⚠️ This documentation is not complete and will change. Documentation and API References are actively being updated.
Jobs
- GETList or retrieve jobs
- POSTCreate, update, or delete a job
- GETList job statuses
- GETList job types
- GETList job priorities
- GETList job payment statuses
- GETList job time ranges
- GETSearch property addresses
- GETList case notes for a job
- POSTCreate a case note
- GETList or download case note attachments
- POSTUpload case note attachment
- GETList or download job documents
- POSTUpload or delete a job document
- GETGet a document thumbnail
- GETList or download job photos
- POSTUpload or delete a job photo
- GETList amendment requests
- POSTCreate or action an amendment request
- GETGet amendable fields for a job
- GETList remedial links for a job
- POSTCreate or remove a remedial link
- GETList recall records
- POSTCreate a recall record
- POSTMark a recall as completed
- POSTToggle pin status of a job
- GETGet video variants for a job media file
- GETDownload an attachment by UUID
Calendar
Users
- GETList or retrieve users
- POSTCreate, update, or delete a user
- GETRetrieve user avatar
- POSTUpload or delete user avatar
- GETGet user permissions
- POSTUpdate user permissions
- GETGet notification settings
- POSTUpdate notification settings
- POSTSend email verification
- GETGet user appearance settings
- POSTUpdate appearance settings or upload banner
- GETGet dashboard widget preferences
- POSTUpdate dashboard widget preferences
- GETGet user profile popover data
- GETGet online users
- POSTActivate or deactivate a user
- POSTForce-logout a user
- POSTRequest or complete a password reset
Contractors
Tenants
Agents & Branches
SLA
Dashboard
- GETRetrieve dashboard statistics
- GETBatch dashboard data
- GETNew jobs chiplet data
- GETCompleted jobs chiplet data
- GETJobs booked today
- GETJobs with missing certificates
- GETJobs without an assigned contractor
- GETUsers with incomplete onboarding
- GETJob counts grouped by type
- GETActive recall jobs
- GETPinned jobs
- GETOverdue quotes
- GETDashboard chiplet counts
- GETDashboard chart data
- GETSecurity operations chiplet data
- POSTQuick-update a job from the dashboard
Analytics
- GETRetrieve AI analysis results
- POSTTrigger a new AI analysis
- GETBranch performance metrics
- GETJob health check
- GETList AI chat sessions
- GETList messages in a chat session
- POSTSend a message to the AI assistant
- GETRecent platform activity
- GETFiltered activity feed
- POSTTrack a page view
- POSTTrack a page view (simple)
- GETGemini AI usage statistics
Financial
Notifications & Notices
- GETList system notifications
- POSTCreate or dismiss a system notification
- GETList registered device tokens
- POSTRegister or remove a device token
- GETGet web push configuration
- POSTRegister a web push subscription
- DELRemove a web push subscription
- POSTSend a test web push notification
- GETList or retrieve notices
- POSTCreate a notice
- PUTUpdate a notice
- DELDelete or dismiss a notice
Security
- GETGet a CSRF token
- GETList active sessions
- POSTTerminate a session or manage blacklist
- GETList file integrity alerts
- POSTMark a file integrity alert as resolved
- GETList file integrity monitoring alerts
- POSTTrigger a file integrity scan
- POSTResolve a file integrity alert
- GETView file diff against source
- POSTCheck password against breach database
- POSTMobile app authentication
GDPR & Privacy
System
Administration
- GETList branches
- POSTImport, disable, enable, or delete branches
- POSTDisable a branch
- POSTEnable a branch
- GETList roles
- GETList permissions for dropdown
- POSTUpdate staff role permissions
- GETGet user management policy levels
- PUTUpdate management policy level
- GETAPI endpoint discovery
- POSTRegister API actions
- GETAPI permission matrix
- GETAPI usage statistics
- GETList document types
- POSTCreate, update, or delete a document type
- GETList legal documents
- POSTCreate or update a legal document
- DELDelete a legal document
- GETRetrieve all job documents (admin view)
- GETList job tags
- POSTCreate, update, or delete a job tag
- GETRetrieve activity log
- GETRetrieve email delivery logs
- POSTResend a transactional email
- GETGenerate security report
- GETView rate-limiting configuration and stats
- GETSettings overview statistics
- GETScan for orphaned files
- GETGet password breach status for all users
Weather
Feedback
Mobile app authentication
curl --request POST \
--url https://api.propops.app/api/security/mobile-auth \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"action": "validate_token",
"token": "<string>",
"platform": "ios",
"device_type": "iPhone",
"app_version": "2.1.0"
}
'{
"success": true,
"message": "Operation completed successfully",
"session_token": "<string>",
"csrf_token": "<string>",
"user": {
"ID": 1,
"uuid": "660e8400-e29b-41d4-a716-446655440001",
"first_name": "User_001",
"last_name": "Surname_001",
"email": "user001@example.com",
"phone": "07700000001",
"account_type_id": 1,
"account_type_name": "Staff",
"account_status_id": 1,
"account_status_name": "Active",
"branch_id": 1,
"role_id": 2,
"created_at": "2024-01-01T09:00:00Z"
}
}Security
Mobile app authentication
Authenticate a mobile app client by validating a token or logging out. Sessions created via this endpoint have a 365-day lifetime.
Required permission: api.security.mobile_auth.use
POST
/
api
/
security
/
mobile-auth
Mobile app authentication
curl --request POST \
--url https://api.propops.app/api/security/mobile-auth \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"action": "validate_token",
"token": "<string>",
"platform": "ios",
"device_type": "iPhone",
"app_version": "2.1.0"
}
'{
"success": true,
"message": "Operation completed successfully",
"session_token": "<string>",
"csrf_token": "<string>",
"user": {
"ID": 1,
"uuid": "660e8400-e29b-41d4-a716-446655440001",
"first_name": "User_001",
"last_name": "Surname_001",
"email": "user001@example.com",
"phone": "07700000001",
"account_type_id": 1,
"account_type_name": "Staff",
"account_status_id": 1,
"account_status_name": "Active",
"branch_id": 1,
"role_id": 2,
"created_at": "2024-01-01T09:00:00Z"
}
}Authorizations
All API requests must include a valid Bearer token in the Authorization header.
Tokens are 64-character SHA-256 session hashes issued by the PropOps authentication system.
Example:
Authorization: Bearer a1b2c3d4e5f6...Body
application/json
⌘I
Assistant
Responses are generated using AI and may contain mistakes.