/[id]

Delete a task.

GET

/api/tasks/stats

Aggregate stats for the current user's boards.

Create task example

POST /api/tasks
Content-Type: application/json

{
  "title": "Summarise inbox",
  "status": "todo",
  "assignee": "jarvis",
  "labels": ["feature", "agents"],
  "priority": "medium"
}

// Response: 201
{
  "task": {
    "id": "uuid",
    "title": "Summarise inbox",
    "status": "todo",
    ...
  }
}

Cron Jobs

GET

/api/cron

List cron jobs for the current user.

POST

/api/cron

Create a cron job.

GET

/api/cron/[id]

Get a single cron job.

PATCH

/api/cron/[id]

Update a cron job (schedule, enabled, payload).

DELETE

/api/cron/[id]

Delete a cron job.

POST

/api/cron/[id]/run

Trigger a cron job to run immediately.

Notes

GET

/api/notes

List notes for the current user.

POST

/api/notes

Create a note.

PATCH

/api/notes/[id]

Update note content.

DELETE

/api/notes/[id]

Delete a note.

Error responses

// 400 Bad Request
{ "error": "title is required" }

// 401 Unauthorized
{ "error": "Unauthorized" }

// 403 Forbidden  
{ "error": "Forbidden" }

// 404 Not Found
{ "error": "Task not found" }

// 429 Rate limit exceeded
{ "error": "Rate limit exceeded", "retryAfterMs": 12000 }

// 500 Internal Server Error
{ "error": "Internal server error" }

Route group

Limit

Window

Tasks (write)

200 requests

60 seconds

Cron jobs (write)

60 requests

60 seconds

TTS

20 requests

60 seconds

LLM / chat

30 requests

60 seconds

Default

100 requests

60 seconds

Tasks

GET

/api/tasks

List tasks. Query params: status, assignee, board_id, limit.

POST

/api/tasks

Create a task. Body: title, status, board_id, assignee, labels, priority.

GET

/api/tasks/[id]

Get a single task by ID.

PATCH

/api/tasks/[id]

Update task fields (status, assignee, title, description, etc.).

DELETE

/api/tasks/[id]

Delete a task.

GET

/api/tasks/stats

Aggregate stats for the current user's boards.

Create task example

POST /api/tasks Content-Type: application/json { "title": "Summarise inbox", "status": "todo", "assignee": "jarvis", "labels": ["feature", "agents"], "priority": "medium" } // Response: 201 { "task": { "id": "uuid", "title": "Summarise inbox", "status": "todo", ... } }

Error responses

// 400 Bad Request { "error": "title is required" } // 401 Unauthorized { "error": "Unauthorized" } // 403 Forbidden { "error": "Forbidden" } // 404 Not Found { "error": "Task not found" } // 429 Rate limit exceeded { "error": "Rate limit exceeded", "retryAfterMs": 12000 } // 500 Internal Server Error { "error": "Internal server error" }