Authentication
If you are logged in via the UI, your browser already has a session cookie. Any fetch call with credentials: 'include' will be authenticated.
// Browser fetch example
fetch('/api/projects', { credentials: 'include' })
.then(r => r.json())
.then(console.log);Create a token in API Access. Use it in the Authorization header.
Bearer token authentication is a Premium feature. If a workspace falls back to Free, existing tokens stay listed for visibility but external Bearer auth will not authenticate until Premium is active again.
# curl example
curl -H "Authorization: Bearer <YOUR_TOKEN>" \
-H "Accept: application/json" \
https://dashmon.online/api/projectsSecurity note: Dashmon stores only a SHA‑256 hash of your token. The raw token is shown only once.
Governance note: Premium workspaces can create read-only or read/write tokens and optionally set an expiry period for each token.
Workspace Access & Governance
If a signed-in member belongs to more than one workspace, Dashmon can expose a selected owner workspace for the current session. Reads, Premium checks, and write limits then follow that selected workspace instead of only the personal user row.
# inspect effective workspace capabilities
curl -H "Accept: application/json" --cookie "dashmon_session=<COOKIE>" \
https://dashmon.online/api/user/permission-foundation
# switch to another accessible workspace context
curl -X POST -H "Content-Type: application/json" \
--cookie "dashmon_session=<COOKIE>" \
-d '{"ownerUserId":"workspace_owner"}' \
https://dashmon.online/api/user/account-contextA Premium workspace does not automatically mean every member can edit it. API routes can still return forbidden responses when the active role is view-only, project-scoped, or temporarily write-locked because the workspace is over plan limits.
- Use
/api/user/permission-foundationto inspect role, scope, and account capabilities. - Use
/api/meto read the effective workspace plan and write-lock state shown in the app. - Expect some routes to allow read access but still deny write actions with
403.
Quick Start
List all projects + devices
# Returns your projects with device summaries
curl -H "Authorization: Bearer <YOUR_TOKEN>" \
https://dashmon.online/api/projectsDevice history (for charts)
# latest 120 samples for a device
curl -H "Authorization: Bearer <YOUR_TOKEN>" \
"https://dashmon.online/api/devices/<DEVICE_ID>/history?limit=120"Integration Diagnostics
Dashmon returns an X-Request-Id header on API responses. Include that value in support tickets or incident notes so server-side logs can be traced quickly.
curl -i -H "Authorization: Bearer <YOUR_TOKEN>" \
https://dashmon.online/api/projectsUse /api/meta/capabilities to inspect API basics like supported auth modes, request tracing headers, token policy, public docs, and the signed-in API console link without scraping this page.
curl https://dashmon.online/api/meta/capabilitiesIntegration Recipes
Use /api/user/integration-posture to inspect token posture, routing coverage, and recent delivery visibility without scraping the UI.
curl -H "Authorization: Bearer <YOUR_TOKEN>" \
-H "Accept: application/json" \
https://dashmon.online/api/user/integration-postureUse /api/support/summary for a lightweight operational snapshot that pairs well with internal support dashboards, customer handoffs, and runbooks.
curl -H "Authorization: Bearer <YOUR_TOKEN>" \
-H "Accept: application/json" \
https://dashmon.online/api/support/summaryConfigure quiet hours, on-call schedules, escalation channels, and webhook formatting from Alert Routing, then use test-send before pointing real receivers at Dashmon.
Slack, Teams, and generic webhook receivers are supported through the project escalation configuration.
Common Workflows
- Create or choose a project.
- POST the device into that project.
- Optionally save synthetic, DNS, or heartbeat config.
- Queue a test-now check on Premium if you want an immediate sample.
- GET projects and device summaries.
- Load device history for charts.
- Read analytics and percentiles for Premium reporting views.
- Respect plan limits when creating or refreshing devices.
- Create a status page and include one or more projects.
- Publish manual updates like investigating or resolved.
- Share the public or private-token URL with viewers.
Endpoints
All timestamps are ISO‑8601 UTC (e.g. 2026-02-16T11:23:00.000Z). Premium-only endpoints return 403 premium_required for Free users. Shared workspaces can also return 403 responses when the current role or project scope does not allow the requested action.
Bearer tokens are shown only once when created.
Free workspaces can still call non-premium endpoints with a valid session, and shared Premium workspaces may still be read-only depending on role/scope.
Store project IDs and device IDs from API responses instead of scraping the UI.
- GET
/api/health— service + DB connectivity - GET
/api/meta/capabilities— API version, tracing header, auth modes, token policy - GET
/api/me— current user + plan fields
- GET
/api/projects— list projects + devices summary - POST
/api/projects— create project (plan limits apply) - PUT
/api/projects/:id— update project - DELETE
/api/projects/:id— delete project - Alias:
/api/projects
- GET
/api/projects/:projectId/devices/:deviceId— full device details (+ tags) - POST
/api/projects/:projectId/devices— create device inside a project - PUT
/api/devices/:deviceId— update device - DELETE
/api/devices/:deviceId— delete device - GET
/api/devices/:deviceId/history?limit=60— time-series history for charts - PUT
/api/devices/:deviceId/synthetic— save HTTP / JSON / TLS / domain assertions (Premium) - GET
/api/devices/:deviceId/dns-config— read DNS monitor settings (Premium) - PUT
/api/devices/:deviceId/dns-config— save DNS record expectations (Premium) - GET
/api/devices/:deviceId/heartbeat-config— read heartbeat settings + webhook endpoint (Premium) - PUT
/api/devices/:deviceId/heartbeat-config— save interval / grace / regenerate token (Premium) - POST
/api/devices/:deviceId/test-now— queue an immediate check (Premium) - POST
/api/devices/refresh-all— queue all devices (Premium, 1/min)
- GET
/api/tags— list tags (counts) - PUT
/api/devices/:deviceId/tags— replace tags for a device - POST
/api/devices/tags/bulk— add/remove/replace tags for many devices (Premium)
- POST
/api/maintenance/device/:deviceId— set maintenance window - DELETE
/api/maintenance/device/:deviceId— clear maintenance - POST
/api/maintenance/project/:projectId— set project maintenance - DELETE
/api/maintenance/project/:projectId— clear project maintenance - POST
/api/maintenance/devices/bulk-set— set many devices - POST
/api/maintenance/devices/bulk-clear— clear many devices
- GET
/api/alerts/email— email alert rules - PUT
/api/alerts/email— update email alert rules - GET
/api/alerts/sms— sms alert rules (Premium) - PUT
/api/alerts/sms— update sms alert rules (Premium) - POST
/api/alerts/sms/test— send a test sms (Premium)
- POST
/api/incoming/heartbeat/:token— public webhook receiver for heartbeat monitors - The token is generated per monitor and exposed through the heartbeat config endpoint on Premium workspaces.
- GET
/api/status-pages— list your status pages - POST
/api/status-pages— create a public or private-token status page - PUT
/api/status-pages/:id— update metadata + included projects - POST
/api/status-pages/:id/regenerate-token— rotate the private access token - GET
/api/status-pages/:id/updates— list manual status updates - POST
/api/status-pages/:id/updates— publish a manual customer-facing update - GET
/api/public/status-pages/:slug— public or token-protected read endpoint used by the share URL
- GET
/api/devices/:deviceId/analytics?range=7d— uptime/latency stats - GET
/api/reports/uptime?period=weekly— time-based uptime report - GET
/api/incidents?status=open— incident list - GET
/api/devices/:id/latency/percentiles?window=24h— p50/p95/p99
- GET
/api/user/permission-foundation— inspect effective workspace role, permissions, and scope - POST
/api/user/account-context— switch the active workspace for the current session - GET
/api/user/team-invitations— list invitations visible in the current workspace context - POST
/api/user/team-invitations— create a team invitation in the current workspace - POST
/api/user/team-invitations/:id/cancel— cancel a pending invitation - POST
/api/user/team-invitations/accept— accept an invitation token - These routes are session-based and are most useful for the web app or internal admin tooling rather than external Bearer-token integrations.
- GET
/api/user/preferences— current preference values - PUT
/api/user/preferences/timezone— set timezone (Premium) - GET
/api/user/api-token— legacy token status - GET
/api/user/api-tokens— list active labeled API tokens - POST
/api/user/api-tokens— create a labeled token (optionalaccessLevel=read_only|read_writeandexpiresInDays) - DELETE
/api/user/api-tokens/:id— revoke one labeled token - GET
/api/projects/:projectId/alert-settings— read per-project alert routing - PUT
/api/projects/:projectId/alert-settings— save quiet hours + escalation channels - POST
/api/projects/:projectId/alert-settings/test— queue a test email/SMS/webhook
Errors & Status Codes
- 401
unauthenticated— login required (no session and no valid token) - 403
premium_required— Premium plan required - 403
account_context_forbidden— the signed-in member cannot switch to or use that workspace context - 403
project_scope_forbidden/device_scope_forbidden— the resource is outside the shared project scope - 403
shared_account_write_forbidden/project_write_forbidden— read access exists, but the current role cannot change that workspace data - 403
over_limit— writes are paused because the effective workspace is over plan limits - 429 rate limited (e.g., refresh-all is max once per minute)
- 400/404 invalid input / resource not found
- 401
api_token_expired— the Bearer token is expired - 403
api_token_scope_denied— the Bearer token lacks write scope