API access

The API access add-on gives you a public REST API over your ERP data — a token-authenticated /v1 endpoint you can call from your own scripts, integrations or back-office tools.

It is a thin, predictable layer over the same data the web app shows: every response is scoped to your company, JSON in and JSON out, with an OpenAPI 3.1 spec you can generate a client from. This section is written for developers integrating with the ERP.

What you can do

Read your data

List and fetch projects, workers, clients, estimates, subcontractors and equipment, with paging, filters and sparse field selection.

Write back

Create, update and delete records with the same validation as the web UI — plus safe retries and a dry-run mode.

Scoped access

One Bearer token per company, limited to the exact permissions you grant it — and optionally locked to your server IPs.

Live OpenAPI

A machine-readable OpenAPI 3.1 spec, an interactive reference and a Postman collection — all generated live, so they never drift from the routes.

Base URL

All endpoints live under the /v1 path on the API host:

https://api.redz.build/v1

White-label and standalone installs serve the API from their own host; the OpenAPI document always advertises the host it was fetched from, so you never have to hardcode a domain.

The six resources

Endpoints are grouped by entity. Each supports list, get-by-id, create, update and delete — subject to the permissions your token carries and, for some resources, a paid add-on being enabled.

ResourcePathRequires
Projects/v1/projectsAPI
Workers/v1/workersAPI
Clients/v1/clientsAPI
Estimates/v1/estimatesEstimates add-on
Subcontractors/v1/subcontractorsSubcontractors add-on
Equipment/v1/equipmentEquipment add-on
Money and security stay off the API. Payroll, billing, users, attendance, moderation, backups and settings are deliberately not exposed — the API surfaces business records, not the financial and access-control internals.

Response shape

Successful responses are a JSON envelope with a data payload and a meta object (paging totals on lists). Errors follow RFC 9457 problem+json.

{
  "data": [
    { "id": 42, "name": "Riverside Villa", "status": "ACTIVE" }
  ],
  "meta": { "total": 128, "limit": 50, "offset": 0 }
}

At a glance

  • Auth — one Bearer token per company, scoped to the rights you pick.
  • Rate limit — 30 requests per minute per token.
  • Monthly quota — 50,000 calls per calendar month per company.
  • Paging?limit defaults to 50, capped at 100; use ?offset to page.

Where it lives in the ERP

You create and manage the token inside the ERP under Settings ▸ API (the built-in developer portal). It needs the API access add-on enabled on your account; the portal shows an upgrade prompt when it is off.

Документация

Частые вопросы

No. Alongside list and get endpoints, the six business resources support create (POST), update (PATCH) and delete (DELETE). Financial, security and system data is never writable through the API.

The base resources (projects, workers, clients) only need the API add-on. Estimates, subcontractors and equipment endpoints additionally require their own add-on to be enabled, otherwise they return a 402.

JSON only. Requests with a body send application/json; successful responses are a { data, meta } envelope and errors are RFC 9457 application/problem+json.