Developer API

REST API Documentation

Build integrations with the Gravitask REST API. Manage projects, tasks, comments, time entries, and webhooks programmatically.

Try it in the interactive API explorer

Authentication

Three authentication methods are supported depending on your use case.

API Key

Generate an API key in Settings > API & MCP in the Gravitask app. Pass it as a Bearer token in the Authorization header.

curl -H "Authorization: Bearer gt_live_YOUR_KEY" \
  https://app.gravitask.net/api/v1/projects

OAuth 2.0

For third-party applications, use the OAuth 2.0 authorization code flow with PKCE. This is the recommended method for apps that act on behalf of a user.

See the MCP setup guide for full OAuth configuration details.

Session Cookie

Used automatically by the Gravitask web application. No additional configuration required.

Quick Start

Get up and running in three steps.

1

Generate an API key

Go to Settings > API & MCP and create a new API key.

2

List your projects

GET /api/v1/projects

curl -H "Authorization: Bearer gt_live_YOUR_KEY" \
  https://app.gravitask.net/api/v1/projects
3

Create a task

POST /api/v1/tasks

curl -X POST https://app.gravitask.net/api/v1/tasks \
  -H "Authorization: Bearer gt_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "project_id": "PROJECT_ID",
    "title": "My new task",
    "description": "Created via the API"
  }'

Endpoints Reference

All endpoints are relative to https://app.gravitask.net.

Projects

MethodPath
GET/api/v1/projects

List projects

GET/api/v1/projects/:id

Get project

Tasks

MethodPath
GET/api/v1/projects/:id/tasks

List tasks

GET/api/v1/tasks/:id

Get task (supports short IDs like GRV-42)

POST/api/v1/tasks

Create task

PATCH/api/v1/tasks/:id

Update task

DELETE/api/v1/tasks/:id

Delete task

POST/api/v1/tasks/:id/complete

Complete task

Comments

MethodPath
GET/api/v1/tasks/:id/comments

List comments

POST/api/v1/tasks/:id/comments

Add comment

DELETE/api/v1/comments/:id

Delete comment

Time Entries

MethodPath
GET/api/v1/tasks/:id/time-entries

List time entries

POST/api/v1/tasks/:id/time-entries

Log time

PATCH/api/v1/time-entries/:id

Update entry

DELETE/api/v1/time-entries/:id

Delete entry

Tags

MethodPath
GET/api/v1/projects/:id/tags

List tags

POST/api/v1/projects/:id/tags

Create tag

DELETE/api/v1/tags/:id

Delete tag

Members

MethodPath
GET/api/v1/workspace/members

List members

Webhooks

MethodPath
GET/api/v1/webhooks

List webhooks

POST/api/v1/webhooks

Create webhook

PATCH/api/v1/webhooks/:id

Update webhook

DELETE/api/v1/webhooks/:id

Delete webhook

Webhooks

Receive real-time notifications when events happen in your workspace.

Available Events

task.createdtask.updatedtask.completedtask.deletedtask.assignedcomment.createdattachment.createdproject.updatedmember.addedmember.removed

Signature Verification

Verify webhook payloads by comparing the X-Gravitask-Signature header against an HMAC-SHA256 digest of the request body using your webhook secret.

const crypto = require('crypto');
function verify(payload, signature, secret) {
  const expected = 'sha256=' + crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

Rate Limiting

API requests are rate-limited per workspace.

PlanLimit
Free500 requests / minute
Paid5,000 requests / minute

Rate Limit Headers

X-RateLimit-LimitMaximum requests allowed per window
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp when the window resets

When you exceed the limit you will receive a 429 Too Many Requests response. Use the Retry-After header to determine how long to wait before retrying.

Pagination

List endpoints use cursor-based pagination. Pass limit and cursor query parameters to page through results.

GET /api/v1/projects?limit=50&cursor=eyJpZCI6IjEyMyJ9

Responses include pagination metadata:

{
  "data": [ ... ],
  "next_cursor": "eyJpZCI6IjEyMyJ9",
  "has_more": true
}

Continue fetching pages while has_more is true, passing the next_cursor value as the cursor parameter.

Start Building

Explore the full API interactively, connect via MCP, or generate your API key to get started.

Interactive API DocsMCP Setup GuideGenerate API Key
← Back to Support

We value your privacy

We use cookies to enhance your browsing experience, serve personalised content, and analyse our traffic. By clicking “Accept All”, you consent to our use of cookies. You can manage your preferences or learn more in our Cookie Policy.

Cookie Preferences