API Reference
Fluxopus exposes a REST API at https://fluxopus.eu/api. All endpoints are authenticated and respect the same RLS rules as the UI. A machine-readable OpenAPI spec is available at /openapi.json.
Authentication
Pass your Supabase session JWT in the Authorization header:
Authorization: Bearer <your-jwt>
Obtain a JWT by signing in via the Supabase Auth API or by calling supabase.auth.getSession() in the browser SDK. JWTs expire after 1 hour; use the refresh token to obtain a new one.
Base URL
Endpoint Groups
Tasks
| Method | Path | Description |
|---|---|---|
GET | /tasks | List your tasks (admin: company tasks) |
POST | /tasks | Create a new task |
GET | /tasks/[id] | Get a single task |
PATCH | /tasks/[id] | Update task fields |
DELETE | /tasks/[id] | Delete a task |
GET | /tasks/[id]/time-logs | List time log entries for a task |
POST | /tasks/[id]/time-logs | Add a time log entry |
Skills
| Method | Path | Description |
|---|---|---|
GET | /skills | List skills visible to the user |
POST | /skills | Create a new skill |
GET | /skills/[id] | Get a single skill |
PATCH | /skills/[id] | Update skill fields |
DELETE | /skills/[id] | Delete a skill |
POST | /skills/[id]/run | Execute a skill (streams response) |
GET | /skills/[id]/versions | List version history |
Knowledge
| Method | Path | Description |
|---|---|---|
GET | /knowledge | List knowledge items |
POST | /knowledge | Create a knowledge item |
GET | /knowledge/[id] | Get a single item |
PATCH | /knowledge/[id] | Update item fields |
DELETE | /knowledge/[id] | Delete an item |
GET | /knowledge/search?q= | Semantic search over knowledge |
Connections (OAuth)
| Method | Path | Description |
|---|---|---|
GET | /connections | List active connections |
GET | /connections/authorize/[provider] | Start OAuth flow (redirect) |
GET | /connections/callback/[provider] | OAuth callback handler |
GET | /connections/status/[provider] | Check connection status |
DELETE | /connections/[id] | Disconnect a tool |
Tags
| Method | Path | Description |
|---|---|---|
GET | /tags | List company tags |
POST | /tags | Create a tag |
PATCH | /tags/[id] | Update a tag |
DELETE | /tags/[id] | Delete a tag |
POST | /tags/entity | Assign tags to an entity |
GET | /tags/entity?entityType=&entityId= | Get tags for an entity |
Response Format
All endpoints return JSON. Successful responses use HTTP 200 or 201. Errors return a JSON object with an error string field and an appropriate HTTP status code (400, 401, 403, 404, 500).
// Error response
{ "error": "Not authorized" }
Rate Limiting
API calls count against your plan's token budget for AI endpoints (skill runs, knowledge search). Non-AI endpoints (tasks, tags, etc.) are not token-gated but are subject to Supabase connection limits.
OpenAPI Spec
A static OpenAPI 3.0 spec is available at https://fluxopus.eu/openapi.json. It covers all endpoint groups above and can be imported into tools like Postman, Insomnia, or used by AI coding assistants.