Rehabfolio developer platform

Public API

Read-only workspace data for approved integrations and AI agents.

Authentication

Send an active workspace API key as a Bearer token. Keys are displayed once when created and can be revoked from Integrations.

Authorization: Bearer fc_live_your_key

Base URL

All API calls use the API host (not the marketing site):

https://api.rehabfolio.com

Request

curl "https://api.rehabfolio.com/api/public/v1/projects" \
  -H "Authorization: Bearer fc_live_your_key"

Successful responses use the same envelope for every resource.

{
  "data": [],
  "meta": { "resource": "projects", "count": 0 }
}

Resources

MethodEndpointReturns
GET/api/public/v1/projectsActive project identity, location, strategy, stage, progress, and risk.
GET/api/public/v1/tasksProject tasks with status, priority, assignee, and due date.
GET/api/public/v1/expensesProject expenses with vendor, category, amount, date, and reconciliation status.

Errors

401Missing, invalid, or revoked API key.
404Unknown versioned resource.
429Request limit exceeded when rate limiting is enabled.

Outbound event signatures

Webhooks and Zapier automations send JSON with an HMAC SHA-256 signature in X-Rehabfolio-Signature. Recompute the digest from the raw request body and the signing secret before accepting an event.

X-Rehabfolio-Event: project.updated
X-Rehabfolio-Signature: sha256=<hex digest>