Skip to main content
Base URL:
https://atollhq.com
All endpoints require Authorization: Bearer sk_atoll_... unless noted.

Organizations

MethodEndpointDescription
GET/api/orgsList your organizations
POST/api/orgsCreate an organization
GET/api/orgs/{id}Get organization details
PATCH/api/orgs/{id}Update organization
DELETE/api/orgs/{id}Delete organization

Projects

MethodEndpointDescription
GET/api/orgs/{id}/projectsList visible projects
POST/api/orgs/{id}/projectsCreate project
GET/api/orgs/{id}/projects/{projectId}Get project with issues
PATCH/api/orgs/{id}/projects/{projectId}Update project
DELETE/api/orgs/{id}/projects/{projectId}Permanently delete project and all tasks in it; requires { "confirmation": "DELETE" }
POST/api/orgs/{id}/projects/{projectId}/archive-by-statusArchive issues by status
GET/api/orgs/{id}/project-healthLatest health status per project

Project access

MethodEndpointDescription
GET/api/orgs/{id}/projects/{projectId}/membersList project members
POST/api/orgs/{id}/projects/{projectId}/membersAdd project member
PATCH/api/orgs/{id}/projects/{projectId}/membersUpdate project access
DELETE/api/orgs/{id}/projects/{projectId}/members?memberId=...Remove project member
GET/api/orgs/{id}/projects/{projectId}/teamsList project teams
POST/api/orgs/{id}/projects/{projectId}/teamsAdd team to project
DELETE/api/orgs/{id}/projects/{projectId}/teams?teamId=...Remove team from project
Adding a project member accepts { "memberId": "...", "accessLevel": "view" | "edit" | "admin" }. If accessLevel is omitted, Atoll defaults it to edit; invalid values return 400.

Issues

MethodEndpointDescription
GET/api/orgs/{id}/issuesList issues
POST/api/orgs/{id}/issuesCreate issue
GET/api/orgs/{id}/issues/{issueId}Get issue detail
PATCH/api/orgs/{id}/issues/{issueId}Update issue; optional comment_body and comment_mentions also add an issue comment in the same request
DELETE/api/orgs/{id}/issues/{issueId}Permanently delete issue, owner/admin only
POST/api/orgs/{id}/issues/{issueId}/archiveArchive issue
DELETE/api/orgs/{id}/issues/{issueId}/archiveUnarchive issue
POST/api/orgs/{id}/issues/bulkBulk create issues, max 50
GET/api/orgs/{id}/issues/search?q=...Search issues by title/description
GET/api/orgs/{id}/issues/{issueId}/activityIssue activity feed
GET/api/orgs/{id}/issues/{issueId}/pr-linksLinked pull requests
POST/api/orgs/{id}/issues/{issueId}/pr-linksAttach a GitHub PR URL with { "url": "https://github.com/owner/repo/pull/123" }
GET/api/orgs/{id}/issues/{issueId}/initiativesList initiatives linked to an issue
POST/api/orgs/{id}/issues/{issueId}/initiativesLink issue to initiative with { "initiative_id": "..." }
DELETE/api/orgs/{id}/issues/{issueId}/initiatives/{initiativeId}Unlink issue from initiative
Issue-centric initiative links follow issue project permissions: reading links requires access to the issue’s project; linking and unlinking require edit/admin access to that project. Guest callers may link only to initiatives already linked to the same accessible project. PR link creation accepts canonical GitHub pull request URLs, extracts the owner/repo/number, and rejects malformed or non-PR URLs with 400. When GitHub metadata is available, Atoll stores the current PR title, status, canonical URL, and head SHA during attach; webhooks keep linked PR state fresh after subsequent GitHub events. Issue list filters include status, priority, projectId, assigneeId, teamId, milestoneId, q (title and description for full issue lists), includeArchived, orderBy, orderDir, limit, offset, and the optional response shape controls below. Compact issue views (view=board or view=list) also support board-toolbar filters: assignee (unassigned or member ID, including multi-assignee links), initiativeId, scope (mine or blocked), and q over title plus issue number. Main list endpoints keep their legacy resource-key JSON by default. Add shape=envelope or response_shape=cli to opt into the CLI-compatible envelope: { resource, items, total, limit, offset, nextOffset, truncated, hint }.

Comments, subtasks, dependencies, labels, and attachments

MethodEndpointDescription
GET/api/orgs/{id}/issues/{issueId}/commentsList comments; requires access to the issue’s project
POST/api/orgs/{id}/issues/{issueId}/commentsAdd comment with { body, mentions? }; requires write access to the issue’s project
PATCH/api/orgs/{id}/issues/{issueId}/comments/{commentId}Edit comment
DELETE/api/orgs/{id}/issues/{issueId}/comments/{commentId}Delete comment
GET/api/orgs/{id}/issues/{issueId}/subtasksList subtasks
POST/api/orgs/{id}/issues/{issueId}/subtasksCreate subtask
PATCH/api/orgs/{id}/issues/{issueId}/subtasks/{subtaskId}Update subtask
DELETE/api/orgs/{id}/issues/{issueId}/subtasks/{subtaskId}Delete subtask
GET/api/orgs/{id}/issues/{issueId}/dependenciesList dependencies
POST/api/orgs/{id}/issues/{issueId}/dependenciesAdd dependency
DELETE/api/orgs/{id}/issues/{issueId}/dependencies/{dependencyId}Remove dependency
GET/api/orgs/{id}/labelsList org labels
POST/api/orgs/{id}/labelsCreate label
POST/api/orgs/{id}/issues/{issueId}/labelsAdd label to issue
DELETE/api/orgs/{id}/issues/{issueId}/labels/{labelId}Remove label from issue
GET/api/orgs/{id}/issues/{issueId}/attachmentsList private attachments with signed URLs
POST/api/orgs/{id}/issues/{issueId}/attachmentsUpload private attachment
GET/api/orgs/{id}/issues/{issueId}/attachments/{attachmentId}Redirect authorized requests to a fresh signed URL
DELETE/api/orgs/{id}/issues/{issueId}/attachments/{attachmentId}Delete private attachment
Issue comments inherit issue project permissions: guests cannot access comments on unprojected issues, and write operations require write access to the issue’s project. Comment bodies accept Markdown/plain text or existing rich-text HTML. Atoll stores and returns comment bodies as sanitized HTML. If sanitization leaves no visible text or safe media, the request returns 400 with body is required for direct comments or comment_body is required for issue updates with comment_body. Structured mentions are recommended for agents and integrations. Direct comments accept mentions: [{ "member_id": "member-id" }]; issue update comments accept comment_mentions: [{ "member_id": "member-id" }]. Use the stable Atoll org member ID, not an auth user ID or display name. Markdown and HTML atoll:member links remain backward-compatible. Responses that create comments include mentions: { requested, created, skipped }. Each skipped[] entry includes member_id and reason. Reasons are invalid_member_id, not_found, self_mention, no_project_access, guest_unprojected_issue, unsupported_member_type, and mentions_muted. Issue attachments are stored privately. List and upload responses include short-lived signed URLs in url and url_expires_in: 3600. The individual attachment GET endpoint is a stable authenticated URL for embedded comment images and redirects to a fresh signed URL. Listing and individual GET require access to the issue’s project; upload and delete require write access.

Milestones

MethodEndpointDescription
GET/api/orgs/{id}/projects/{projectId}/milestonesList project milestones
POST/api/orgs/{id}/projects/{projectId}/milestonesCreate milestone
GET/api/orgs/{id}/milestones/{milestoneId}Get milestone
PATCH/api/orgs/{id}/milestones/{milestoneId}Update milestone
DELETE/api/orgs/{id}/milestones/{milestoneId}Delete milestone

Goals, KPIs, and initiatives

MethodEndpointDescription
GET/api/orgs/{id}/goalsList goals
POST/api/orgs/{id}/goalsCreate goal
GET/api/orgs/{id}/goals/{goalId}Get goal
PATCH/api/orgs/{id}/goals/{goalId}Update goal
DELETE/api/orgs/{id}/goals/{goalId}Delete goal, owner/admin only
GET/api/orgs/{id}/kpisList KPIs
POST/api/orgs/{id}/kpisCreate KPI
GET/api/orgs/{id}/kpis/{kpiId}Get KPI
PATCH/api/orgs/{id}/kpis/{kpiId}Update KPI
DELETE/api/orgs/{id}/kpis/{kpiId}Delete KPI, owner/admin only
GET/api/orgs/{id}/kpis/{kpiId}/snapshotsList KPI snapshots
POST/api/orgs/{id}/kpis/{kpiId}/snapshotsRecord KPI snapshot
GET/api/orgs/{id}/kpi-http-sync-policyList exact-host KPI HTTP sync allowlist policy
POST/api/orgs/{id}/kpi-http-sync-policyAdd an allowed exact host, human admin only
GET/api/orgs/{id}/kpi-http-syncsList org-wide KPI HTTP sync review rows for Settings; includes can_manage; admins get config/secret metadata, members get redacted status rows
GET/api/orgs/{id}/kpis/{kpiId}/http-syncsList KPI HTTP syncs
POST/api/orgs/{id}/kpis/{kpiId}/http-syncsCreate a draft KPI HTTP sync
PUT/api/orgs/{id}/kpis/{kpiId}/http-syncsValidate a proposed KPI HTTP sync config without storing or running it
GET/api/orgs/{id}/kpis/{kpiId}/http-syncs/{syncId}Get a KPI HTTP sync
PATCH/api/orgs/{id}/kpis/{kpiId}/http-syncs/{syncId}Update a KPI HTTP sync draft, human admin only
POST/api/orgs/{id}/kpis/{kpiId}/http-syncs/{syncId}/validateValidate a stored sync, human admin only
GET/api/orgs/{id}/kpis/{kpiId}/http-syncs/{syncId}/secretsList sanitized secret metadata, human admin only
PUT/api/orgs/{id}/kpis/{kpiId}/http-syncs/{syncId}/secretsAdd or replace a sync secret value, human admin only
POST/api/orgs/{id}/kpis/{kpiId}/http-syncs/{syncId}/dry-runExecute a sanitized dry run without writing a snapshot, human admin only
POST/api/orgs/{id}/kpis/{kpiId}/http-syncs/{syncId}/publishPublish a validated, dry-run sync, human admin only
POST/api/orgs/{id}/kpis/{kpiId}/http-syncs/{syncId}/disableDisable a sync, human admin only
POST/api/orgs/{id}/kpis/{kpiId}/http-syncs/{syncId}/run-nowPreview by default; write a snapshot only with explicit admin confirmation
GET/api/orgs/{id}/kpis/{kpiId}/http-syncs/{syncId}/runsList sanitized sync run history (human admin only)
GET/api/orgs/{id}/initiativesList initiatives; optional project_id, required for guest/project-scoped callers
POST/api/orgs/{id}/initiativesCreate initiative; optional project_id/projectId, required and editable for guest/project-scoped callers
GET/api/orgs/{id}/initiatives/{initiativeId}Get initiative
PATCH/api/orgs/{id}/initiatives/{initiativeId}Update initiative
DELETE/api/orgs/{id}/initiatives/{initiativeId}Delete initiative, owner/admin only
POST/api/orgs/{id}/initiatives/{initiativeId}/projectsAdd project to initiative
DELETE/api/orgs/{id}/initiatives/{initiativeId}/projectsRemove project from initiative
GET/api/orgs/{id}/initiatives/{initiativeId}/kpi-impactsList KPI impact links
POST/api/orgs/{id}/initiatives/{initiativeId}/kpi-impactsAdd KPI impact link
DELETE/api/orgs/{id}/initiatives/{initiativeId}/kpi-impacts/{impactId}Remove KPI impact link
GET/api/orgs/{id}/initiatives/{initiativeId}/issuesList linked issue links; add ?details=1 for accessible task details from linked projects, direct issue links, and linked milestones
POST/api/orgs/{id}/initiatives/{initiativeId}/issuesLink issue
DELETE/api/orgs/{id}/initiatives/{initiativeId}/issues/{issueId}Unlink issue
GET/api/orgs/{id}/initiatives/{initiativeId}/milestonesList linked milestones
POST/api/orgs/{id}/initiatives/{initiativeId}/milestonesLink milestone
DELETE/api/orgs/{id}/initiatives/{initiativeId}/milestones/{milestoneId}Unlink milestone
GET/api/orgs/{id}/initiatives/{initiativeId}/targetsList initiative targets
POST/api/orgs/{id}/initiatives/{initiativeId}/targetsCreate target
GET/api/orgs/{id}/initiatives/{initiativeId}/targets/{targetId}Get target
PATCH/api/orgs/{id}/initiatives/{initiativeId}/targets/{targetId}Update target
DELETE/api/orgs/{id}/initiatives/{initiativeId}/targets/{targetId}Delete target
GET/api/orgs/{id}/initiatives/{initiativeId}/targets/{targetId}/issuesList target issue links
POST/api/orgs/{id}/initiatives/{initiativeId}/targets/{targetId}/issuesLink issue to target
DELETE/api/orgs/{id}/initiatives/{initiativeId}/targets/{targetId}/issues/{issueId}Unlink issue from target
GET/api/orgs/{id}/initiatives/{initiativeId}/targets/{targetId}/milestonesList target milestone links
POST/api/orgs/{id}/initiatives/{initiativeId}/targets/{targetId}/milestonesLink milestone to target
DELETE/api/orgs/{id}/initiatives/{initiativeId}/targets/{targetId}/milestones/{milestoneId}Unlink milestone from target
GET/api/orgs/{id}/heartbeatAgent heartbeat context
GET/api/orgs/{id}/strategy/auditAudit strategy chain for structural gaps + health issues (guests forbidden)
Initiative targets are not KPI snapshots. Use progress targets for initiative outputs and gate targets for launch prerequisites where pace language would be misleading.

Members, teams, agents, and integrations

MethodEndpointDescription
GET/api/orgs/{id}/membersList members. Supports `type=humanagent; owner/admin callers can add includeEmail=1` to hydrate joined human account emails for settings/admin views.
POST/api/orgs/{id}/membersInvite human member
POST/api/orgs/{id}/invitations/{invitationId}/resendResend a pending invitation; cooldown returns 429 with Retry-After
PATCH/api/orgs/{id}/members/{memberId}Update member
DELETE/api/orgs/{id}/members/{memberId}Remove member
GET/api/orgs/{id}/member-onboardingRead current human member onboarding
PATCH/api/orgs/{id}/member-onboardingUpdate current human member onboarding
GET/api/orgs/{id}/profileGet current member record
POST/api/orgs/{id}/members/{memberId}/avatarUpload avatar to the public avatars bucket
DELETE/api/orgs/{id}/members/{memberId}/avatarRemove avatar
GET/api/orgs/{id}/teamsList teams
POST/api/orgs/{id}/teamsCreate team
PATCH/api/orgs/{id}/teams/{teamId}Update team
DELETE/api/orgs/{id}/teams/{teamId}Delete team
GET/api/orgs/{id}/teams/{teamId}/membersList team members
POST/api/orgs/{id}/teams/{teamId}/membersAdd member to team
DELETE/api/orgs/{id}/teams/{teamId}/members/{memberId}Remove member from team
GET/api/orgs/{id}/agentsList agents, owner/admin
GET/api/orgs/{id}/agents/manageableList agents the current human can manage
POST/api/orgs/{id}/agentsCreate org, project-scoped, or personal agent
DELETE/api/orgs/{id}/agents/{agentId}Revoke manageable agent
PATCH/api/orgs/{id}/agents/{agentId}/projectsReplace project access for a manageable non-personal agent
POST/api/orgs/{id}/projects/{projectId}/agentsGrant selected manageable agents access to a project
GET/api/orgs/{id}/agents/{agentId}/keysList manageable agent keys
POST/api/orgs/{id}/agents/{agentId}/keysGenerate manageable agent key
DELETE/api/orgs/{id}/agents/{agentId}/keys/{keyId}Revoke manageable agent key
POST/api/orgs/{id}/agents/{agentId}/rotateRotate all manageable agent keys
POST/api/orgs/{id}/agents/{agentId}/install-snippetsGenerate manageable agent install snippets
GET/api/orgs/{id}/integrationsList integrations, owner/admin
POST/api/orgs/{id}/integrationsCreate integration
DELETE/api/orgs/{id}/integrations/{integrationId}Revoke integration
GET/api/orgs/{id}/integrations/{integrationId}/keysList integration keys
POST/api/orgs/{id}/integrations/{integrationId}/keysGenerate integration key
DELETE/api/orgs/{id}/integrations/{integrationId}/keys/{keyId}Revoke integration key
Existing legacy avatar URLs in the old attachments bucket are served through an authenticated compatibility proxy after issue attachments become private. Agent creation scopes: send { name, projectIds: [...] } for a project-scoped guest agent, or legacy { name, projectId, projectIds? } to include a default project. Send { name, personal: true } for a personal guest agent that inherits the human owner’s project access; personal creation rejects explicit projectId or projectIds. Omitting project scope creates an org-wide agent and remains owner/admin-only.

Boards, views, templates, updates, and analytics

MethodEndpointDescription
GET/api/orgs/{id}/projects/{projectId}/board-columnsList board columns, including optional agent guidance descriptions
POST/api/orgs/{id}/projects/{projectId}/board-columnsCreate board column (description?)
PATCH/api/orgs/{id}/projects/{projectId}/board-columns/{columnId}Update board column (description?, use null to clear)
DELETE/api/orgs/{id}/projects/{projectId}/board-columns/{columnId}Delete board column
PUT/api/orgs/{id}/projects/{projectId}/board-columns/reorderReorder board columns
GET/api/orgs/{id}/projects/{projectId}/board-contextGet board milestone and initiative focus context
GET/api/orgs/{id}/projects/{projectId}/board-viewsList board views
POST/api/orgs/{id}/projects/{projectId}/board-viewsCreate board view
PATCH/api/orgs/{id}/projects/{projectId}/board-views/{viewId}Update board view
DELETE/api/orgs/{id}/projects/{projectId}/board-views/{viewId}Delete board view
GET/api/orgs/{id}/projects/{projectId}/custom-viewsList custom views
POST/api/orgs/{id}/projects/{projectId}/custom-viewsCreate custom view
PATCH/api/orgs/{id}/projects/{projectId}/custom-views/{viewId}Update custom view
DELETE/api/orgs/{id}/projects/{projectId}/custom-views/{viewId}Delete custom view
GET/api/orgs/{id}/templates?projectId=...List issue templates
POST/api/orgs/{id}/templatesCreate issue template
PATCH/api/orgs/{id}/templates/{templateId}Update issue template
DELETE/api/orgs/{id}/templates/{templateId}Delete issue template
GET/api/orgs/{id}/projects/{projectId}/status-updatesList project status updates
POST/api/orgs/{id}/projects/{projectId}/status-updatesCreate project status update
GET/api/orgs/{id}/analytics?from=...&to=...Get analytics
GET/api/orgs/{id}/activityOrganization activity feed

Automation, webhooks, billing, and GitHub

MethodEndpointDescription
GET/api/orgs/{id}/automation-rulesList automation rules
POST/api/orgs/{id}/automation-rulesCreate automation rule
GET/api/orgs/{id}/automation-rules/{ruleId}Get automation rule
PUT/api/orgs/{id}/automation-rules/{ruleId}Update automation rule
DELETE/api/orgs/{id}/automation-rules/{ruleId}Delete automation rule
GET/api/orgs/{id}/automation-rules/{ruleId}/activityRule execution history
POST/api/orgs/{id}/automation-rules/{ruleId}/testDry-run test
GET/api/webhooks?orgId=...List outbound webhooks
POST/api/webhooks?orgId=...Create outbound webhook
DELETE/api/webhooks/{id}Delete outbound webhook
GET/api/webhooks/{id}/deliveriesList webhook deliveries
POST/api/webhooks/{id}/redeliver/{deliveryId}Redeliver webhook delivery
POST/api/webhooks/{id}/testSend webhook test event
GET/api/orgs/{id}/billingGet billing state; owner/admin read requests sync Stripe first and return 502 if that sync fails
POST/api/orgs/{id}/billing/checkoutStart a self-serve Stripe billing flow
POST/api/orgs/{id}/billing/portalCreate Stripe Billing Portal Session
GET/api/orgs/{id}/github-connectionsList GitHub connections
GET/api/integrations/github/reposList available repos
POST/api/integrations/github/connectConnect repo
POST/api/integrations/github/disconnectDisconnect repo

Notifications and public endpoints

MethodEndpointDescription
GET/api/orgs/{id}/notificationsList unread actionable notifications for the current org member
POST/api/orgs/{id}/notifications/{notificationId}/ackAcknowledge a current-member notification
GET/api/orgs/{id}/notifications/preferencesRead current-member notification preferences, including default-on mention notifications
POST/api/orgs/{id}/notifications/preferencesUpdate current-member notification preferences, including mention opt-out and cleanup
GET/api/notificationsList notifications
POST/api/notifications/{id}/readMark notification as read
POST/api/notifications/read-allMark all notifications as read
GET/api/healthHealth check
POST/api/feedbackPublic platform feedback endpoint, no auth
Current-member notifications can include mention.created, issue.assigned, comment.added, and issue.status_changed. Comment writes can request structured mentions with mentions[].member_id or comment_mentions[].member_id; comment-create responses include mention fanout proof. Notification preferences currently support mention opt-out for mention.created. Disabling in-app mention.created delivery also attempts to acknowledge that member’s currently unread mention notifications; when cleanup succeeds, muted mentions leave both the bell and heartbeat attention_items.