Annotate API
Use the widget ingest API for customer reports and the authenticated dashboard APIs for report workflows, projects, teams, and GitHub integrations.
Download OpenAPI JSON ยท Security and data handling
Authentication
Widget ingest
POST /reports uses the project
POST /reports uses the project
api_key in JSON. It is intentionally public and rate limited per key.Dashboard API
Use
Use
Authorization: Bearer <jwt> from /auth/login or /auth/register.Widget report example
POST /reports
{
"api_key": "pk_live_...",
"type": "bug",
"priority": "high",
"comment": "Checkout button stopped responding",
"page_url": "https://app.example.com/checkout",
"environment": {
"browser": "Chrome",
"browser_version": "147",
"os": "macOS",
"os_version": "15",
"viewport_width": 1440,
"viewport_height": 900
},
"console_entries": [],
"network_entries": []
}Core endpoints
| Endpoint | Purpose |
|---|---|
GET /health | API and database health. |
POST /auth/register | Create account; invite token supported. |
POST /auth/login | Get dashboard JWT. |
POST /reports | Ingest public widget report. |
GET /reports | Authenticated, filtered report list. |
GET /projects/{id}/pilot-onboarding-status | First-pilot install readiness across SDK, GitHub, QA task, issue, and verification milestones. |
GET /projects/{id}/agent-qa-tasks | Project-scoped agent QA task list with evidence, generated test, and latest verification status. |
POST /projects/{id}/agent-qa-tasks/claim-next | Claim one ready QA task and return an agent-ready verification contract. |
GET /projects/{id}/regression-memory | Durable QA regression memory grouped across reports, releases, builds, and verification outcomes. |
GET /agent-qa-tasks/{id} | Fetch and refresh one canonical agent-ready QA task bundle. |
POST /agent-qa-tasks/{id}/create-issue | Create a GitHub Issue from the grounded QA task bundle. |
GET /reports/export.csv | Formula-safe CSV export. |
PUT /projects/{id}/ai-provider | Use platform AI or encrypted project BYO Anthropic/OpenAI key. |
POST /projects/{id}/ai-provider/smoke | Run a project BYO AI provider-key smoke test. |
PUT /projects/{id}/agent-webhook | Store an encrypted customer agent webhook/custom-tool endpoint. |
POST /projects/{id}/integrations/health | Run safe integration health checks without Slack/webhook sends. |
POST /mcp | Authenticated MCP JSON-RPC tools for redacted evidence, annotate_list_qa_tasks, annotate_get_qa_task, heatmap summaries, audit visibility, and agent workflow execution. |
POST /reports/{id}/agent-runs | Create and execute a named agent run from a report. |
POST /reports/{id}/create-issue | Create GitHub Issue from a report. |
POST /reports/{id}/create-pr | Deprecated; use Auto-Fix fix runs for repo-grounded PR creation. |