QEHSDeveloper portal
API reference
All public endpoints follow the same patterns: bearer authentication, JSON bodies, cursor pagination, idempotency keys, and rate-limit headers.
Live OpenAPI spec
The full OpenAPI 3.1 document is served from your QEHS tenant — it includes your modules and is always current.
GET https://app.qehsethos.com/api/docs/spec.json · authenticate with your API key to see tenant-specific endpoints.
Endpoints
| Method | Path | Description |
|---|---|---|
| GET | /api/v1/records | List records across one module with filters and pagination. |
| POST | /api/v1/records | Create a new record — validates against the module schema. |
| GET | /api/v1/records/{id} | Retrieve a record including activity and attachments metadata. |
| PATCH | /api/v1/records/{id} | Partial update — only the keys you supply are changed. |
| POST | /api/v1/records/{id}:transition | Advance a record through its workflow. |
| DELETE | /api/v1/records/{id} | Soft-delete a record (still retrievable via audit log). |
| POST | /api/modules/{moduleKey}/bulk | Bulk-load NDJSON with idempotency keys. |
| POST | /api/v1/attachments | Request a signed URL for direct-to-storage upload. |
| GET | /api/v1/attachments/{id} | Download a signed URL to an attachment. |
| POST | /api/v1/exports | Start an export job (CSV / XLSX / PDF). |
| GET | /api/v1/exports/{jobId} | Poll the status of an export job. |
| GET | /api/v1/modules | List installed modules in your tenant. |
| GET | /api/v1/modules/{moduleKey} | Retrieve the full schema — fields, workflow, permissions. |
| POST | /api/scim/v2/Users | SCIM 2.0 provisioning — create user. |
| PATCH | /api/scim/v2/Users/{id} | SCIM 2.0 — patch user attributes or activation state. |
| POST | /api/scim/v2/Groups | SCIM 2.0 — create group, which maps to QEHS roles. |
Conventions
- All requests authenticate with
Authorization: Bearer $QEHS_API_KEY. - Pagination uses cursor (
nextCursor), not page/offset. - Timestamps are always ISO 8601 with timezone (
Zfor UTC). - Errors follow RFC 7807 problem+json with
type,title,detail,code, andtraceId. - Supply
Idempotency-Keyon unsafe methods to make retries safe. - GraphQL is available at
/api/graphqlwith the same auth model.