User and application API
There are two types of API access:
- Access to the API with the user "jsonrpc" and the token available on the settings page
- Access to all procedures
- No permission checked
- There is no user session on the server
- No access to procedures that starts with "My..." (example: "getMe" or "getMyProjects")
- Example of possible clients: tools to migrate/import data, create tasks from another system, etc...
- Access to the API with the user credentials (username and password)
- You can also generate a personal access token instead of your password
- Application role and project permissions are checked for each procedure
- A user session is created on the server
- Example of possible clients: native mobile/desktop application, command line utility, etc...
- Always use HTTPS with a valid certificate (avoid clear text communication)
- If you make a mobile application, it's your responsability to store securely the user credentials on the device
- After 3 authentication failure on the user api, the end-user have to unlock his account by using the login form
- Two factor authentication is not yet available through the API
Kanboard use the protocol Json-RPC to interact with external programs.
JSON-RPC is a remote procedure call protocol encoded in JSON. Almost the same thing as XML-RPC but with the JSON format.
We use the version 2 of the protocol.
You must call the API with a
POST HTTP request.
Kanboard support batch requests, so you can make multiple API calls in a single HTTP request. It's particularly useful for mobile clients with higher network latency.