API Reference
Programmatically log team activity, retrieve reports, and integrate TaskReview into your own applications and automated workflows.
Introduction
The TaskReview.app REST API lets you read and write activity log entries and team data using standard HTTP methods. All request and response bodies use JSON. The API is versioned — the current version is v1.
API access requires a paid plan that includes API support. You can create and manage API keys from Settings → API Keys.
Authentication
All requests must include a secret API key as a Bearer token in the Authorization header. Never expose your secret key in client-side code or public repositories.
Authorization: Bearer sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxAPI Key Scopes
When creating an API key you define its scope — the exact paths and methods the key is permitted to call. Scope entries use the format METHOD:/path and support wildcards and path parameters:
GET:/v1/activity-logs
POST:/v1/activity-logs
*:*A request that doesn't match any scope entry is rejected with 403 Forbidden.
CIDR Restrictions
Optionally restrict an API key to specific IP ranges by adding CIDR blocks (e.g. 203.0.113.0/24). If any CIDR blocks are configured, requests from IPs outside those ranges are rejected with 403 Forbidden.
Base URL
https://api.taskreview.app/v1/Rate Limiting
The API uses a leaky bucket algorithm. Each key has a configurable request-per-minute limit (default: 60). When the limit is exceeded the API returns 429 Too Many Requests with a Retry-After header indicating how many seconds to wait.
HTTP/1.1 429 Too Many Requests
Retry-After: 12Errors
All responses include an errors array. On success it is empty. On failure it contains one or more error objects:
{
"errors": [
{
"message": "Entry not found.",
"type": "invalid_request_error"
}
]
}| type | Meaning |
|---|---|
| auth_error | Missing or invalid API key |
| security_error | HTTPS required, IP blocked, or scope denied |
| invalid_request_error | Missing parameter, wrong type, resource not found |
| rate_limit_error | Too many requests |
| api_error | Unexpected server-side error |
Ping
Verify connectivity and confirm your API key is valid.
curl https://api.taskreview.app/v1/ping \
-H "Authorization: Bearer sk_live_xxxx"{
"timestamp": "Sat, 01 Mar 2026 12:00:00 GMT",
"errors": []
}Activity Logs
An activity log entry records a single action performed by a team member. Entries are associated with both the team member who performed the action and the root account owner.
GET /v1/activity-logs
Returns activity log entries for the account, optionally filtered by date.
| Parameter | Type | Description | |
|---|---|---|---|
| date | string | optional | Filter entries by date in YYYY-MM-DD format. |
curl https://api.taskreview.app/v1/activity-logs?date=2026-03-06 \
-H "Authorization: Bearer sk_live_xxxx"{
"data": [
{
"uuid": "01234567-89ab-cdef-0123-456789abcdef",
"message": "[03/06 09:15] Alice: Reviewed Q1 report",
"created_at": "2026-03-06T14:15:00.000000Z"
}
],
"errors": []
}GET /v1/activity-logs/:uuid
Returns a single activity log entry by UUID.
curl https://api.taskreview.app/v1/activity-logs/01234567-89ab-cdef-0123-456789abcdef \
-H "Authorization: Bearer sk_live_xxxx"{
"data": {
"uuid": "01234567-89ab-cdef-0123-456789abcdef",
"message": "[03/06 09:15] Alice: Reviewed Q1 report",
"created_at": "2026-03-06T14:15:00.000000Z"
},
"errors": []
}POST /v1/activity-logs
Creates a new activity log entry for the authenticated user.
| Parameter | Type | Description | |
|---|---|---|---|
| message | string | required | The activity description to log. |
curl -X POST https://api.taskreview.app/v1/activity-logs \
-H "Authorization: Bearer sk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{"message": "Reviewed Q1 report"}'{
"data": {
"uuid": "01234567-89ab-cdef-0123-456789abcdef",
"message": "[03/06 09:15] Alice: Reviewed Q1 report",
"created_at": "2026-03-06T14:15:00.000000Z"
},
"errors": []
}DELETE /v1/activity-logs/:uuid
Permanently deletes an activity log entry.
curl -X DELETE https://api.taskreview.app/v1/activity-logs/01234567-89ab-cdef-0123-456789abcdef \
-H "Authorization: Bearer sk_live_xxxx"{
"deleted": true,
"errors": []
}Team Members
A team member is a user who belongs to your account. Team members can submit activity log entries. They receive an invitation email when added.
GET /v1/team-members
Returns all team members for the account.
curl https://api.taskreview.app/v1/team-members \
-H "Authorization: Bearer sk_live_xxxx"{
"data": [
{
"uuid": "aabbccdd-eeff-0011-2233-445566778899",
"name": "Alice",
"email_address": "alice@example.com",
"status": 1,
"created_at": "2026-01-20T10:00:00.000000Z"
}
],
"errors": []
}GET /v1/team-members/:uuid
Returns a single team member by UUID.
curl https://api.taskreview.app/v1/team-members/aabbccdd-eeff-0011-2233-445566778899 \
-H "Authorization: Bearer sk_live_xxxx"{
"data": {
"uuid": "aabbccdd-eeff-0011-2233-445566778899",
"name": "Alice",
"email_address": "alice@example.com",
"status": 1,
"created_at": "2026-01-20T10:00:00.000000Z"
},
"errors": []
}POST /v1/team-members
Adds a new team member and sends them an invitation email. The member must verify their email before they can sign in.
| Parameter | Type | Description | |
|---|---|---|---|
| name | string | required | Team member's display name. |
| email_address | string | required | Team member's email address. Must be unique. |
curl -X POST https://api.taskreview.app/v1/team-members \
-H "Authorization: Bearer sk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"name": "Alice",
"email_address": "alice@example.com"
}'{
"data": {
"uuid": "aabbccdd-eeff-0011-2233-445566778899",
"name": "Alice",
"email_address": "alice@example.com",
"status": 2,
"created_at": "2026-03-01T14:00:00.000000Z"
},
"errors": []
}DELETE /v1/team-members/:uuid
Removes a team member from the account. Their activity log entries are retained.
curl -X DELETE https://api.taskreview.app/v1/team-members/aabbccdd-eeff-0011-2233-445566778899 \
-H "Authorization: Bearer sk_live_xxxx"{
"deleted": true,
"errors": []
}