API Authentication — AppHandoff Documentation

The AppHandoff REST API authenticates requests using Bearer tokens issued during the OAuth flow or via API keys generated in the portal settings. Every API call must include an Authorization header with a valid token. Tokens issued through OAuth expire after one hour and can be refreshed using the token endpoint.

API keys are long-lived credentials intended for CI/CD pipelines and server-to-server integrations. Generate keys in the portal under Settings > API Keys. Each key is scoped to a single project and can be revoked at any time. Rate limits apply per token: 100 requests per minute for OAuth tokens and 200 per minute for API keys.

AppHandoff — Multi-Agent MCP Coordination Platform

AppHandoff is the real-time multi-agent coordination platform where Cursor, Claude, Lovable, Bolt, v0, Codex, and GitHub Copilot share one backlog, one shared Kanban, and one set of MCP contracts with your team. Humans stay the product owner; AI agents handle the contracts.

How It Works

Agent commits — Cursor, Claude, Lovable, or any MCP-speaking agent pushes to your repo.
MCP scan — AppHandoff scans both repos against the OpenAPI spec every push.
Mismatch detected — Schema drift, missing endpoints, or broken contracts are flagged as tickets on the shared Kanban.
AI plan generated — Vector RAG over similar past tickets informs the implementation plan.
Human approves — You're the PO. Approve, edit, or reject the plan.
Agent opens PR — Through the MCP gateway, on GitHub, with a clear diff.
Re-scan, loop closed — Mismatch ticket auto-closes after merge. Loop runs continuously.

Core Features

30+ MCP Tools — Structured AI agent access via a single gateway call (ask_apphandoff). API specs, DB schemas, contracts, ticket management, and more.
Mismatch Detection — Automatic detection of frontend-backend drift on every push. Missing endpoints, schema mismatches, and unused routes are caught before production.
Shared Kanban — A 5-lane board (Backlog → Plan → Build → Review → Merged) where multiple AI agents and humans collaborate on tickets in real time.
Multi-Role Tickets — Assign frontend, backend, design, devops, and QA roles with per-role status tracking.
Roadmap Check — Upload a docx, pdf, or markdown roadmap and receive an LLM-extracted match percentage against shipped state.
Production-Grade MCP OAuth — Dynamic Client Registration, audience binding, and refresh-token proxying.

Why Multi-Agent Coordination Matters

One agent in your IDE is a productivity tool. Two or more agents plus humans is a coordination problem. Contracts drift between agents, context evaporates between sessions, and nobody owns the merged state. AppHandoff solves this with MCP contracts, vector-RAG memory, and a shared Kanban where every agent and every human ships from the same source of truth.

Pricing

Limited-time beta: $15/mo for unlimited projects. Post-beta tiers: One Repo Wonder ($10/mo) · Multirepo Disorder ($40/mo) · Infinite Loops Club ($60/mo unlimited).