Skip to content

REST API Overview

Runnit exposes a versioned public REST API at /api/v1, authenticated with per-user API keys. It covers the core of the product: projects, tasks, milestones, master projects, schedules, budgets and reports, rate cards, staff and work history, clients, organisations, asset collections, files, and search.

Every endpoint mirrors the in-app behaviour exactly. A request runs as the user who owns the API key, with that user’s current role, capabilities, and client assignments, so the API can never do more than the key’s owner can do in the app. See API Keys & Authentication for how to create a key and send it with requests.

Requests go to your Runnit backend with the /api/v1 prefix, for example:

https://api.runnit.io/api/v1

If your organisation runs its own deployment, replace the host with your deployment’s API address.

GET /api/v1/ needs no authentication and returns a discovery document that lists the supported authentication methods and the mounted resources:

Terminal window
curl https://api.runnit.io/api/v1/

Every other endpoint requires a valid API key.

Successful responses return JSON with a success flag and the resource under a named field, for example:

{ "success": true, "project": { "...": "..." } }

Failures return the HTTP status codes described in API Keys & Authentication, along with an error message in the body.

Every resource has a full endpoint-by-endpoint reference page with request fields, responses, permissions, and examples.

ResourceReferenceWhat it covers
/api/v1/projectsProjects APIList and create projects, get a project and its details, a unified PATCH /:id update (name, description, summary, status including archived, job number, dates, budget and currency, client, colour, tags), cascading delete, the project history feed, milestones CRUD, task creation with scheduling (plus task dates, estimate, allocations, and assignee sub-routes), and assignee options.
/api/v1/tasksTasks APIYour assigned tasks (GET /my), get and update a task, status updates, comments (read and add), and task deletion.
/api/v1/master-projectsMaster Projects APIMaster project CRUD, hierarchy, budget rollups, dependencies, and sub-project linking.
/api/v1/organizationsOrganisations & Staff APIGet and update the organisation, members (list, invite, update, remove), member rate settings, and user imports (preview, commit, rollback).
/api/v1/organizations (rate cards)Rate Cards APIRate-card roles CRUD, client rate cards and role overrides CRUD, effective rate resolution, and project rate-card assignment.
/api/v1/organizations/:orgId/clientsClients APIClient relationships: list, link, create, get, update, and remove, plus client teams and assignments.
/api/v1/usersStaff Profiles & Work History APIStaff profiles (get and update), portfolio and work-history entries CRUD (work history also syncs automatically when projects complete), client assignments, and organisation role.
/api/v1/reportsReports APISummary, budget, performance, delivery, workload, and client reports, plus export. Financial data requires the user’s financial reporting capability.
/api/v1/schedule, /api/v1/closure-datesScheduling APIThe schedule calendar across users and projects, plus organisation closure dates.
/api/v1/collectionsAsset Collections APIAsset collection CRUD and entity links.
/api/v1/assetsAssets APIUpload, download, versioned metadata and content updates, delete, folders, tags, and semantic search.
/api/v1/permissions, /api/v1/searchPermissions & Search APIPermission introspection and administration, project team management, and cross-entity search.

Not available through API keys: registration and authentication endpoints, impersonation, API key management itself (a key cannot create or revoke keys), MCP session minting, and administrative environment tooling.

Replace rnk_your_key with your API key and the placeholder IDs with real values.

Terminal window
curl https://api.runnit.io/api/v1/projects \
-H 'Authorization: Bearer rnk_your_key'
Terminal window
curl -X POST https://api.runnit.io/api/v1/projects/<project-id>/tasks \
-H 'Authorization: Bearer rnk_your_key' \
-H 'Content-Type: application/json' \
-d '{
"name": "Draft homepage copy",
"description": "First pass for internal review.",
"priority": "high",
"assignedToId": "<user-uuid>",
"plannedStartDate": "2026-07-13",
"estimatedHours": 6
}'

Only name is required. priority accepts low, medium, high, or critical. When you supply an assignee, start date, and estimate, Runnit also builds the task’s schedule.

Terminal window
curl -X PATCH https://api.runnit.io/api/v1/projects/<project-id> \
-H 'Authorization: Bearer rnk_your_key' \
-H 'Content-Type: application/json' \
-d '{
"status": "active",
"targetCompletionDate": "2026-09-30",
"budget": 80000,
"budgetCurrency": "AUD"
}'

PATCH /api/v1/projects/:id accepts any subset of name, description, summary, status (including archived), jobNumber, startDate, targetCompletionDate, budget, budgetCurrency, clientOrganizationId, color, and tags.

Terminal window
curl -X POST https://api.runnit.io/api/v1/assets \
-H 'Authorization: Bearer rnk_your_key' \
-H 'Content-Type: application/json' \
-d '{
"fileName": "brand-guidelines",
"fileExtension": "pdf",
"content": "<base64-encoded file content>",
"collectionId": "<collection-uuid>"
}'

Assets belong to collections; create or look up a collection through /api/v1/collections first. Send file content as text or base64 in the JSON body; see the Assets API for the full field list.

Each key can make up to 600 requests per minute by default; requests over the limit return 429. Authentication and permission failures are described in API Keys & Authentication.

The same rnk_ API keys also authenticate the MCP server, so one credential can drive both the REST API and MCP tool calls from AI agents.