API Reference

All 79 REST endpoints exposed by the TimeTrack API at https://api.timetracker.cargoffer.com. Authentication via Bearer token (Clerk JWT). Full machine-readable spec at /api/openapi.json.

Base URL

https://api.timetracker.cargoffer.com

Authentication

All endpoints (except /health, /ready, and /config) require a Bearer token:

Authorization: Bearer eyJhbGc...your-clerk-jwt

You can obtain a token via Clerk's frontend SDK or use an API key for server-to-server access.

Endpoints by Module

api-keys

Manage API keys for programmatic access to TimeTrack. Create, list, revoke, and export keys. Get usage statistics for billing and rate limiting. Each user can have one active key at a time.

GET /api/v1/api-keys

List Api Keys

List all API keys for the authenticated user (without raw key).

Responses

  • 200: Successful Response
POST /api/v1/api-keys

Create Api Key

Create a new API key for the authenticated user.

The raw key is returned ONLY in this response. Store it securely.
Max 1 active key per account.

Args:
name: Optional name/label for the key (default: 'Default').

Returns:
The full key details INCLUDING raw_key (one-time only).

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
DELETE /api/v1/api-keys/{key_id}

Revoke Api Key

Revoke (soft-delete) an API key. It will no longer work.

Parameters

  • key_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/api-keys/stats

Get Api Key Stats

Get usage stats for the user's active API key.

Only works if the user has exactly one active key.

Parameters

  • period (query) optional — Period: 24h, 7d, 30d, 90d

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/api-keys/export

Export Api Key Usage

Export usage logs as CSV for the user's active API key.

Parameters

  • period (query) optional — Period: 30d, 90d, all

Responses

  • 200: Successful Response
  • 422: Validation Error

billing

Stripe-powered subscription billing. Create checkout sessions for new subscriptions, manage existing subscriptions via the customer portal, retrieve plans, and handle webhooks. The billing module is shared with the TentPole ecosystem.

GET /api/v1/billing/plans

Get Plans

Return cached pricing plans from Stripe.

Public endpoint — no authentication required.
Cache TTL is 10 minutes. Falls back to cache if Stripe is unreachable.
Use ?refresh=true to force a fresh fetch from Stripe.

Parameters

  • refresh (query) optional

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/billing/create-checkout-session

Create Checkout Session

Create a Stripe Checkout Session for the authenticated user's organization.

Requires authentication. Uses the user's org from their token.

Request Body

required

Responses

  • 200: Successful Response
  • 400: Bad Request
  • 500: Internal Server Error
  • 422: Validation Error
POST /api/v1/billing/create-portal-session

Create Portal Session

Create a Stripe Billing Portal session for the authenticated user's organization.

Requires authentication. Customer must already exist.

Request Body

required

Responses

  • 200: Successful Response
  • 400: Bad Request
  • 500: Internal Server Error
  • 422: Validation Error
POST /api/v1/billing/webhook

Stripe Webhook

Handle incoming Stripe webhook events.

No authentication — relies on Stripe webhook signature verification.
The raw request body is required for signature verification.

Responses

  • 200: Successful Response
GET /api/v1/billing/subscription

Get Subscription

Get the current subscription status for the authenticated user's organization.

Returns the plan type, subscription status, and related Stripe info.

Responses

  • 200: Successful Response

clients

CRUD operations for client management. Clients are organizations you bill time to. Each client can have multiple projects, and you can track time against those projects.

GET /api/v1/clients

List Clients

Responses

  • 200: Successful Response
POST /api/v1/clients

Create Client

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/clients/{client_id}

Get Client

Get a single client by ID.

Parameters

  • client_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error
PUT /api/v1/clients/{client_id}

Update Client

Parameters

  • client_id (path) required

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
DELETE /api/v1/clients/{client_id}

Delete Client

Parameters

  • client_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error

dashboard

Dashboard analytics endpoints. Get real-time stats on active timers, today's totals, and weekly summaries. Designed for the main dashboard view in the frontend.

GET /api/v1/dashboard/active-now

Active Now

Get all members with active timers.

Responses

  • 200: Successful Response
GET /api/v1/dashboard/today

Today Stats

Get today's hours for the user's organization.

Responses

  • 200: Successful Response
GET /api/v1/dashboard/week

Week Stats

Get this week's hours.

Responses

  • 200: Successful Response

geo

Geolocation endpoints for time entries. Attach GPS coordinates to time entries to verify where work was performed. Useful for distributed teams and contractor verification.

POST /api/v1/time-entries/{entry_id}/location

Store Location

Store geolocation data on a time entry.

Body: { lat: float, lng: float, accuracy?: float, timestamp?: str }

Parameters

  • entry_id (path) required

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error

health

Health check and readiness endpoints for monitoring the TimeTrack API. The /health endpoint returns 200 OK when the service is running. /ready checks database connectivity. /config exposes the public Clerk publishable key for client-side initialization.

GET /api/v1/health

Health Check

Responses

  • 200: Successful Response
GET /api/v1/ready

Ready Check

Responses

  • 200: Successful Response
GET /api/v1/config

Get Firebase Config

Return Firebase web config for frontend initialization.

Responses

  • 200: Successful Response

leaves

Time-off management. Request leaves, approve/reject requests, and manage organization holidays. Supports vacation, sick leave, and custom leave types.

GET /api/v1/leaves

List Leaves

Responses

  • 200: Successful Response
POST /api/v1/leaves

Create Leave

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
PUT /api/v1/leaves/{leave_id}/status

Update Leave Status

Parameters

  • leave_id (path) required

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/holidays

List Holidays

Parameters

  • year (query) optional

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/holidays

Create Holiday

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error

members

Team membership management. Invite members to your organization, assign roles (admin, manager, member), and activate/deactivate accounts.

GET /api/v1/members

List Members

List all members of the current user's organization.

Responses

  • 200: Successful Response
POST /api/v1/members/invite

Invite Member

Invite a new member to the organization. Admin only.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
PUT /api/v1/members/{member_id}/role

Update Role

Change a member's role. Admin only.

Parameters

  • member_id (path) required

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
DELETE /api/v1/members/{member_id}

Remove Member

Remove a member. Admin only.

Parameters

  • member_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error
PUT /api/v1/members/{member_id}/status

Update Member Status

Toggle or set a member's active status. Admin only.

Parameters

  • member_id (path) required

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error

organization

Organization management. Create, update, and query organizations. Each organization is the top-level container for projects, members, and time entries.

GET /api/v1/organization

Get Organization

Get the user's current organization (or first one if multiple).

Responses

  • 200: Successful Response
PUT /api/v1/organization

Update Organization

Update organization settings. Admin only.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/organization

Create Organization

Create a new organization. The creator becomes the owner.

Only users with 'multiple_orgs' feature can create more than one org.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/organization/all

List User Organizations

List ALL organizations this user belongs to.

Used by frontend to populate team selector dropdown.

Responses

  • 200: Successful Response
POST /api/v1/organization/{org_id}/invite

Invite User

Invite a user to the organization.

Admin/Manager only. Creates an invitation token sent via email.

Parameters

  • org_id (path) required

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/organization/invitations

Get My Invitations

Get pending invitations for the current user.

Responses

  • 200: Successful Response
POST /api/v1/organization/join

Join Organization

Join an organization using invitation token.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/organization/{org_id}/members

List Organization Members

List all members of an organization. Admin/Manager only.

Parameters

  • org_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error
DELETE /api/v1/organization/{org_id}/members/{member_id}

Remove Member

Remove a member from organization. Admin only.

Parameters

  • org_id (path) required
  • member_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error

pomodoro

Pomodoro technique integration. Configure work/break intervals, start/pause/resume sessions, and track completed cycles. Syncs with the timer module.

GET /api/v1/pomodoro/config

Get Config

Get the pomodoro configuration for the current user.

Responses

  • 200: Successful Response
PUT /api/v1/pomodoro/config

Update Config

Update pomodoro configuration.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/pomodoro/start

Start Timer

Start or restart the pomodoro timer.

Responses

  • 200: Successful Response
POST /api/v1/pomodoro/pause

Pause Timer

Pause the running pomodoro timer.

Responses

  • 200: Successful Response
POST /api/v1/pomodoro/resume

Resume Timer

Resume a paused pomodoro timer.

Responses

  • 200: Successful Response
POST /api/v1/pomodoro/complete

Complete Session

Mark the current pomodoro session as completed and advance phase.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/pomodoro/stats

Get Stats

Get pomodoro statistics for today or this week.

Parameters

  • period (query) optional

Responses

  • 200: Successful Response
  • 422: Validation Error

projects

Project CRUD operations. Create projects with budgets, hourly rates, and team assignments. Track time and costs against projects.

GET /api/v1/projects

List Projects

List projects for the user's organization.

Responses

  • 200: Successful Response
POST /api/v1/projects

Create Project

Create a new project.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/projects/{project_id}

Get Project

Get a single project with its time entries summary.

Parameters

  • project_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error
PUT /api/v1/projects/{project_id}

Update Project

Update a project.

Parameters

  • project_id (path) required

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
DELETE /api/v1/projects/{project_id}

Archive Project

Archive a project (soft delete).

Parameters

  • project_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error

reports

Reporting and analytics. Generate summary reports, detailed time entry lists, weekly breakdowns, and attendance reports. Export to CSV for accounting.

POST /api/v1/reports/summary

Summary Report

Aggregated summary by project/user.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/reports/detailed

Detailed Report

List all time entries with filters.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/reports/export/csv

Export Csv

Export detailed report as CSV download.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/reports/weekly

Weekly Report

Weekly breakdown — hours per day per member.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/reports/attendance

Attendance Report

Compare tracked vs expected hours.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error

tasks

Task management within projects. Create tasks, assign them to team members, and track time spent on each task independently.

GET /api/v1/projects/{project_id}/tasks

List Tasks

Parameters

  • project_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/projects/{project_id}/tasks

Create Task

Parameters

  • project_id (path) required

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
PUT /api/v1/projects/tasks/{task_id}

Update Task

Parameters

  • task_id (path) required

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
DELETE /api/v1/projects/tasks/{task_id}

Archive Task

Parameters

  • task_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error

time-entries

Core time tracking. Start/stop timers, create manual entries, retrieve active and recent entries. The heart of the application.

GET /api/v1/time-entries/active

Get Active Timer

Get the currently active timer for the user.

Responses

  • 200: Successful Response
PUT /api/v1/time-entries/active

Update Active Timer

Update the active timer (assign project/task while running).

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/time-entries/recent

Get Recent Entries

Get recent entries for quick continue.

Parameters

  • limit (query) optional

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/time-entries/start

Start Timer

Start a new timer.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/time-entries/stop

Stop Timer

Stop the active timer.

Request Body

optional

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/time-entries

Create Manual Entry

Create a manual time entry.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/time-entries

Get Entries

Get paginated entries with filters.

Parameters

  • page (query) optional
  • page_size (query) optional
  • project_id (query) optional
  • client_id (query) optional
  • task_id (query) optional
  • start_date (query) optional
  • end_date (query) optional

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/time-entries/continue/{entry_id}

Continue Entry

Start a new timer reusing a previous entry's details.

Parameters

  • entry_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/time-entries/{entry_id}

Get Entry

Get a single time entry by ID.

Parameters

  • entry_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/time-entries/{entry_id}/history

Get Entry History

Get audit history for a time entry.

Parameters

  • entry_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error

timesheets

Weekly timesheet management. Submit timesheets for approval, approve or reject submissions. Designed for payroll and billing workflows.

GET /api/v1/timesheets

List Timesheets

List timesheets. If year+week provided, get that week.

Parameters

  • year (query) optional
  • week (query) optional

Responses

  • 200: Successful Response
  • 422: Validation Error
GET /api/v1/timesheets/current

Get Current Timesheet

Get or build the current week's timesheet.

Responses

  • 200: Successful Response
POST /api/v1/timesheets/submit

Submit Timesheet

Submit current week's timesheet for approval.

Responses

  • 200: Successful Response
POST /api/v1/timesheets/approve/{timesheet_id}

Approve Timesheet

Approve a timesheet. Manager/Admin only.

Parameters

  • timesheet_id (path) required

Responses

  • 200: Successful Response
  • 422: Validation Error
POST /api/v1/timesheets/reject/{timesheet_id}

Reject Timesheet

Reject a timesheet with reason. Manager/Admin only.

Parameters

  • timesheet_id (path) required

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error

user

User profile and team management. Retrieve teams the user belongs to and switch active team context.

GET /api/v1/user/teams

List User Teams

List all organizations this user belongs to.

Responses

  • 200: Successful Response
PUT /api/v1/user/active-team

Set Active Team

Set the active team for the current user session.
The frontend stores this in localStorage — this endpoint
just validates that the user belongs to the requested team.

Request Body

required

Responses

  • 200: Successful Response
  • 422: Validation Error

Authentication Details

TimeTrack uses Clerk for authentication. There are two ways to authenticate API requests:

1. Clerk JWT (for user-context requests)

When a user logs in via the frontend, Clerk issues a JWT. Pass this token in the Authorization header:

curl -H "Authorization: Bearer $CLERK_JWT" \
     https://api.timetracker.cargoffer.com/api/v1/time-entries/active

2. API Key (for server-to-server)

Create an API key via POST /api/v1/api-keys or in the Account settings. Use it the same way:

curl -H "Authorization: Bearer $API_KEY" \
     https://api.timetracker.cargoffer.com/api/v1/projects

API keys have usage tracking and can be revoked at any time. See api-keys module for details.

3. CORS

The API allows CORS from any origin (CORS_ORIGINS=*) for development. In production, configure your specific frontend domain.

Rate Limiting

API requests are rate-limited per API key. Limits depend on your subscription plan:

PlanRequests/minuteRequests/day
Free601,000
Pro30050,000
EnterpriseCustomCustom

Rate-limited responses include the headers X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset.

Error Responses

All error responses follow the standard FastAPI error format:

{"detail": "Error message describing what went wrong"}

Common HTTP Status Codes

StatusMeaning
200Successful response
401Missing or invalid authentication
403Authenticated but lacks permission for this resource
404Resource not found
422Validation error (invalid input)
429Rate limit exceeded
500Internal server error