REST API reference for the WorkHub portal. Base URL: https://portal.smmheadshot.ru
httpOnly cookie by POST /api/auth/login. Include credentials (credentials: "include") in fetch requests. Endpoints marked Public require no authentication. Admin-only endpoints return 403 for non-admin roles.429 Too Many Requests with a Retry-After header./api/auth/loginPublicAuthenticate user by login + password. Returns JWT in httpOnly cookie. May return needsMfa: true for MFA-enabled accounts.
{
"username": "ivanov",
"password": "secret123"
}{
"role": "admin",
"empId": 1,
"orgId": 1
}
// or MFA step:
{
"needsMfa": true,
"tempToken": "eyJ..."
}/api/auth/forgot-passwordPublicSend password reset link to the email associated with the account.
{
"email": "user@company.com"
}{ "ok": true }/api/auth/reset-passwordPublicReset password using the token from the email link.
{
"token": "abc123...",
"password": "newPass456"
}{ "ok": true }/api/signupPublicRegister a new organization. Creates org, admin employee, user, trial subscription, default game config.
{
"orgName": "My Company",
"name": "Admin Name",
"email": "admin@company.com",
"password": "secret123"
}{
"ok": true,
"slug": "my-company"
}/api/auth/meCookie (JWT)Return current session data: employee ID, role, name, feature flags, subscription status, platform announcements.
{
"empId": 1,
"orgId": 1,
"name": "Ivanov Ivan",
"role": "admin",
"adminSections": [],
"featureFlags": { "arena": true },
"subscriptionStatus": "active",
"trialEndsAt": null
}/api/employees/[id]Cookie (JWT)Get employee profile by ID. Non-admin users receive limited fields (no salary/sensitive data).
{
"id": 1,
"name": "Ivanov Ivan",
"role": "developer",
"department": "Engineering",
"level": 5,
"xp": 12400,
"hc": 3500
}/api/billing/subscriptionCookie (admin)Get current subscription. Auto-creates trial if missing.
{
"id": 1,
"plan": "standard",
"status": "trial",
"billingCycle": "monthly",
"monthlyPricePerEmployee": 199000,
"employeeCount": 12,
"trialEndsAt": "2026-04-22T00:00:00.000Z"
}/api/billing/invoiceCookie (admin)List all invoices for the current organization, ordered by creation date desc.
[
{
"id": 1,
"number": "INV-2026-001",
"amount": 2388000,
"status": "paid",
"issuedAt": "2026-04-01T00:00:00.000Z",
"paidAt": "2026-04-02T10:00:00.000Z"
}
]/api/billing/invoiceCookie (admin)Create a new invoice manually (for ad-hoc billing or plan changes).
{
"subscriptionId": 1,
"periodStart": "2026-04-01",
"periodEnd": "2026-04-30"
}{
"id": 2,
"number": "INV-2026-002",
"amount": 2388000,
"status": "pending"
}/api/billing/invoice/[id]/pdfCookie (admin)Download invoice as PDF. Returns Content-Type: application/pdf.
Binary PDF file
/api/billing/invoice/[id]/actCookie (admin)Download act of completed services as PDF.
Binary PDF file
/api/billing/create-paymentCookie (admin)Initiate payment for an invoice. Returns a payment URL for the payment gateway.
{
"invoiceId": 2
}{
"paymentUrl": "https://pay.example.com/...",
"paymentId": "pay_abc123"
}/api/tasks/spaces-with-boardsCookie (JWT)List task spaces the current user has access to, including boards and columns. Admins see all spaces.
[
{
"id": 1,
"name": "Development",
"boards": [
{
"id": 1,
"name": "Sprint 12",
"columns": [
{ "id": 1, "name": "To Do", "order": 0 },
{ "id": 2, "name": "In Progress", "order": 1 },
{ "id": 3, "name": "Done", "order": 2 }
]
}
]
}
]This documents the primary public and tenant API endpoints. The full portal includes 273+ routes for admin, gamification, HR, and more.
WorkHub Portal © 2026