API Reference
Overview

API Overview

Sunday exposes a RESTful API for all operations. All endpoints are under /api/.

Base URL

http://localhost:3000/api

In production:

https://your-domain.com/api

Authentication

Most endpoints require a valid JWT token in the Authorization header:

Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

Get a token via the /api/auth/signin endpoint.

Request Format

All POST/PATCH requests should use JSON:

Content-Type: application/json

Response Format

Responses are JSON with consistent structure:

Success Response

{
  "success": true,
  "data": { ... }
}

Error Response

{
  "error": "Error message",
  "details": ["Field-specific errors"]
}

HTTP Status Codes

CodeMeaning
200Success
201Created
400Bad Request (validation error)
401Unauthorized (invalid/missing token)
403Forbidden (insufficient permissions)
404Not Found
429Too Many Requests (rate limited)
500Internal Server Error

Rate Limiting

API endpoints are rate limited to prevent abuse:

Endpoint TypeLimitWindow
Auth endpoints5 requests1 minute
Sensitive operations10 requests1 minute
General API60 requests1 minute

Rate limit headers are included in responses:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 58
X-RateLimit-Reset: 2025-01-15T12:00:00.000Z

When rate limited, you'll receive:

HTTP/1.1 429 Too Many Requests
Retry-After: 45
 
{
  "error": "Too many requests",
  "message": "Rate limit exceeded. Please try again later."
}

Validation

All inputs are validated using Zod schemas. Invalid requests return 400 with details:

{
  "error": "Validation failed",
  "details": [
    {
      "path": ["email"],
      "message": "Invalid email format"
    }
  ]
}

Pagination

List endpoints support pagination:

GET /api/tasks?page=1&limit=20

Response includes:

{
  "data": [...],
  "pagination": {
    "page": 1,
    "limit": 20,
    "total": 150,
    "totalPages": 8
  }
}

API Endpoints

Authentication

  • POST /api/auth/signup - Create account
  • POST /api/auth/signin - Sign in
  • POST /api/auth/forgot-password - Request reset
  • POST /api/auth/reset-password - Reset password
  • GET /api/auth/verify-email - Verify email
  • GET /api/auth/me - Get current user

Boards

  • GET /api/boards - List boards
  • POST /api/boards - Create board
  • GET /api/boards/:id - Get board
  • PATCH /api/boards/:id - Update board
  • DELETE /api/boards/:id - Delete board
  • POST /api/boards/:id/invite - Invite member

Tasks

  • GET /api/tasks - List tasks
  • POST /api/tasks - Create task
  • GET /api/tasks/:id - Get task
  • PATCH /api/tasks/:id - Update task
  • DELETE /api/tasks/:id - Delete task

Workspaces

  • GET /api/workspaces - List workspaces
  • POST /api/workspaces - Create workspace
  • PATCH /api/workspaces/:id - Update workspace
  • DELETE /api/workspaces/:id - Delete workspace
Search & FilteringAuthentication