> ## Documentation Index
> Fetch the complete documentation index at: https://docs.taqtile.com/llms.txt
> Use this file to discover all available pages before exploring further.

# REST API overview

> Access Manifest services using REST endpoints

The Manifest REST API provides endpoints for specific operations that complement the GraphQL API. REST endpoints are organized into client and admin routes.

## Base URLs

REST endpoints are available at:

* **Client endpoints**: `/api/client/*`
* **Admin endpoints**: `/api/admin/*`

## Authentication

Most REST endpoints require authentication. Include your authentication token in the request headers:

```http theme={null}
Authorization: Bearer YOUR_TOKEN
```

Some endpoints use cookie-based authentication for web sessions.

## Client endpoints

Client endpoints provide functionality for end-user operations.

### Authentication

* `POST /api/client/auth/sign-in` - Sign in with credentials
* `POST /api/client/auth/sign-in-v2` - Sign in with credentials (v2, returns access and refresh tokens)
* `POST /api/client/auth/sign-up` - Create new account
* `POST /api/client/auth/sign-out` - Sign out
* `POST /api/client/auth/create-account` - Create a self-service account
* `GET /api/client/auth/refresh` - Refresh authentication token
* `POST /api/client/auth/refresh-token` - Exchange a refresh token for a new access token
* `POST /api/client/auth/verify-two-factor` - Verify two-factor authentication token
* `POST /api/client/auth/reset-two-factor` - Reset two-factor secret
* `GET /api/client/auth/me` - Get the current authenticated user
* `POST /api/client/auth/forgot` - Request a password reset email
* `POST /api/client/auth/reset-password/:token` - Reset password with a token
* `POST /api/client/auth/set-password/:token` - Set initial password with a token
* `POST /api/client/auth/update-password` - Update password
* `POST /api/client/auth/change-password` - Change password
* `GET /api/client/auth/client-security-settings` - Get client security settings
* `GET /api/client/auth/get-admin-email` - Get the client admin email
* `GET /api/client/auth/client` - Get client information

### OAuth and SSO

* `GET /api/client/auth/oidc` - OpenID Connect authentication
* `POST /api/client/auth/okta-saml` - Okta SAML authentication
* `GET /api/client/auth/ms-dynamics` - Microsoft Dynamics authentication

### File operations

* `POST /api/client/upload` - Upload files
* `GET /api/client/download-model/:type/:id` - Download 3D models
* `GET /api/client/download-zipped-job-report/:id` - Download job report as ZIP

### Reports

<Warning>
  The `/api/client/reports` endpoints are **deprecated** and have been removed. Use `/api/client/meter-report` and `/api/client/meter-report-filters`, or generate exports via the PDF endpoints below.
</Warning>

* `GET /api/client/meter-report` - Get meter report
* `GET /api/client/meter-report-filters` - Get available report filters
* ~~`GET /api/client/reports`~~ - **Removed.** Previously returned report definitions.
* ~~`POST /api/client/reports`~~ - **Removed.** Previously generated a report.

### PDF generation

* `GET /api/client/get-as-pdf/getTemplateAsPdf/:id` - Export template as PDF
* `GET /api/client/get-as-pdf/getJobHistoryAsPdf/:id` - Export job history as PDF

### Import/export

* `POST /api/client/import-zip` - Import template from ZIP
* `POST /api/client/copy-entities` - Copy entities between clients
* `POST /api/client/replaceFile` - Replace existing file

### Point cloud and alignment

* `GET /api/client/alignment-data` - Get alignment data
* `POST /api/client/alignment-data` - Upload alignment data

### Bug reports and diagnostics

* `POST /api/client/add-bug-report` - Submit bug report
* `POST /api/client/bug-report-web` - Submit web bug report
* `POST /api/client/bug-report-github` - Submit GitHub issue
* `POST /api/client/clear-diagnostics` - Clear diagnostic data

### Client information

* `GET /api/client/client-info` - Get client configuration
* `GET /api/client/version` - Get API version
* `GET /api/client/check-updates` - Check for updates
* `GET /api/client/on-premise` - Check if on-premise deployment

### Localization

* `GET /api/client/translate` - Get translations
* `GET /api/client/internalization/:lang` - Get localization for language

### Licensing

* `GET /api/client/license` - Get license information
* `POST /api/client/license` - Update license

### EULA and agreements

* `GET /api/client/eula` - Get EULA
* `POST /api/client/eula/accept` - Accept EULA
* `GET /api/client/agreement` - Get client agreement
* `POST /api/client/accept-msa` - Accept the master services agreement (MSA) for the current client
* `GET /api/client/download-agreement` - Download the current MSA document (rate limited to 20 requests per 15 minutes)
* `GET /api/client/have-client-accepted-msa` - Check whether the current client has accepted the MSA

### Bing Maps integration

* `GET /api/client/bingApi` - Bing Maps API proxy

### Oracle integration

* `GET /api/client/oracle` - Oracle integration endpoints
* `POST /api/client/oracle` - Sync with Oracle

### Editorial analytics

* `GET /api/client/editorial` - Get editorial analytics
* `POST /api/client/editorial` - Track editorial events

### Notifications

* `POST /api/client/turn-push-notification` - Enable/disable mobile push notifications

### Web push notifications

Browser-based push notifications use the standard Web Push protocol. Subscribe a browser, fetch the VAPID public key, and unsubscribe when no longer needed.

* `GET /api/client/push/vapid-key` - Get the VAPID public key used to register a push subscription
* `POST /api/client/push/subscribe` - Register a web push subscription for the authenticated user
* `DELETE /api/client/push/unsubscribe` - Remove a web push subscription

### Working together

* `GET /api/client/workingTogether/handOffStatuses` - Get hand-off statuses
* `POST /api/client/workingTogether` - Update collaboration status

### Sensors and IoT

* `POST /api/client/update-sensors` - Update sensor data

### Job history

* `GET /api/client/job-history-users` - Get users involved in job history

### Tutorials

* `GET /api/client/get-tutorials-info` - Get tutorial information

### Logos and branding

* `GET /api/client/get-logo-by-owner` - Get organization logo

### WebRTC

* `POST /api/client/web-rtc-logs` - Submit WebRTC logs

### Customer portal

* `GET /api/client/customer-portal` - Access customer portal (admin only)

## Admin endpoints

Admin endpoints provide functionality for system administration.

### Authentication

* `POST /api/admin/auth/sign-in` - Admin sign in
* `POST /api/admin/auth/sign-out` - Admin sign out

### Client management

* `GET /api/admin/client` - List clients
* `POST /api/admin/client` - Create client
* `PUT /api/admin/client/:id` - Update client
* `DELETE /api/admin/client/:id` - Delete client

### User management

* `GET /api/admin/user` - List users
* `GET /api/admin/user/maker-users-report` - Get the Maker users report
* `GET /api/admin/user/maker-users-report/xls-export` - Export the Maker users report as an XLS file
* `GET /api/admin/user/:userId` - Get user by ID
* `POST /api/admin/user` - Create user
* `PUT /api/admin/user` - Update user
* `DELETE /api/admin/user/:userId` - Delete user

#### Create a user

Create a new user in the current client. Requires a token belonging to a Security Administrator (Account Owner).

```http theme={null}
POST /api/admin/user
Authorization: Bearer YOUR_TOKEN
Content-Type: application/json

{
  "email": "new.user@example.com",
  "firstName": "New",
  "lastName": "User",
  "title": "Field Technician",
  "roles": ["<roleId>"],
  "licenseType": "full",
  "availableToOrg": ["<orgId>"]
}
```

| Field            | Required | Description                                                                                              |
| ---------------- | -------- | -------------------------------------------------------------------------------------------------------- |
| `email`          | Yes      | Email address the user signs in with. Must be unique within the client.                                  |
| `roles`          | Yes      | Array of role IDs to assign. See [Manifest roles and permissions](/manifest-roles-and-permissions).      |
| `licenseType`    | Yes      | `full` or `connect`. Determines which roles can be assigned.                                             |
| `firstName`      | No       | User's first name.                                                                                       |
| `lastName`       | No       | User's last name.                                                                                        |
| `title`          | No       | User's job title.                                                                                        |
| `availableToOrg` | No       | Array of Org IDs the user belongs to. Only used when Orgs are configured. See [About Orgs](/about-orgs). |
| `password`       | No       | Set an initial password directly. If omitted, the user receives an email invitation to set their own.    |

Roles and license types must match the allocation for the client. See [User management](/users) for a walkthrough of the equivalent web UI fields.

#### Update a user

`PUT /api/admin/user` accepts the same fields as create, plus the `id` of the user to update. Omitted fields keep their existing values.

#### Common errors

* `401 Unauthorized` - Missing or expired token. Sign in again to obtain a new access token.
* `403 Forbidden` - The token does not belong to a Security Administrator.
* `409 Conflict` - A user with the same email already exists in the client.
* `422 Unprocessable entity` - Required field missing, or the requested role is not allowed for the selected license type.

### License management

* `GET /api/admin/license` - List licenses
* `POST /api/admin/license` - Create license
* `PUT /api/admin/license/:id` - Update license
* `DELETE /api/admin/license/:id` - Delete license

### On-premise licensing

* `GET /api/admin/license-on-prem` - Get on-premise license
* `POST /api/admin/license-on-prem` - Upload license key

### Logs

* `GET /api/admin/logs` - Get system logs
* `DELETE /api/admin/logs/:id` - Delete log entry

### Agreements

* `GET /api/admin/agreement` - List agreements
* `POST /api/admin/agreement` - Create agreement
* `PUT /api/admin/agreement/:id` - Update agreement

### Internationalization

* `GET /api/admin/internationalization` - Get translations
* `POST /api/admin/internationalization` - Add translation
* `PUT /api/admin/internationalization/:id` - Update translation

### Activity reports

* `GET /api/admin/activity-report` - Get activity report

### Docker notifications

* `POST /api/admin/docker-notification-center` - Docker deployment notifications

### File uploads

* `POST /api/admin/upload` - Upload files (admin)

## Response formats

### Success response

```json theme={null}
{
  "success": true,
  "data": {
    // Response data
  }
}
```

### Error response

```json theme={null}
{
  "success": false,
  "error": {
    "message": "Error description",
    "code": "ERROR_CODE",
    "details": {}
  }
}
```

## HTTP status codes

* `200` - Success
* `201` - Created
* `400` - Bad request
* `401` - Unauthorized
* `403` - Forbidden
* `404` - Not found
* `409` - Conflict
* `422` - Unprocessable entity
* `500` - Internal server error
* `503` - Service unavailable

## Rate limiting

API requests may be rate limited. Check response headers for rate limit information:

```http theme={null}
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640000000
```

## File uploads

File upload endpoints accept `multipart/form-data`:

```http theme={null}
POST /api/client/upload
Content-Type: multipart/form-data

file: [binary data]
metadata: {"description": "File description"}
```

## Next steps

* [GraphQL API](/api-reference/graphql/overview) - GraphQL endpoint documentation
* [Authentication](/api-reference/authentication) - Authentication guide
