REST API.
A first-party REST API + webhooks for building integrations on top of Lavori. Same endpoints the web app uses — no second-class read-only mirror.
Status
Base URL
All API calls are prefixed with /api. In production:
https://your-workspace.lavori.app/api/...
Authentication
The web app uses cookie-based sessions; for server-to-server use, generate a personal access token (PAT) from Settings → Tokens and pass it in the Authorization header:
curl https://your-workspace.lavori.app/api/projects \ -H "Authorization: Bearer pmb_pat_..."
Resources
- /api/projects — list, create, update, archive
- /api/tasks — same; filter by project, assignee, status
- /api/events + /api/shifts — schedule data
- /api/contacts — companies + people CRM
- /api/invoices + /api/quotes + /api/budgets — billing pipeline
- /api/messages — workspace chat (read-only via API for now)
Pagination
List endpoints return a paginated envelope: { data: [...], pagination: { page, limit, total, totalPages } }. Pass ?page=2&limit=50 to page through.
Webhooks
Configure webhooks under Settings → Integrations → Webhooks. Events include:
- project.created / project.updated / project.archived
- task.assigned / task.completed
- shift.deployed / shift.confirmed
- invoice.created / invoice.paid / invoice.voided
- user.invited / user.removed
Payloads are signed HMAC-SHA256; verify the signature header before trusting the body.
Errors
Errors return a consistent envelope with a machine-readable code and a human-readable message:
{ "error": "validation_failed", "message": "title is required" }