Build smarter workflows with the Orqit Developer API

Overview

The Orqit API lets you create integrations for ticketing, assets, projects, and user workflows without crossing tenant boundaries.

Authentication

Use API keys with Authorization: Bearer <key> on every request.

Authorization: Bearer orq_your_api_key_here
X-API-Key: orq_your_api_key_here

API Keys

Keys are shown once at creation and stored hashed with SHA-256. Create one key per integration and scope minimally.

Create keys in your workspace: Settings → API Keys or Admin → Developer → API Keys. Required scopes: tickets:read to list/get, tickets:write to create or update.

Tenant: The API does not use subdomain/slug on the request. Data is always scoped to the tenant of the user who created the key.

Base URL

Local development: http://localhost:8080/api/public/v1

Postman / HTTP clients

1. Set Authorization → Bearer Token to your full orq_... key (do not add the word Bearer in the token field — Postman adds it).
2. For JSON bodies, set Content-Type: application/json.
3. Health check (no key): GET /api/public/v1/ping

Scopes & Permissions

Common scopes: tickets:read, tickets:write, assets:read, assets:write, projects:read, projects:write, users:read, kb:read, webhooks:manage.

Rate Limiting

Per API key: 60 req/min global, 30 req/min per endpoint group.

{
  "success": false,
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Too many requests. Retry after 43 seconds.",
    "retryAfterSeconds": 43
  }
}

Pagination

Use page and perPage (max 100) on list endpoints.

Errors

All errors use ApiResponse with machine-readable codes like INSUFFICIENT_SCOPE and INVALID_API_KEY.

Tickets

List tickets (GET)

Query parameters: page (default 1), perPage (max 100), optional status, priority, assigneeId.

curl -s "https://your-workspace.orqit.com/api/public/v1/tickets?page=1&perPage=20" \
  -H "Authorization: Bearer orq_your_api_key_here"

{
  "success": true,
  "data": [ { "id": 1, "ticketNumber": "TCK-1", "title": "...", "status": "OPEN" } ],
  "meta": { "page": 1, "perPage": 20, "totalCount": 42 }
}

Get one ticket (GET)

curl -s "https://your-workspace.orqit.com/api/public/v1/tickets/42" \
  -H "Authorization: Bearer orq_your_api_key_here"

Create incident (POST)

Required JSON fields: title, description, type (INCIDENT, PROBLEM, CHANGE, SERVICE_REQUEST), and either category or categoryConfigId.

Category values: SOFTWARE, HARDWARE, NETWORK, ACCESS, EMAIL, OTHER. Priority: LOW, MEDIUM, HIGH, CRITICAL (optional).

{
  "title": "VPN not connecting",
  "description": "User cannot connect to corporate VPN from home.",
  "type": "INCIDENT",
  "category": "NETWORK",
  "priority": "MEDIUM"
}

curl -s -X POST "https://your-workspace.orqit.com/api/public/v1/tickets" \
  -H "Authorization: Bearer orq_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"title":"VPN not connecting","description":"User cannot connect.","type":"INCIDENT","category":"NETWORK","priority":"MEDIUM"}'

Optional fields: assigneeId, watcherUserIds, parentId, customFields.

Assets

Projects & Tasks

Create task (POST)

{
  "title": "API task",
  "description": "Optional details",
  "priority": "MEDIUM"
}

Users

Webhooks

Webhook events are signed in X-Orqit-Signature using HMAC SHA-256.

HTTP Status Codes

Success: 200/201 · Client errors: 400/401/403/404/429 · Server error: 500.

Changelog

v1.0 — initial stable release for Tickets, Assets, Projects, Users, and Webhooks.