API

API Reference

Reqflow provides a REST API for advanced integrations. Use these endpoints to programmatically access features, votes, and comments.

Base URL

https://reqflow.com/api

Authentication

Public endpoints (for mobile app users) require user information via URL parameters or headers:

Parameter	Type	Description
`user_id`Required	string	Unique identifier for the user (UUID format)
`user_name`	string	Display name for the user. If not provided, a fun random name is generated (e.g., "HappyPanda42")
`user_email`	string	User's email address

Admin Access

Admin endpoints require authentication via session cookies (after logging in to the dashboard).

Secure Authentication (Optional)

For enhanced security, you can enable HMAC signature verification to prevent user impersonation. When enabled, requests must include a signature generated by your backend.

Parameter	Type	Description
`x-api-signature`	string	HMAC-SHA256 signature of "user_id:timestamp" (hex encoded)
`x-api-timestamp`	string	Unix timestamp in seconds (must be within 5 minutes)

The signature is computed as: HMAC-SHA256(secret, "user_id:timestamp")

Signature Generation (Node.js)

// Example: generating a signature
const crypto = require('crypto');

const secret = process.env.REQFLOW_SECRET;
const userId = 'user-123';
const timestamp = Math.floor(Date.now() / 1000).toString();
const payload = `${userId}:${timestamp}`;

const signature = crypto
  .createHmac('sha256', secret)
  .update(payload)
  .digest('hex');

// Send these headers with your request:
// x-api-signature: <signature>
// x-api-timestamp: <timestamp>

Optional Feature

Signature verification is optional. If not configured on the server, requests work without signatures. See the integration guides for platform-specific examples.

Endpoints

Explore the available API endpoints:

Features

List, create, and manage feature requests

→

Votes

Add and remove votes on features

→

Comments

Add and list comments on features

→

Response Format

All API responses are in JSON format. Successful responses return the requested data directly:

Success Response

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "title": "Dark mode support",
  "description": "Add dark mode to the app",
  "status": "planned",
  "vote_count": 24,
  "created_at": "2024-01-15T10:30:00Z"
}

Error responses include an error message:

Error Response

{
  "error": "Feature not found"
}

HTTP Status Codes

Parameter	Type	Description
`200`	-	Success
`201`	-	Created (for POST requests)
`400`	-	Bad request (invalid parameters)
`401`	-	Unauthorized (missing or invalid auth)
`404`	-	Not found
`500`	-	Server error