Developer Overview

Notaday exposes authenticated HTTP endpoints for entries, channels, tags, users, authentication, and profile-owned API tokens.

Third-party apps should use API tokens for server-to-server or tool integrations. Browser users continue to use normal JWT authentication from the login flow.

Base URL

Local development backend (in order to use this instance you have to create a user at "devtest.notaday.com"):

https://devtest-api.notaday.com

Production app origin:

https://api.notaday.com

Confirm the production API host used by your deployment before shipping an integration.

Authentication Model

Protected endpoints use the Authorization header:

Authorization: Bearer <token>

The backend first tries to validate the token as a JWT. If JWT validation fails, it validates the value as a Notaday API token.

API Token Format

API tokens are generated with the prefix:

ntd_

Example shape:

ntd_8Xx...long-random-value...

Only the full token can authenticate requests. Masked token values shown later in the UI cannot be used for API calls.

Main Resources

Resource	Path	Purpose
Entries	`/entries`	Tasks, routines, journals, backlog items, notes, and connections.
Channels	`/channels`	Project-like organization.
Tags	`/tags`	Label organization.
User Profile	`/users/me`	Current user data and preferences.
API Tokens	`/users/me/api-tokens`	Create, list, and revoke integration tokens.

Response And Validation Notes

The backend uses global validation with whitelisting and forbids non-whitelisted fields. Send only documented fields in request bodies.

Most protected resources are scoped to the authenticated user. Requests for another user's data return forbidden or not found responses.