TaskFlow API

Project management API built with the Lcore framework

▶ Open Frontend App API Docs Health Check

Interactive Playground

API Tester

Code Playground

Auth Flow

Middleware Stack

All Routes

Config

Stats

Click any endpoint below to load it, or type your own. Login first to get a token for protected routes.

Token:

No token — public routes only

Click "Send" or use a quick action to see the response here.

Lcore Code Playground

Write and run Lcore framework code live. The full framework is available — create apps, routes, test with TestClient, hash passwords, and more.

Code

from lcore import Lcore, TestClient

app = Lcore()

@app.route('/hello/<name>')
def hello(name):
    return {'message': f'Hello, {name}!'}

# Test it without a server
client = TestClient(app)
resp = client.get('/hello/World')
print(f"Status: {resp.status_code}")
print(f"Body: {resp.json}")

Output

Click "Run" to execute your code.

Authentication Flow

This API uses HMAC-SHA256 signed tokens. Try the full auth flow below.

Step 1 — Login to get a token

Click a user to login. The token will be saved automatically for API requests.

UserPasswordRole adminadmin123admin alicealice123member bobbob123member

Step 2 — Access protected routes

With a token, try these protected endpoints:

Step 3 — Test RBAC (Role-Based Access)

Middleware Stack

These run in order on every request. Lower order = runs first (outermost wrapper).

Registered Routes

All routes registered in the application. Click any to load it in the API Tester.

Application Configuration

Config loaded from defaults + .env + environment variables. Secrets are redacted.

Loading...

Request Counter Stats

The RequestCounterPlugin tracks per-route hit counts. Refresh to see updated counts.

Loading...

SQLite DB

Real database with projects, tasks, users, comments

.env Config

Multi-source config loading + dataclass validation

11 Middleware

7 built-in + 4 custom (timing, auth, admin, audit)

Auth System

Token auth, Basic auth, signed cookies, RBAC

Rate Limiting

Token bucket per-IP rate limiting on every endpoint

Validation

Body + query parameter schema validation

File Uploads

Task attachments with static file serving

SMTP Email

Task assignment notifications via smtplib

Async Routes

Dashboard overview uses asyncio.gather

DI Container

Singleton cache, scoped DB, transient trace IDs

Custom Plugins

API versioning + request counter plugins

Auto API Docs

Interactive docs at /docs (debug mode)

Auth

POST /auth/login Login with credentials Try →

POST /auth/register Register new account Try →

GET /auth/me Get current user (cookie) Try →

POST /auth/logout Clear session Try →

GET /auth/basic-demo HTTP Basic Auth demo Try →

Users

GET /api/users/ List team members Try →

POST /api/users/ Invite member Try →

GET /api/users/<id> Get member profile Try →

PUT /api/users/<id> Update profile Try →

PATCH /api/users/<id> Change role/status Try →

DELETE /api/users/<id> Remove member Try →

GET /api/users/search?q= Search members Try →

Projects & Tasks

GET /api/projects/ List projects Try →

POST /api/projects/ Create project Try →

GET /api/projects/<id> Project detail + stats Try →

GET /api/projects/<id>/tasks List tasks Try →

POST /api/projects/<id>/tasks Create task Try →

PATCH /api/projects/<id>/tasks/<tid> Update task Try →

POST /api/projects/<id>/tasks/<tid>/comments Add comment Try →

POST /api/projects/<id>/tasks/<tid>/attachment Upload file Try →

GET /api/projects/dashboard/overview Dashboard (async) Try →

Notifications

POST /api/notifications/email Send email Try →

POST /api/notifications/task-assigned/<id> Assignment email Try →

POST /api/notifications/async-batch Batch (async) Try →

GET /api/notifications/history Email log Try →

System

GET /health Health check (skip plugins) Try →

GET /admin/dashboard Admin panel Try →

GET /debug/routes Route inspection Try →

GET /debug/middleware Middleware stack Try →

GET /debug/config Config (redacted) Try →

GET /debug/stats Request counter Try →