API Overview

Fenix REST API — authentication, base URL, rate limits, and core modules.

The Fenix API is a multi-tenant REST API built with NestJS. It serves the web app, the MCP bridge, and direct API consumers.

Base URL

https://api.fenix.devshire.app

Authentication

Bearer token (PAT)

Authorization: Bearer fxpat_your_token_here

Generate from Profile → API Keys.

OAuth 2.1

For user-delegated access (plugins), use the authorization code flow with PKCE:

GET /auth/oauth/authorize?
  client_id=CLIENT_ID&
  redirect_uri=REDIRECT_URI&
  response_type=code&
  scope=read:workspace write:work_items&
  code_challenge=BASE64URL(SHA256(verifier))&
  code_challenge_method=S256

Exchange the code at POST /auth/oauth/token.

Common headers

Content-Type: application/json
Authorization: Bearer TOKEN
X-Tenant-ID: TENANT-UUID   # optional if resolved from token

Rate limits

Plan	Requests / minute
Free	60
Pro	600
Enterprise	Custom

429 Too Many Requests when exceeded. Check X-RateLimit-Remaining in response headers.

Pagination

GET /work-items?limit=50&offset=0&team_id=UUID

{ "data": [...], "total": 142, "limit": 50, "offset": 0 }

Error format

{
  "statusCode": 404,
  "error": "Not Found",
  "message": "Work item PROJ-999 not found",
  "timestamp": "2026-04-21T10:00:00.000Z"
}

Code	Meaning
`201`	Created
`400`	Validation error
`401`	Invalid or missing token
`403`	Insufficient permissions
`404`	Not found
`409`	Conflict (e.g., duplicate email)
`429`	Rate limit exceeded

Core modules

Module	Base path	Description
Auth	`/auth`	Login, signup, OAuth, MFA
Users	`/users`	Profile, preferences
Tenants	`/tenants`	Workspace management
Teams	`/teams`	Team CRUD, membership
Work Items	`/work-items`	Epics, features, stories, tasks, bugs
Sprints	`/sprints`	Sprint management, burndown
Boards	`/boards`	Kanban boards and columns
Memories	`/memories`	Semantic memory (pgvector)
Documentation	`/docs`	Pages, guides, API docs
Skills	`/skills`	Rules, skills, marketplace
API Catalog	`/api-catalog`	Endpoint docs with semantic search
Chat	`/chat`	Streaming LLM (SSE)
Productivity	`/productivity`	Personal TODOs
Analytics	`/analytics`	Sprint velocity, burndown
Audit	`/audit`	Workspace activity log
Webhooks	`/webhooks`	Event subscriptions

Quick examples

POST /auth/signup
{
  "name": "Bruno Fernandes",
  "email": "bruno@example.com",
  "password": "min8chars",
  "tenantName": "Acme Inc",
  "teamName": "Engineering"
}

Create a work item

POST /work-items
{
  "type": "story",
  "title": "Add rate limiting",
  "teamId": "UUID",
  "sprintId": "UUID",
  "priority": "high",
  "storyPoints": 3
}

Search memories

POST /memories/search
{
  "query": "SSO authentication approach",
  "tags": ["decision"],
  "limit": 10
}

Uses pgvector cosine similarity — natural language queries work best.