Glint

English

中文

English

中文

Appearance

API Reference

Glint exposes a REST API served by a Cloudflare Worker. All requests and responses use JSON (Content-Type: application/json).

Base URL

All endpoints are relative to the Glint worker origin:

https://glint.your-domain.com

Authentication

Most endpoints require an authenticated session established via Prism OAuth. Authentication is tracked with an httpOnly cookie named session. Cross-app endpoints use Authorization: Bearer <token> instead.

See Authentication API for full details on the login flow.

Endpoint Index

Init & Config

MethodPathAuthDescription
GET/api/init/statusNoneCheck if the app has been initialized
POST/api/init/setupNoneFirst-time setup: create tables, save config
GET/api/init/brandingNonePublic: get site name and logo URL
GET/api/init/configNoneGet full app config (Prism settings)
PUT/api/init/configSessionUpdate app config (owner only after init)

Auth

MethodPathAuthDescription
GET/api/auth/configNoneGet Prism OAuth config for the frontend
GET/api/auth/meCookieGet current user (or null); renews session
POST/api/auth/callbackNoneExchange OAuth code for session; sets cookie
POST/api/auth/logoutCookieDestroy session; clears cookie

User Settings

MethodPathAuthDescription
GET/api/user/settingsSessionGet user preferences (action bar, transport)
PUT/api/user/settingsSessionUpdate user preferences

Team Settings

MethodPathAuthDescription
GET/api/teams/:teamId/settingsSessionGet team branding & settings
PATCH/api/teams/:teamId/settingsSessionUpdate team settings (manage_settings)

Permissions

MethodPathAuthDescription
GET/api/teams/:teamId/permissionsSessionFull permission matrix (defaults + overrides)
GET/api/teams/:teamId/permissions/meSessionEffective permissions for current user
PUT/api/teams/:teamId/permissionsSessionBatch update permissions (manage_permissions)
DELETE/api/teams/:teamId/permissionsSessionReset permissions for a scope to defaults

Todo Sets

MethodPathAuthDescription
GET/api/teams/:teamId/setsSessionList all sets (auto-creates default if empty)
POST/api/teams/:teamId/setsSessionCreate a set (manage_sets)
PATCH/api/teams/:teamId/sets/:setIdSessionRename a set (manage_sets or owner)
DELETE/api/teams/:teamId/sets/:setIdSessionDelete a set and all todos (manage_sets)
POST/api/teams/:teamId/sets/reorderSessionBatch update set sort orders (manage_sets)

Todos

MethodPathAuthDescription
GET/api/teams/:teamId/sets/:setId/todosSessionList todos in a set (view_todos)
POST/api/teams/:teamId/sets/:setId/todosSessionCreate a todo or sub-todo
PATCH/api/teams/:teamId/todos/:idSessionUpdate title, completion, or sort order
DELETE/api/teams/:teamId/todos/:idSessionDelete todo and its sub-todos (cascade)
POST/api/teams/:teamId/todos/reorderSessionBatch update todo sort orders (reorder_todos)

Comments

MethodPathAuthDescription
GET/api/teams/:teamId/todos/:todoId/commentsSessionList comments on a todo
POST/api/teams/:teamId/todos/:todoId/commentsSessionAdd a comment (comment)
DELETE/api/teams/:teamId/todos/:todoId/comments/:commentIdSessionDelete a comment

Cross-App (Bearer Token)

MethodPathAuthScopeDescription
GET/api/cross-app/teams/:teamId/setsBearerread_todosList sets
GET/api/cross-app/teams/:teamId/sets/:setId/todosBearerread_todosList todos in a set
POST/api/cross-app/teams/:teamId/sets/:setId/todosBearerwrite_todosCreate a todo
PATCH/api/cross-app/teams/:teamId/todos/:todoIdBearerwrite_todosUpdate todo title or completion
DELETE/api/cross-app/teams/:teamId/todos/:todoIdBearerdelete_todosDelete a todo

Error Responses

All errors return JSON with an error field:

json
{ "error": "Human-readable description" }

Common Status Codes

CodeMeaning
400Bad request — missing or invalid fields
401Unauthenticated — no session cookie, session expired, or bearer token inactive
403Forbidden — valid session/token but insufficient permission or team membership
404Not found — resource does not exist or does not belong to the given team
502Bad gateway — Glint could not reach Prism (for cross-app introspection calls)