Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developers.tarefy.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Each Tarefy user has granular permissions within their account, configured by the administrator. These permissions determine which API endpoints the JWT token can access. When a request is made to a protected endpoint, the API validates the token and:
  • Allows if the user has the required permission → 2xx response
  • Blocks otherwise → 403 Forbidden response

Discovering your permissions

To find out which permissions the authenticated token has, use: 
curl https://app.tarefy.com/nodeapi/api/v2/users/me \
  -H "Authorization: Bearer YOUR_TOKEN"
The response includes a permissions field listing the permissions granted to the user. Use that array to decide client-side which features to enable before calling specific endpoints — avoiding unnecessary 403s.

Handling 403 in your integration

Even with prior checks, you may still receive 403 Forbidden (admin changes permissions, account switch, etc.). Handle it like: 
if (res.status === 403) {
  // The user lost permission for this endpoint
  // → refresh UI / show clear message / fallback
}
The response body: 
{
  "message": "Forbidden",
  "code": "INSUFFICIENT_PERMISSION"
}

Permissions per endpoint

Every endpoint in the API Reference clearly states whether it requires a permission. Generally:
  • Read (GET) — requires reading the resource
  • Write (POST/PATCH/PUT) — requires editing the resource
  • Admin — requires a specific administrative permission
Available permissions are defined by the account administrator in the Tarefy app. For a user to gain access to a specific endpoint, the administrator must grant the corresponding permission.
StatusScenario
401 UnauthorizedMissing, invalid or expired token
403 ForbiddenValid token, but missing required permission
404 Not FoundSome APIs return 404 instead of 403 when the user can’t read the resource (avoids leaking existence)
See Errors for the full error pattern.