API Reference
Build custom integrations, automations, and dashboards on top of Gryphin. Our REST API exposes the same surface our own product uses — boards, cards, comments, members, and events.
Overview
The Gryphin API is a RESTful service that returns JSON. The base URL is https://api.gryphin.app/v1. Every endpoint is versioned, idempotent where it makes sense, and follows standard HTTP semantics.
- REST + JSON — predictable URLs, standard verbs, cursor pagination
- Bearer auth — API keys scoped to workspaces with granular permissions
- Webhooks — subscribe to 30+ events with signed HMAC payloads
- Generous limits — 1,000 requests/minute on Pro, 5,000 on Business
- Official SDKs — TypeScript, Python, Go, and Ruby — all open source
Authentication
Generate an API key
Go to Settings → Developer → API Keys and click "Create key". Give it a name (e.g. "Backup script") and choose a scope.
Store it securely
Keys are shown once. Save them to a secret manager — never commit to source control or expose to a client browser.
Authenticate every request
Pass your key in the Authorization header as a Bearer token. All requests must use HTTPS.
Build with confidence
Every endpoint is documented with example requests, response schemas, and error codes. Start with a GET to verify auth, then build from there.
1curl https://api.gryphin.app/v1/me \2-H "Authorization: Bearer gryph_live_sk_••••••••••••••" \3-H "Content-Type: application/json"
Rate limits
Each response includes X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers. If you exceed the limit you'll receive a 429 — retry after the reset timestamp using exponential backoff.
Limits by plan
- Free: 60 requests / minute
- Pro: 1,000 requests / minute
- Business: 5,000 requests / minute
- Enterprise: custom, contact sales
Core endpoints
/v1/boards1curl https://api.gryphin.app/v1/boards?limit=20 \2-H "Authorization: Bearer $GRYPHIN_API_KEY"
1{2"data": [3{4"id": "brd_1a2b3c",5"name": "Q2 Roadmap",6"workspace_id": "wks_abc123",7"created_at": "2026-04-01T10:30:00Z"8}9],10"next_cursor": null11}
/v1/cards1curl https://api.gryphin.app/v1/cards \2-X POST \3-H "Authorization: Bearer $GRYPHIN_API_KEY" \4-H "Content-Type: application/json" \5-d '{6"board_id": "brd_1a2b3c",7"column_id": "col_todo",8"title": "Ship the API docs",9"labels": ["docs", "p1"]10}'
1{2"id": "crd_xyz789",3"title": "Ship the API docs",4"column_id": "col_todo",5"position": 4096,6"created_at": "2026-05-14T09:12:00Z"7}
/v1/cards/{id}1curl https://api.gryphin.app/v1/cards/crd_xyz789 \2-X PATCH \3-H "Authorization: Bearer $GRYPHIN_API_KEY" \4-d '{ "due_date": "2026-06-01" }'
/v1/cards/{id}Webhooks
Subscribe to events to get push notifications when things change. Every payload is signed with HMAC-SHA256 using your endpoint's signing secret — verify it before processing.
1import crypto from 'node:crypto';2export function verify(payload, header, secret) {4const expected = crypto5.createHmac('sha256', secret)6.update(payload)7.digest('hex');8return crypto.timingSafeEqual(9Buffer.from(expected),10Buffer.from(header)11);12}
Official SDKs
Skip the curl. Our SDKs handle auth, retries, pagination, and webhook verification automatically. All are open source on GitHub.
1import { Gryphin } from '@gryphin/sdk';2const gryphin = new Gryphin({ apiKey: process.env.GRYPHIN_API_KEY });4const card = await gryphin.cards.create({6boardId: 'brd_1a2b3c',7columnId: 'col_todo',8title: 'Ship the API docs',9});10console.log(card.id);
Full API reference
Every endpoint, schema, and example in one interactive playground — try requests live with your own API key.
Open the API explorerWas this article helpful?
Let us know how we can improve