Skip to content
AppHandoff AppHandoff Docs

Overview

AppHandoff API 2.0.0

Section titled “AppHandoff API 2.0.0”

Build in Lovable. Bots plan. You approve. Kanban ships it.

Projects, handoffs, and MCP context (scan, API spec, handoff tickets). Authenticate with a Bearer API key (ah_k_...) from Settings or via Supabase session cookie.

Information

Operations

Section titled “ Operations ”
GET
/auth/status
POST
/auth/logout
POST
/auth/dev-login
POST
/auth/exchange-supabase-token
GET
/auth/github
POST
/auth/login
GET
/auth/me
POST
/auth/refresh
POST
/auth/send-password-reset
POST
/auth/send-magic-link
POST
/auth/signup
GET
/me
PATCH
/me
GET
/me/preferences
PATCH
/me/preferences
GET
/roles
GET
/me/notification-prefs
PATCH
/me/notification-prefs
GET
/keys
POST
/keys
GET
/keys/{keyId}
DELETE
/keys/{keyId}
GET
/projects
POST
/projects
GET
/projects/{id}
DELETE
/projects/{id}
PATCH
/projects/{id}
GET
/projects/{id}/sync-check
GET
/projects/{id}/agent-activity
GET
/projects/{id}/agent-sessions
POST
/projects/agent-activity/batch
GET
/projects/by-source
GET
/projects/{id}/api-spec
GET
/projects/{id}/db-schema
GET
/projects/{id}/docs
GET
/projects/{id}/docs/{slug}
GET
/projects/{id}/mismatches
GET
/projects/{id}/analysis
GET
/projects/{id}/mcp-usage
POST
/projects/{id}/assistant/chat
POST
/projects/{id}/watchers
GET
/projects/{id}/watchers/me
DELETE
/projects/{id}/watchers/me
GET
/projects/{id}/overview
GET
/projects/{id}/tickets
POST
/projects/{id}/tickets
POST
/projects/{id}/tickets/bulk
PATCH
/projects/{id}/tickets/bulk
GET
/projects/{id}/tickets/{ticketId}
DELETE
/projects/{id}/tickets/{ticketId}
PATCH
/projects/{id}/tickets/{ticketId}
GET
/projects/{id}/tickets/{ticketId}/messages
POST
/projects/{id}/tickets/{ticketId}/messages
GET
/projects/{id}/tickets/{ticketId}/deploy-status
GET
/projects/{id}/tickets/{ticketId}/test-cases
POST
/projects/{id}/tickets/{ticketId}/test-cases/generate
PATCH
/projects/{id}/tickets/{ticketId}/test-cases/{caseId}
GET
/projects/{id}/tickets/{ticketId}/audit
GET
/projects/{id}/tickets/{ticketId}/github-issue
POST
/projects/{id}/tickets/{ticketId}/github-issue
POST
/projects/{id}/tickets/{ticketId}/review-plan
POST
/projects/{id}/tickets/{ticketId}/trigger-bot-build
GET
/projects/{id}/tickets/stream
GET
/tickets
GET
/tickets/audit
GET
/tickets/github-status
GET
/projects/{id}/tools
POST
/projects/{id}/tools
PUT
/projects/{id}/tools/{toolId}
DELETE
/projects/{id}/tools/{toolId}
GET
/projects/{id}/tools/{toolId}/calls
POST
/projects/{id}/tools/{toolId}/test
POST
/projects/{id}/tools/connect-mcp
GET
/projects/{id}/tool-config
POST
/projects/{id}/tool-config
GET
/projects/{id}/tool-usage
POST
/projects/{id}/tool-usage
GET
/foreign-tool-templates
GET
/projects/{id}/rules
POST
/projects/{id}/rules
DELETE
/projects/{id}/rules/{ruleId}
PATCH
/projects/{id}/rules/{ruleId}
GET
/runs
POST
/scan
GET
/scans
POST
/scans
GET
/scans/{id}
GET
/github/repos
GET
/github/status
GET
/github/connection
GET
/github/app/install-url
GET
/github/app/install/callback
POST
/github/app/install/complete
POST
/github/app/uninstall
GET
/github/webhooks/install
POST
/github/webhooks/install
POST
/stripe/checkout
POST
/stripe/portal
GET
/billing/summary
GET
/billing/insights
GET
/team/members
DELETE
/team/members
GET
/team/join-requests
PATCH
/team/join-requests
POST
/team/invite
GET
/team/invitations
POST
/team/invitations/accept/{token}
DELETE
/team/invitations/{id}
POST
/team/invitations/{id}/resend
POST
/team/invitations/{id}/force-accept
GET
/team/members/{userId}/project-access
PUT
/team/members/{userId}/project-access
GET
/team/members/project-access
PUT
/team/members/project-access
GET
/admin/users
POST
/admin/users
DELETE
/admin/users/{userId}
PATCH
/admin/users/{userId}
GET
/admin/invites
PATCH
/admin/invites
GET
/admin/runs
GET
/admin/mcp-usage
GET
/admin/logs
GET
/admin/ticket-activity
GET
/admin/mcp-dashboard
POST
/admin/super-admins/toggle
POST
/admin/superadmin/toggle
POST
/admin/seed-ticket-embeddings
GET
/health
GET
/health/metrics
GET
/health/deep
GET
/health/ping
GET
/health/public
GET
/version
GET
/uptime
GET
/mcp-bot
POST
/mcp-bot
DELETE
/mcp-bot
OPTIONS
/mcp-bot
GET
/mcp-bot/health
OPTIONS
/mcp-bot/health
GET
/mcp-bot/public-health
OPTIONS
/mcp-bot/public-health
GET
/mcp-bot/ping
GET
/mcp-bot/tools
OPTIONS
/mcp-bot/tools
POST
/mcp-bot/execute
OPTIONS
/mcp-bot/execute
GET
/mcp/status
OPTIONS
/mcp/status
GET
/mcp/ping
OPTIONS
/mcp/ping
POST
/oauth/token
OPTIONS
/oauth/token
POST
/oauth/mcp-inspector/token
OPTIONS
/oauth/mcp-inspector/token
POST
/oauth/consent
POST
/oauth/decision
POST
/oauth/register
OPTIONS
/oauth/register
POST
/oauth/token
OPTIONS
/oauth/token
POST
/oauth/mcp-inspector/token
OPTIONS
/oauth/mcp-inspector/token
POST
/cron/backfill-handoff-complete
GET
/cron/health-record
POST
/cron/health-record
POST
/cron/rescan
POST
/cron/agents-cursor
GET
/cron/reclaim-agent-runs
POST
/cron/reclaim-agent-runs
GET
/cron/stale-in-progress
POST
/cron/stale-in-progress
GET
/cron/repair-merged-role
POST
/cron/repair-merged-role
POST
/cron/indexnow
GET
/cron/send-watcher-emails
POST
/cron/send-watcher-emails
POST
/webhooks/github
POST
/webhooks/stripe
POST
/webhooks/cursor-agent
GET
/settings/roles
PUT
/settings/roles
GET
/projects/{id}/ai-suggestions
POST
/projects/{id}/ai-suggestions/{suggestionId}/action
GET
/activity
GET
/dashboard-bundle
GET
/dashboard-summary
GET
/dashboard/project-stats
GET
/notifications
POST
/notifications/read
GET
/debug
POST
/dev/events
OPTIONS
/dev/events
GET
/dev/sessions
OPTIONS
/dev/sessions
GET
/integrations
GET
/integrations/overview
GET
/integrations/webhooks
POST
/integrations/webhooks
GET
/integrations/webhooks/setup-info
GET
/integrations/webhooks/status
POST
/integrations/webhooks/reveal-secret
POST
/sse-nonce
GET
/openapi.json
GET
/projects/openapi.json
GET
/projects/{id}/auto-close-settings
PATCH
/projects/{id}/auto-close-settings
POST
/agents/plan
GET
/agents/plans/{id}
GET
/projects/{id}/agent-plans
POST
/agents/plans/{id}/approve
POST
/agents/plans/{id}/reject
GET
/agents/workers
GET
/agents/runs
POST
/agents/runs/{id}/events
GET
/projects/{id}/milestones
POST
/projects/{id}/milestones
POST
/projects/{id}/milestones/reorder
POST
/projects/{id}/milestones/move
GET
/projects/{id}/milestones/{milestoneId}
DELETE
/projects/{id}/milestones/{milestoneId}
PATCH
/projects/{id}/milestones/{milestoneId}
GET
/projects/{id}/tickets/{ticketId}/tasks
POST
/projects/{id}/tickets/{ticketId}/tasks
GET
/projects/{id}/tickets/{ticketId}/tasks/{taskId}
DELETE
/projects/{id}/tickets/{ticketId}/tasks/{taskId}
PATCH
/projects/{id}/tickets/{ticketId}/tasks/{taskId}
POST
/projects/{id}/tickets/{ticketId}/tasks/reorder
GET
/projects/{id}/tickets/{ticketId}/shipping
GET
/projects/{id}/tickets/{ticketId}/watchers
POST
/projects/{id}/tickets/{ticketId}/watchers
DELETE
/projects/{id}/tickets/{ticketId}/watchers/{userId}
GET
/projects/{id}/roadmap-check
POST
/projects/{id}/roadmap-check
GET
/projects/{id}/roadmap-check/{checkId}
GET
/projects/{id}/roadmap-check/{checkId}/suggestions
POST
/projects/{id}/roadmap-check/{checkId}/suggestions/{suggestionId}/action
POST
/projects/{id}/roadmap-check/{checkId}/apply
GET
/changelog
GET
/mcp-analytics
GET
/mcp-analytics/errors
GET
/mcp-analytics/realtime

Authentication

Section titled “ Authentication ”

bearerApiKey

Section titled “bearerApiKey ”

API key (ah_k_…) from Settings > API Keys.

Security scheme type: http

Bearer format: API Key

cookieAuth

Section titled “cookieAuth ”

Supabase session cookie (web UI).

Security scheme type: apiKey

Cookie parameter name: sb-access-token