`GET /api/apps/board` — one server-paginated, filtered + sorted page of the Apps board plus the total + the workspace-wide facet chips.
const url = 'https://example.com/api/apps/board';const options = {method: 'GET', headers: {cookie: 'supacloud_session=<supacloud_session>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://example.com/api/apps/board \ --cookie supacloud_session=<supacloud_session>Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Query Parameters
Section titled “Query Parameters”Free-text search over the App name + description.
framework filter chip (plain | react | svelte).
deploy_status filter chip — the page’s tab/dropdown vocabulary
(deployed | paused | undeployed | draft). draft matches a
never-deployed App (or a literal draft deployment); any other value
matches the App’s canonical derived deploy status exactly.
Whitelisted sort column: name | created_at | updated_at.
Default updated_at.
asc | desc (default desc).
Recompute the facet chips (default true). The board sends false on a
page/sort change since the chip counts are workspace-wide.
Responses
Section titled “Responses”One page of Apps.
GET /api/apps/board body — one page of Apps + total + facet chips.
object
The workspace-wide facet chips for the Apps board.
object
Counts per canonical deploy_status (deployed | paused |
undeployed | draft). The bucket is the per-App derived deployment
status (COALESCE(latest_status, 'draft')), so a never-deployed App
buckets as draft — matching the page’s tab/dropdown vocabulary and the
deploy_status board filter.
One filter-chip value and its count. Counts are workspace-wide (independent of the active filter — the chip totals do not shift as the user filters).
object
How many rows fall in this bucket.
The bucket value (e.g. a scope, a role, a framework).
Counts per framework (plain | react | svelte).
One filter-chip value and its count. Counts are workspace-wide (independent of the active filter — the chip totals do not shift as the user filters).
object
How many rows fall in this bucket.
The bucket value (e.g. a scope, a role, a framework).
Total App count in the workspace (independent of the active filter).
Lightweight list-row view – drops manifest_yaml so a workspace with
dozens of large manifests does not balloon the list-API payload. The
detail GET still returns the full AppView with the manifest.
#358 board: enriched with the per-card runtime state so the Apps list
renders deploy status / version / route, the latest build, and the
member counts without an extra round-trip. Every runtime field is
nullable / defaulted so a never-deployed (draft) App lists cleanly.
Serialised snake_case (the struct has no rename_all), matching the
existing list fields and the App domain row.
object
Active deployment status (deployed | paused | draft |
undeployed). None ⇒ the App has never been deployed (draft).
Version string of the active deployment (e.g. 1.0.0). None when
there is no deployment.
ADR 0030 – build framework, so list cards can show a framework badge without fetching the full manifest.
Finished-at of the most-recent build (completed_at). None when
the App has never been built OR the latest build is still running.
Status of the most-recent build (queued | claimed | building
| succeeded | failed). None when the App has never been built.
Number of resources wired into the App (membership join).
Public route of the active deployment, /a/{workspace}/{route}.
None when there is no deployment.
Number of scripts wired into the App (membership join).
Number of workflows wired into the App (membership join).
Examplegenerated
{ "facets": { "by_deploy_status": [ { "count": 1, "value": "example" } ], "by_framework": [ { "count": 1, "value": "example" } ], "total": 1 }, "items": [ { "created_at": "2026-04-15T12:00:00Z", "deploy_status": "example", "deployed_version": "example", "description": "example", "framework": "example", "id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "latest_build_at": "2026-04-15T12:00:00Z", "latest_build_status": "example", "name": "example", "resource_count": 1, "route": "example", "script_count": 1, "slug": "example", "updated_at": "2026-04-15T12:00:00Z", "workflow_count": 1, "workspace_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0" } ], "total": 1}Structured client error
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Authentication required
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Permission denied
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Structured server error
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}