Overview
Quickstart sequence
Create a token, verify it, resolve workspace shape, and make your first predictable read and write calls.
Complete these steps
Run them in order.
- Create a workspace token from Settings → Admin → Integrations.
- Call GET /api/external to verify auth and read the workspace capability map.
- Call /teams, /users, and /statuses before you create anything that depends on team, assignee, or status references.
- Use project keys, issue keys, and Idempotency-Key headers so your automation remains readable and retry-safe.
Companion guides
Reference coverage and deeper client behavior.
API reference covers endpoint-by-endpoint browsing.
Developer guide covers retries, automation queues, pagination, caching, and structured recovery.
Before you call Aurora
Prerequisites
Aurora's external API is designed for authenticated backend and automation clients. API routes and browser app routes are separate.
Important boundary
/api/external/* routes. They do not create a browser session and cannot open protected app pages like /settings, /board, or /discussion.Authentication
Create a token and send it correctly
A workspace token is the fastest way to start. Each token belongs to exactly one workspace and implicitly scopes every request to that workspace.
Create an API token
Generate it once, copy it once, and store it securely.
- 1. Sign in to Aurora WorkOS.
- 2. Open Settings → Admin → Integrations.
- 3. Enter a token name and create the token.
- 4. Copy the plaintext token immediately. Aurora only shows it once.
Workspace tokens currently begin with aurora_pat_.
Authorization: Bearer aurora_pat_your_token_here
Content-Type: application/jsonAccepted header formats
Authorization: Bearer ... but also accepts Authorization: Token ... and X-API-Key: ... for compatibility.Validate the token
Make your first request against GET /api/external
Always start with the overview endpoint. It confirms the token, shows which workspace you are inside, and returns the endpoint map and capability flags for that workspace.
TOKEN="aurora_pat_your_token_here"
curl https://www.auroraworkos.com/api/external \
-H "Authorization: Bearer $TOKEN"What success looks like
A successful response tells you both where you are and what the token can do.
- Workspace id, name, slug, and type
- Token name and queue assignee id
- Endpoint map for discovery, projects, issues, comments, and meetings
- Capability flags such as cursorPagination, idempotencyKeys, and issueComments
{
"ok": true,
"token": {
"name": "Codex automation",
"assigneeId": "api-token:Codex automation"
},
"principal": {
"kind": "api_token",
"id": "api-token:Codex automation"
},
"workspace": {
"id": "workspace-id",
"name": "Workspace",
"slug": "workspace"
},
"capabilities": {
"humanCallerAuth": true,
"cursorPagination": true,
"idempotencyKeys": true,
"structuredErrors": true,
"issueComments": true,
"meetings": true
}
}Resolve the workspace first
Run discovery before you write
Aurora is intentionally discovery-first. That keeps client prompts, automation payloads, and retry behavior stable even when workspace shape changes over time.
| Step | Purpose |
|---|---|
| GET /api/external | Validate the token, read the capability map, and discover the current token queue identity. |
| GET /api/external/teams | Resolve team ids and team keys before project or status work. |
| GET /api/external/users | Resolve owners, reporters, human assignees, and automation queues. |
| GET /api/external/statuses | Load the valid statuses for the team you plan to operate on. |
Concepts
Understand the core Aurora API concepts
These are the concepts that tend to trip integrations when they are not explicit in the docs.
| Concept | What it means in Aurora |
|---|---|
| Workspace-scoped tokens | Every token belongs to one workspace. Reads and writes resolve only inside that workspace boundary. |
| Stable key lookup | Projects and issues support by-key routes so operators and agents can work in natural identifiers instead of opaque ids. |
| Automation agents | API token names become assignable queue identities and are returned alongside human workspace members. |
| JSON-only contract | The external API is JSON-based and does not create browser sessions or expose internal app routes. |
Do something useful
First working workflows
Once discovery succeeds, the next most useful thing is usually a read, a retry-safe project create, and then an issue create or update that uses stable keys.
curl https://www.auroraworkos.com/api/external/projects \
-H "Authorization: Bearer $TOKEN"curl -X POST https://www.auroraworkos.com/api/external/projects \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: docs:project:weekly-scorecard" \
-d '{
"name": "Weekly Scorecard",
"teamKey": "CORE"
}'curl -X POST https://www.auroraworkos.com/api/external/issues \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: docs:issue:weekly-scorecard-missed" \
-d '{
"title": "Weekly scorecard missed",
"teamKey": "CORE",
"projectKey": "SCORE",
"statusKey": "todo"
}'Surface area
Endpoint families
Aurora's reference surface is intentionally compact but broad enough to support real execution workflows.
Discovery
Start every new client with discovery so you can resolve teams, statuses, users, and workspace capabilities before you mutate anything.
GET/api/externalGET/api/external/teamsGET/api/external/usersGET/api/external/statuses
Projects
Project routes support both opaque ids and stable key-based lookups so operators and agents can work in more human-readable terms.
GET/api/external/projectsGET/api/external/projects/{projectId}GET/api/external/projects/by-key/{teamKey}/{projectKey}POST/api/external/projects
Issues
Issue routes are designed for triage, automation queue pickup, and stable lookup by issue key or project key.
GET/api/external/issuesGET/api/external/issues/{issueId}GET/api/external/issues/by-key/{issueKey}POST/api/external/issues
Issue comments
Comments are first-class external resources so human operators and automation can leave durable audit trails on the same issue thread.
GET/api/external/issues/{issueId}/commentsPOST/api/external/issues/{issueId}/comments
Meetings and agenda workflows
Aurora's external API also covers structured meeting execution so agenda capture and task conversion can stay inside the same automation boundary.
GET/api/external/meetingsPOST/api/external/meetingsGET|PATCH|DELETE/api/external/meetings/{meetingId}GET/api/external/meetings/settings