Rehabfolio developer platform
Public API
Read-only workspace data for approved integrations and AI agents.
Authentication
Send an active workspace API key as a Bearer token. Keys are displayed once when created and can be revoked from Integrations.
Authorization: Bearer fc_live_your_keyBase URL
All API calls use the API host (not the marketing site):
https://api.rehabfolio.comRequest
curl "https://api.rehabfolio.com/api/public/v1/projects" \
-H "Authorization: Bearer fc_live_your_key"Successful responses use the same envelope for every resource.
{
"data": [],
"meta": { "resource": "projects", "count": 0 }
}Resources
MethodEndpointReturns
GET/api/public/v1/projectsActive project identity, location, strategy, stage, progress, and risk.GET/api/public/v1/tasksProject tasks with status, priority, assignee, and due date.GET/api/public/v1/expensesProject expenses with vendor, category, amount, date, and reconciliation status.Errors
401Missing, invalid, or revoked API key.404Unknown versioned resource.429Request limit exceeded when rate limiting is enabled.Outbound event signatures
Webhooks and Zapier automations send JSON with an HMAC SHA-256 signature in X-Rehabfolio-Signature. Recompute the digest from the raw request body and the signing secret before accepting an event.
X-Rehabfolio-Event: project.updated
X-Rehabfolio-Signature: sha256=<hex digest>