Overview
The Adminest API allows you to programmatically interact with documents, tasks, and other features. All API endpoints require authentication using JWT tokens from Auth0.Base URL
Authentication
All API requests require a valid JWT bearer token in the Authorization header:Request Format
- All request bodies should be JSON (
Content-Type: application/json) - File uploads use
multipart/form-data
Response Format
All responses are JSON with the following structure: Success Response:HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Success |
| 201 | Created |
| 400 | Bad Request - Invalid parameters |
| 401 | Unauthorized - Invalid or missing token |
| 403 | Forbidden - Insufficient permissions |
| 404 | Not Found |
| 500 | Server Error |
Rate Limiting
API requests are rate limited to:- 100 requests per minute per user
- 1000 requests per hour per user
Security
All API inputs are validated and sanitized server-side. Search parameters are escaped to prevent injection attacks, and error responses never expose internal system details. Admin endpoints enforce strict format validation on all path parameters. Admin authorization uses exact email matching to prevent spoofing via substring attacks.Data Protection
Adminest runs automated daily backups of all data. Backups are stored securely in Azure Blob Storage with 30-day retention and 14-day soft delete protection on document files. The platform health endpoint monitors backup freshness and alerts if backups are stale. Rate limit headers are included in responses:Quick Start
- Get an API token via Auth0 authentication
- Make a test request:
API Reference
Authentication
How to authenticate API requests
Documents
Upload, list, and manage documents
Tasks
Create and manage tasks
Chat
AI assistant interactions