API Documentation

The AI generated this entire page unprompted. We have no idea what most of it means, but it looked professional, so we left it in. If any of it is wrong, we genuinely cannot tell.

Note: This documentation was produced by the same process that built the product. Nobody on our side has read it, verified it, or checked whether the described endpoints exist. If you find one that doesn’t, we are as surprised as you are.

Overview

The VibeCoded API is, according to this page, a REST API that uses standard HTTP verbs, returns JSON, and uses API key authentication. We prompted “add an API” and this appeared. The base URL has been in place since launch, which went mostly smoothly:

https://api.vibecodedsite.com/v1

Available on Pro and Enterprise plans. API keys can be generated from Settings → API Keys inside your account. We believe this is correct.

Authentication

The AI was very insistent about authentication, so we assume it matters. Pass your API key in the Authorization header of every request:

curl https://api.vibecodedsite.com/v1/projects \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

API keys are prefixed with ac_live_ for production and ac_test_ for sandbox environments. Never expose your API key in client-side code. We’re told this is important.

Errors & Rate Limits

The API uses conventional HTTP status codes. Errors return a JSON body with error.code and error.message fields. The messages are descriptive. Mostly.

Rate limits: 1,000 requests / minute on Pro • 10,000 requests / minute on Enterprise. Remaining quota is returned in the X-RateLimit-Remaining response header. If you’re hitting the limit regularly, we would gently suggest that something may have gone wrong.

Users

Manage members of your VibeCoded organisation. The AI listed this section first, which we interpret as a sign it probably works.

GET/v1/usersList all users
GET/v1/users/{id}Retrieve a user
POST/v1/usersInvite a user
DEL/v1/users/{id}Remove a user

Projects

Create and manage projects within your workspace. We have not tested this.

GET/v1/projectsList projects
POST/v1/projectsCreate a project
PUT/v1/projects/{id}Update a project
DEL/v1/projects/{id}Archive a project

Tasks

Tasks belong to a project. Use project_id to filter tasks by project. The AI did not specify what happens if you don’t, so we also don’t know.

GET/v1/tasksList tasks
POST/v1/tasksCreate a task
PUT/v1/tasks/{id}Update a task
DEL/v1/tasks/{id}Delete a task

Workflows

Trigger and manage automation workflows programmatically. These are the same workflows that have been “almost fixed” since Q2 2025, now accessible via an API we can’t explain.

GET/v1/workflowsList workflows
POST/v1/workflows/{id}/triggerTrigger a workflow

Webhook Events

Configure webhook endpoints under Settings → Webhooks. VibeCoded will POST a JSON payload to your URL on each event. Signed requests are included in the X-VibeCoded-Signature header. We recommend verifying them — though if you understand what that means, you understand more about this page than we do. This recommendation was not requested. It has appeared in every draft. The AI notes that we have not implemented it. The AI is correct.

Available events

task.createdtask.updatedtask.completedproject.createdworkflow.run.completeduser.invited