REST API Reference
Reference the supported Done Bear REST endpoints for workspace management and API-key lifecycle.
This reference covers the supported REST endpoints on https://api.donebear.com. Most integrations use these endpoints for workspace management and API-key lifecycle operations.
Workspace endpoints
Use these endpoints to list workspaces, create them, join them, and manage members or invitations.
GET /api/workspaces
Lists the workspaces available to the authenticated user.
curl https://api.donebear.com/api/workspaces \
-H "Authorization: Bearer <token>"Typical response:
{
"workspaces": [
{
"id": "6fd41760-f5ee-4f60-80a6-8d15aeb11043",
"name": "Personal",
"urlKey": "personal"
}
]
}GET /api/workspaces/by-slug/:slug
Loads a single workspace by slug.
curl https://api.donebear.com/api/workspaces/by-slug/personal \
-H "Authorization: Bearer <token>"POST /api/workspaces
Creates a workspace.
Request body:
| Field | Type | Notes |
|---|---|---|
name | string | Required, 1 to 100 characters |
urlKey | string | Required, lowercase alphanumeric and hyphens, 3 to 50 characters |
logoUrl | string | Optional absolute URL |
curl https://api.donebear.com/api/workspaces \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
--data '{
"name": "Personal",
"urlKey": "personal",
"logoUrl": "https://example.com/logo.png"
}'POST /api/workspaces/join
Joins a workspace from an invitation code.
curl https://api.donebear.com/api/workspaces/join \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
--data '{"code":"ABCD2345"}'GET /api/workspaces/:workspaceId/members
Lists the members of one workspace.
curl https://api.donebear.com/api/workspaces/<workspace-id>/members \
-H "Authorization: Bearer <token>"DELETE /api/workspaces/:workspaceId/members/:userId
Removes a member from a workspace.
curl -X DELETE \
https://api.donebear.com/api/workspaces/<workspace-id>/members/<user-id> \
-H "Authorization: Bearer <token>"GET /api/workspaces/:workspaceId/invitations
Lists pending invitations for one workspace.
curl https://api.donebear.com/api/workspaces/<workspace-id>/invitations \
-H "Authorization: Bearer <token>"POST /api/workspaces/:workspaceId/invitations
Creates an invitation.
Request body:
| Field | Type | Notes |
|---|---|---|
email | string | Optional email address |
role | string | Optional, one of admin, member, guest |
expiresInDays | number | Optional integer from 1 to 365 |
curl https://api.donebear.com/api/workspaces/<workspace-id>/invitations \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
--data '{
"email": "user@example.com",
"role": "member",
"expiresInDays": 30
}'DELETE /api/workspaces/:workspaceId/invitations/:invitationId
Deletes a pending invitation.
curl -X DELETE \
https://api.donebear.com/api/workspaces/<workspace-id>/invitations/<invitation-id> \
-H "Authorization: Bearer <token>"API-key endpoints
POST /api/auth/keys
Creates a personal API key for the authenticated user. The raw token is returned only at creation time.
curl https://api.donebear.com/api/auth/keys \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
--data '{"label":"CI"}'Typical response:
{
"key": {
"id": "3a064193-88e9-4068-9d14-c216c707ab4d",
"label": "CI",
"keyPrefix": "db_abcd",
"createdAt": "2026-03-11T20:30:32.000Z",
"token": "db_live_..."
}
}GET /api/auth/keys
Lists API keys without returning raw tokens.
curl https://api.donebear.com/api/auth/keys \
-H "Authorization: Bearer <token>"DELETE /api/auth/keys/:keyId
Revokes an API key.
curl -X DELETE \
https://api.donebear.com/api/auth/keys/<key-id> \
-H "Authorization: Bearer <token>"Validation notes
- Workspace IDs, invitation IDs, and user IDs are UUIDs.
urlKeymust be lowercase alphanumeric with hyphens.- Invitation roles accept
admin,member, orguestat the REST layer. - API-key creation requires only one field:
label.
Next steps
- Follow Authenticate API requests if you still need a credential flow.
- Use GraphQL reference for curated read queries.
- Use Sync API reference for advanced client transport.