Base URL
All endpoints are available under the/api/v1/ prefix of your Collabase instance:
Authentication
Every API request requires authentication. You authenticate by passing an API key as a Bearer token in theAuthorization header.
Generating an API key
Open your profile settings
Click your avatar in the top-right corner of the Collabase dashboard and select Settings.
Authorization header of every request:
Permissions
The API enforces Role-Based Access Control (RBAC). Your API key assumes the full identity of the user who generated it. Before any operation is executed, the API verifies that your account holds the necessary rights for the target resource. For example, creating a page inside a space requires write access to that space. Attempting an operation you do not have permission for returns a403 Forbidden.
Request validation
Collabase validates all incoming request bodies using Zod schemas. If a request is missing required fields or contains incorrect data types, the API immediately returns a400 Bad Request with a description of the validation errors.
Status codes
| Code | Status | Description |
|---|---|---|
200 | OK | The read or update operation was successful. |
201 | Created | A new resource was successfully created. The response body contains the new object. |
400 | Bad Request | The request body failed validation, or parameters were malformed. |
401 | Unauthorized | No API key was provided, or the key is invalid or expired. |
403 | Forbidden | The API key is valid, but your account does not have permission to act on the target resource. |
404 | Not Found | The specified resource (UUID or slug) could not be found. |
Error format
All error responses return a JSON body with a singleerror field describing what went wrong: