MFMy FieldwirePublic API, OpenAPI, and SDK developer docs
Compare plansSign inDownload OpenAPI

Developers

Build against the published My Fieldwire API contract.

Use the current API host, exchange refresh tokens for bearer access, and wire plans, specifications, and webhooks from the same OpenAPI-backed SDK the product uses.

Refresh tokens: mfw_prt_Access tokens: mfw_sat_Legacy PATs rejected
Download snapshotManage credentials

API access is operator-managed

Public API credentials are created by account owners or managers from the account integrations surface. API access is not self-serve for anonymous visitors.

Refresh tokens are the long-lived secret

Credential creation returns a refresh token with the mfw_prt_ prefix. Exchange it for a short-lived bearer access token before calling the API.

Project-scoped tokens stay narrow

Project-scoped credentials are limited to project and workflow permissions. Tenant-level scopes such as integrations.manage and audit.read are rejected for project-scoped tokens.

Contract snapshot

Current API host and published contract metadata

This page reflects the current environment host and the committed OpenAPI snapshot that backs the generated TypeScript SDK.

OpenAPI snapshot

823

spec 3.0.0 generated 2026-04-30

Integration ops

87

6 public API and 8 webhook

SDK contract

0.2.0

Published through @app/sdk

API host

api.myfield.webcare.live

https://api.myfield.webcare.live

Authentication flow

Create a refresh token in the UI, exchange it for a short-lived bearer access token, then call the API with that bearer token.

Open JSON snapshot
  1. Create a refresh token from Account integrations or Project settings operations.
  2. Store the mfw_prt_ token value securely. It is shown only once.
  3. Exchange the refresh token at POST /integrations/public-api/access-token to receive an mfw_sat_ bearer access token.
  4. Send the bearer access token on API calls and repeat the exchange when the short-lived token expires.
  5. Do not use legacy PATs. They are revoked and rejected by the current contract.

Token exchange

Authenticate with refresh and access tokens

Use the refresh token only for exchange. Send the returned mfw_sat_ bearer token on follow-up calls.

curl -X POST "https://api.myfield.webcare.live/integrations/public-api/access-token" \
  -H "Content-Type: application/json" \
  -d '{
    "refreshToken": "mfw_prt_your_refresh_token_here"
  }'

Store refresh tokens securely and re-exchange them when an access token expires. Legacy PAT compatibility is not available on the current contract.

TypeScript SDK

Bootstrap a client with @app/sdk

The generated SDK shares the same OpenAPI contract snapshot used by the web app and exposes the token exchange, upload ingress, ingest, and webhook workflows directly.

import { ApiClient } from "@app/sdk";

const baseUrl = "https://api.myfield.webcare.live";
const refreshToken = process.env.MFW_REFRESH_TOKEN ?? "";

async function main() {
  const authClient = new ApiClient({ baseUrl });
  const { accessToken } = await authClient.exchangePublicApiAccessToken({
    refreshToken
  });

  const api = new ApiClient({
    baseUrl,
    getAccessToken: async () => accessToken
  });

  const upload = await api.createFileUploadIngress({
    tenantId: "tenant-id",
    projectId: "project-id",
    fileName: "issued-set.pdf",
    contentType: "application/pdf",
    sizeBytes: 1048576
  });

  await api.createPlanIngest({
    tenantId: "tenant-id",
    projectId: "project-id",
    uploadId: upload.uploadId,
    title: "Issued for review"
  });

  await api.createWebhookSubscription({
    tenantId: "tenant-id",
    name: "Task events",
    targetUrl: "https://example.com/webhooks/my-fieldwire",
    projectFilters: ["project-id"],
    eventFilters: ["task.created", "task.updated"]
  });
}

void main();

Access rules

Scope and runtime guardrails

  • Account owners and managers mint refresh tokens for account and project workflows.
  • Project-scoped credentials can request project and workflow scopes such as files.read, plans.write, specs.read, reports.export, and search.read.
  • Tenant and account admin permissions such as integrations.manage and audit.read are rejected for project-scoped tokens.
  • Plans and specification ingestion use asynchronous processing after the create call returns.

Workflow guides

Ship common integration flows

Start with the published path families below. Each guide pairs the current REST paths with the matching @app/sdk methods and a cURL example.

Plans upload and revisions

Register upload ingress first, stream the file to the returned target, then create the plan ingest or plan version request from the uploaded object.

REST paths

/files/uploads/plans/plans/{planId}/versions

SDK methods

createFileUploadIngresscreatePlanIngestcreatePlanVersionFromUpload
curl -X POST "https://api.myfield.webcare.live/files/uploads?tenantId=tenant-id" \
  -H "Authorization: Bearer mfw_sat_your_access_token" \
  -H "Content-Type: application/json" \
  -d '{
    "tenantId": "tenant-id",
    "projectId": "project-id",
    "fileName": "issued-set.pdf",
    "contentType": "application/pdf",
    "sizeBytes": 1048576
  }'

Treat upload registration, object transfer, and ingest as separate steps. Follow-up version uploads reuse the same ingress pattern.

Specification ingest and search

Upload the source file, create the specification ingest request, then query versions or section search once extraction is available.

REST paths

/specs/ingest/specs/{specBookId}/versions/specs/{specBookId}/search

SDK methods

ingestSpecgetSpecVersionssearchSpecSections
curl -X POST "https://api.myfield.webcare.live/specs/ingest?tenantId=tenant-id" \
  -H "Authorization: Bearer mfw_sat_your_access_token" \
  -H "Content-Type: application/json" \
  -d '{
    "tenantId": "tenant-id",
    "projectId": "project-id",
    "fileId": "file-id-from-upload",
    "title": "Division 09 - Finishes"
  }'

Specification processing is asynchronous. Use the returned book or version identifiers to continue with version history and section-level search.

Webhook setup, filtering, and retries

Create account-scoped subscriptions with optional project UUID filters, queue a signed test delivery, update the filters in place, and retry failed deliveries from the same contract family.

REST paths

/integrations/webhooks/subscriptions/integrations/webhooks/subscriptions/{subscriptionId}/integrations/webhooks/subscriptions/{subscriptionId}/test/integrations/webhooks/deliveries/{deliveryId}/retry

SDK methods

createWebhookSubscriptionupdateWebhookSubscriptiondeleteWebhookSubscriptionqueueWebhookTestDeliverygetWebhookDeliveriesretryWebhookDelivery
curl -X POST "https://api.myfield.webcare.live/integrations/webhooks/subscriptions?tenantId=tenant-id" \
  -H "Authorization: Bearer mfw_sat_your_access_token" \
  -H "Content-Type: application/json" \
  -d '{
    "tenantId": "tenant-id",
    "name": "Task events",
    "targetUrl": "https://example.com/webhooks/my-fieldwire",
    "projectFilters": ["project-id"],
    "eventFilters": ["task.created", "task.updated"],
    "retryPolicy": {
      "maxAttempts": 5,
      "baseBackoffSeconds": 30
    }
  }'

Blank event filters mean all events and blank project filters mean all projects. The initial event catalog is task lifecycle plus plan/spec version acceptance.

Changelog

Recent contract changes

2026-04-14

Refresh and access token contract became current

The public API now requires refresh-token exchange for bearer access tokens. Legacy PAT rows were revoked during the refresh-access cutover.

2026-04-14

Legacy 2026-03-06 contract moved to sunset

Supported version metadata keeps the earlier public API version visible as sunset while the current token exchange flow stays on 2026-04-14.

Developer Q and A

Troubleshooting the current contract

How do I get a bearer access token?

Create a refresh token in the UI, then POST it to /integrations/public-api/access-token. The response returns a short-lived bearer token with the mfw_sat_ prefix.

Why did a project-scoped credential return 403?

Project-scoped tokens cannot request tenant or account admin permissions. Use only project and workflow scopes such as files.read, plans.write, specs.read, reports.export, or search.read.

Why do plan and spec uploads finish after the request returns?

Upload registration is synchronous, but ingest and extraction continue through the documents processing pipeline. Poll the related plan or specification resources after the create call returns.

Which API host should my client use?

Use the base URL shown on this page for the current deployment. Keep local preview hosts out of production clients and update your configured host when environments change.