API Reference
Geodocs Public API
REST API with Personal Access Token (PAT) authentication for GIS project automation.
API:https://api.geodocs.io
Geo-API:https://geo-api.geodocs.io
Authentication
All requests require a Personal Access Token (PAT) in the Authorization header. Create tokens in Geodocs > Settings > API Tokens.
Token format:
gdx_<48 hex chars>Request header:
Authorization: Bearer gdx_...Rate limit: 100 requests/minute per token
Each token has scopes that control which endpoints it can access.
# Authenticate with PAT
curl -H "Authorization: Bearer gdx_a1b2c3..." \
https://api.geodocs.io/api/public/v1/folders
Pagination
All list endpoints support pagination with these query parameters:
pagePage number (default: 1)limitItems per page (default: 50, max: 100)termSearch/filter termResponse envelope
{
"content": [{ ... }],
"total": 142,
"page": 1,
"size": 50,
"pages": 3
}
"content": [{ ... }],
"total": 142,
"page": 1,
"size": 50,
"pages": 3
}
Endpoints
Folders
Scope:
READ_FOLDERGET
/api/public/v1/foldersGET
/api/public/v1/folders/:keyAssignments
Scope:
READ_ASSIGNMENTGET
/api/public/v1/assignmentsGET
/api/public/v1/assignments/:keyExpenses
Scope:
READ_EXPENSEGET
/api/public/v1/expensesGET
/api/public/v1/expenses/:keyBudgets
Scope:
READ_BUDGETGET
/api/public/v1/budgetsGET
/api/public/v1/budgets/:keyStatuses
Scope: No scope required
GET
/api/public/v1/statusesWebhooks
Scope:
MANAGE_WEBHOOKPOST
/api/public/v1/webhooks/endpointsDELETE
/api/public/v1/webhooks/endpoints/:keyLayers
geo-apiScope: No scope required
GET
/api/public/v1/layersGET
/api/public/v1/layers/:id/mvt/{z}/{x}/{y}Geometries
geo-apiScope: No scope required
POST
/api/public/v1/geometries/geojsonWebhook Events
When subscribed, Geodocs sends HTTP POST requests to your endpoint with this payload:
Available event types
folder.createdfolder.updatedfolder.deletedfolder.archivedassignment.createdassignment.updatedassignment.deletedexpense.createdexpense.updatedexpense.deletedbudget.createdbudget.updatedbudget.deletedEvent payload
{
"id": "delivery-uuid",
"event": "folder.created",
"workspaceKey": "workspace-uuid",
"occurredAt": "2026-03-28T14:22:00Z",
"data": { "id": "entity-uuid", ... }
}
"id": "delivery-uuid",
"event": "folder.created",
"workspaceKey": "workspace-uuid",
"occurredAt": "2026-03-28T14:22:00Z",
"data": { "id": "entity-uuid", ... }
}
Signature verification
Each delivery includes an X-Geodocs-Signature header. Verify it using HMAC-SHA256:
// Node.js
const crypto = require('crypto');
const expected = crypto
.createHmac('sha256', secret)
.update(rawBody)
.digest('hex');
const received = header
.replace('sha256=', '');
const valid = crypto
.timingSafeEqual(
Buffer.from(expected),
Buffer.from(received));
Error Handling
All endpoints return standard HTTP status codes:
200OK204No Content (DELETE)400Bad Request401Unauthorized403Forbidden (missing scope)404Not Found429Too Many Requests500Internal Server ErrorError response format
{
"statusCode": 403,
"message": "Token missing required scope: READ_FOLDER",
"error": "Forbidden"
}
"statusCode": 403,
"message": "Token missing required scope: READ_FOLDER",
"error": "Forbidden"
}
Ready to integrate?
Create your free account and generate an API token to get started.