Authentication
If you are logged in via the UI, your browser already has a session cookie. Any fetch call with credentials: 'include' will be authenticated.
// Browser fetch example
fetch('/api/projects', { credentials: 'include' })
.then(r => r.json())
.then(console.log);Create a token in API Access. Use it in the Authorization header.
Bearer token authentication is a Premium feature. If a workspace falls back to Free, existing tokens stay listed for visibility but external Bearer auth will not authenticate until Premium is active again.
# curl example
curl -H "Authorization: Bearer <YOUR_TOKEN>" \
-H "Accept: application/json" \
https://dashmon.online/api/projectsSecurity note: Dashmon stores only a SHA‑256 hash of your token. The raw token is shown only once.
Governance note: Premium workspaces can create read-only or read/write tokens and optionally set an expiry period for each token.
Workspace Access & Governance
If a signed-in member belongs to more than one workspace, Dashmon can expose a selected owner workspace for the current session. Reads, Premium checks, and write limits then follow that selected workspace instead of only the personal user row.
# inspect effective workspace capabilities
curl -H "Accept: application/json" --cookie "dashmon_session=<COOKIE>" \
https://dashmon.online/api/user/permission-foundation
# switch to another accessible workspace context
curl -X POST -H "Content-Type: application/json" --cookie "dashmon_session=<COOKIE>" \
-d '{"ownerUserId":"workspace_owner"}' \
https://dashmon.online/api/user/account-contextA Premium workspace does not automatically mean every member can edit it. API routes can still return forbidden responses when the active role is view-only, project-scoped, or temporarily write-locked because the workspace is over plan limits.
- Use /api/user/permission-foundation to inspect role, scope, and account capabilities.
- Use /api/me to read the effective workspace plan and write-lock state shown in the app.
- Expect some routes to allow read access but still deny write actions with 403.
Quick Start
# Returns your projects with device summaries
curl -H "Authorization: Bearer <YOUR_TOKEN>" \
https://dashmon.online/api/projects# latest 120 samples for a device
curl -H "Authorization: Bearer <YOUR_TOKEN>" \
"https://dashmon.online/api/devices/<DEVICE_ID>/history?limit=120"Integration Diagnostics
Dashmon returns an X-Request-Id header on API responses. Include that value in support tickets or incident notes so server-side logs can be traced quickly.
curl -i -H "Authorization: Bearer <YOUR_TOKEN>" \
https://dashmon.online/api/projectsUse /api/meta/capabilities to inspect API basics like supported auth modes, request tracing headers, token policy, public docs, and the signed-in API console link without scraping this page.
curl https://dashmon.online/api/meta/capabilitiesIntegration Recipes
Use /api/user/integration-posture to inspect token posture, routing coverage, and recent delivery visibility without scraping the UI.
curl -H "Authorization: Bearer <YOUR_TOKEN>" -H "Accept: application/json" https://dashmon.online/api/user/integration-postureUse /api/support/summary for a lightweight operational snapshot that pairs well with internal support dashboards, customer handoffs, and runbooks.
curl -H "Authorization: Bearer <YOUR_TOKEN>" -H "Accept: application/json" https://dashmon.online/api/support/summaryConfigure quiet hours, on-call schedules, escalation channels, and webhook formatting from Alert Routing, then use test-send before pointing real receivers at Dashmon.
Slack, Teams, and generic webhook receivers are supported through the project escalation configuration.
Common Workflows
- Create or choose a project.
- POST the device into that project.
- Optionally save synthetic, DNS, or heartbeat config.
- Queue a test-now check on Premium if you want an immediate sample.
- GET projects and device summaries.
- Load device history for charts.
- Read analytics and percentiles for Premium reporting views.
- Respect plan limits when creating or refreshing devices.
- Create a status page and include one or more projects.
- Publish manual updates like investigating or resolved.
- Share the public or private-token URL with viewers.
Endpoints
All timestamps are ISO‑8601 UTC (e.g. 2026-02-16T11:23:00.000Z). Premium-only endpoints return 403 premium_required for Free users. Shared workspaces can also return 403 responses when the current role or project scope does not allow the requested action.
- GET /api/health — service + DB connectivity
- GET /api/meta/capabilities — API version, tracing header, auth modes, token policy
- GET /api/me — current user + plan fields
- GET /api/projects — list projects + devices summary
- POST /api/projects — create project (plan limits apply)
- PUT /api/projects/:id — update project
- DELETE /api/projects/:id — delete project
- Alias: /api/projects
- GET /api/projects/:projectId/devices/:deviceId — full device details (+ tags)
- POST /api/projects/:projectId/devices — create device inside a project
- PUT /api/devices/:deviceId — update device
- DELETE /api/devices/:deviceId — delete device
- GET /api/devices/:deviceId/history?limit=60 — time-series history for charts
- PUT /api/devices/:deviceId/synthetic — save HTTP / JSON / TLS / domain assertions (Premium)
- GET /api/devices/:deviceId/dns-config — read DNS monitor settings (Premium device type)
- PUT /api/devices/:deviceId/dns-config — save DNS record expectations (Premium)
- GET /api/devices/:deviceId/heartbeat-config — read heartbeat settings + webhook endpoint (Premium device type)
- PUT /api/devices/:deviceId/heartbeat-config — save interval / grace / regenerate token (Premium)
- POST /api/devices/:deviceId/test-now — queue an immediate check (Premium)
- POST /api/devices/refresh-all — queue all devices (Premium, 1/min)
- GET /api/tags — list tags (counts)
- PUT /api/devices/:deviceId/tags — replace tags for a device
- POST /api/devices/tags/bulk — add/remove/replace tags for many devices (Premium)
- POST /api/maintenance/device/:deviceId — set maintenance window
- DELETE /api/maintenance/device/:deviceId — clear maintenance
- POST /api/maintenance/project/:projectId — set project maintenance
- DELETE /api/maintenance/project/:projectId — clear project maintenance
- POST /api/maintenance/devices/bulk-set — set many devices
- POST /api/maintenance/devices/bulk-clear — clear many devices
- GET /api/alerts/email — email alert rules
- PUT /api/alerts/email — update email alert rules
- GET /api/alerts/sms — sms alert rules (Premium)
- PUT /api/alerts/sms — update sms alert rules (Premium)
- POST /api/alerts/sms/test — send a test sms (Premium)
- POST /api/incoming/heartbeat/:token — public webhook receiver for heartbeat monitors
- The token is generated per monitor and exposed through the heartbeat config endpoint on Premium workspaces.
- GET /api/status-pages — list your status pages
- POST /api/status-pages — create a public or private-token status page
- PUT /api/status-pages/:id — update metadata + included projects
- POST /api/status-pages/:id/regenerate-token — rotate the private access token
- GET /api/status-pages/:id/updates — list manual status updates
- POST /api/status-pages/:id/updates — publish a manual customer-facing update
- GET /api/public/status-pages/:slug — public or token-protected read endpoint used by the share URL
- GET /api/devices/:deviceId/analytics?range=7d — uptime/latency stats
- GET /api/reports/uptime?period=weekly — time-based uptime report
- GET /api/incidents?status=open — incident list
- GET /api/devices/:id/latency/percentiles?window=24h — p50/p95/p99
- GET /api/user/permission-foundation — inspect effective workspace role, permissions, and scope
- POST /api/user/account-context — switch the active workspace for the current signed-in session
- GET /api/user/team-invitations — list invitations visible in the current workspace context
- POST /api/user/team-invitations — create a team invitation in the current workspace
- POST /api/user/team-invitations/:id/cancel — cancel a pending invitation
- POST /api/user/team-invitations/accept — accept an invitation token
- These routes are session-based and are most useful for the web app or internal admin tooling rather than external Bearer-token integrations.
- GET /api/user/preferences — current preference values
- PUT /api/user/preferences/timezone — set timezone (Premium)
- GET /api/user/api-token — legacy token status
- GET /api/user/api-tokens — list active labeled API tokens
- POST /api/user/api-tokens — create a labeled token (optional accessLevel=read_only|read_write and expiresInDays)
- DELETE /api/user/api-tokens/:id — revoke one labeled token
- GET /api/projects/:projectId/alert-settings — read per-project alert routing
- PUT /api/projects/:projectId/alert-settings — save quiet hours + escalation channels
- POST /api/projects/:projectId/alert-settings/test — queue a test email/SMS/webhook
Errors & Status Codes
- 401 unauthenticated — login required (no session and no valid token)
- 403 premium_required — Premium plan required
- 403 account_context_forbidden — the signed-in member cannot switch to or use that workspace context
- 403 project_scope_forbidden / device_scope_forbidden — the resource is outside the shared project scope
- 403 shared_account_write_forbidden / project_write_forbidden — read access exists, but the current role cannot change that workspace data
- 403 over_limit — writes are paused because the effective workspace is over plan limits
- 429 rate limited (e.g., refresh-all is max once per minute)
- 400/404 invalid input / resource not found
- 401 api_token_expired — the Bearer token is expired
- 403 api_token_scope_denied — the Bearer token lacks write scope