Astravue API
    Astravue API
    • Welcome to the Astravue API
    • Auth
      • Get Access and Refresh Token
        POST
      • Refresh Access Token
        POST
    • Personal Tasks
      • Get task by ID
        GET
      • Update a task
        PUT
      • Delete a task
        DELETE
      • Get all tasks
        GET
      • Create a task
        POST
    • Spaces
      • Get space by ID
        GET
      • Update a space
        PUT
      • Delete a space
        DELETE
      • Get all spaces
        GET
      • Create a new space
        POST
    • Projects
      • Get project details by ID
        GET
      • Update a project
        PUT
      • Delete a project
        DELETE
      • Get all projects in a space
        GET
      • Create a new project
        POST
    • Project Tasks
      • Get a project task by ID
        GET
      • Update a project task
        PUT
      • Delete a project task
        DELETE
      • Get all tasks in a project
        GET
      • Create a project task
        POST
    • Task Timer
      • Get timers for a user in a task
        GET
      • Get active timers for a user
        GET
      • Update a timer
        PUT
      • Stop timer for a task
        PUT
      • Delete a timer entry
        DELETE
      • Start timer for a personal task
        POST
      • Add a time range entry for a personal task
        POST
      • Add manual time entry for a personal task
        POST
      • Start timer for a project task
        POST
      • Add range timer for a project task
        POST
      • Add manual time entry for a project task
        POST
    • Notifications and Mentions
      • Get all notifications and mentions
      • Mark notification/mentions as read
      • Delete multiple notifications

    Welcome to the Astravue API

    The Astravue Public API empowers developers to build integrations, custom tools, and automations with the Astravue platform. Whether you're creating internal tools or full-scale applications, our API gives you the flexibility and power to interact with the platform programmatically.
    This documentation provides everything you need to get started quickly and securely.

    Getting Started with Astravue API#

    Explore the API#

    You can browse the OpenAPI description to understand the available endpoints, expected parameters, and response formats.

    Run the API Collection in Postman#

    You can fork our Postman collection for using our APIs in your development environment.
    Run In Postman

    Authentication#

    The Astravue Public API uses OAuth 2.0 Authorization Code Flow for secure access, powered by Keycloak.

    How to Get Your API Credentials#

    1.
    Log in to your Astravue account.
    2.
    Click on your profile icon in the top-right corner.
    3.
    Navigate to the Settings page.
    4.
    Select the Apps tab.
    5.
    Click Create App.
    6.
    Fill in:
    App Name
    Redirect URL(s)
    7.
    Once created, you'll be provided with:
    Client ID
    Client Secret

    Step 1: Redirect User to the Authorization URL#

    To begin the OAuth 2.0 flow, redirect the user to the Astravue authorization endpoint:
    https://auth.astravue.com/realms/astravue/protocol/openid-connect/auth
    Required query parameters:
    response_type=code — Requests an authorization code.
    client_id=YOUR_CLIENT_ID — Your app's Client ID.
    redirect_uri=YOUR_REGISTERED_REDIRECT_URI — Must match one of the URIs you registered.
    state=RANDOM_STRING — (Recommended) A random string to prevent CSRF attacks.
    Example URL:
    https://auth.astravue.com/realms/astravue/protocol/openid-connect/auth?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REGISTERED_REDIRECT_URI&scope=openid&state=RANDOM_STRING
    After the user authenticates and approves access, they will be redirected to your redirect_uri with an authorization code in the URL:
    https://yourapp.com/callback?code=AUTHORIZATION_CODE&state=RANDOM_STRING

    Step 2: Exchange Authorization Code for Tokens#

    Use the authorization code to request an access token and refresh token from the token endpoint:
    POST https://auth.astravue.com/realms/astravue/protocol/openid-connect/token
    Required parameters (x-www-form-urlencoded):
    grant_type=authorization_code
    code=AUTHORIZATION_CODE (from previous step)
    redirect_uri=YOUR_REGISTERED_REDIRECT_URI
    client_id=YOUR_CLIENT_ID
    client_secret=YOUR_CLIENT_SECRET
    The response will include your access_token (valid for 30 minutes) and refresh_token (long-lived).

    Step 3: Refresh Access Token#

    When your access token expires (after 30 minutes), use your refresh token to get a new access token:
    POST https://auth.astravue.com/realms/astravue/protocol/openid-connect/token
    Required parameters (x-www-form-urlencoded):
    grant_type=refresh_token
    refresh_token=YOUR_REFRESH_TOKEN
    client_id=YOUR_CLIENT_ID
    client_secret=YOUR_CLIENT_SECRET
    The response will include a new access_token and potentially a new refresh_token.

    Token Lifecycle#

    Access Token: Valid for 30 minutes.
    Refresh Token: Long-lived (does not expire by default).
    When your access token expires, use the refresh token to request a new one.
    ⚠️ Never expose your client secret in frontend or public code.

    Resources#

    OAuth 2.0 Authorization Code Flow
    OpenAPI Specification

    Feedback & Support#

    We value your feedback. If you have suggestions, encounter issues, or want to request features, please email to support@astravue.com.
    Happy building! 🚀
    Next
    Get Access and Refresh Token
    Built with