Overview

The developer surface for Busymate — read and write your data, subscribe to live changes, and drive the assistant, all with a single OAuth access token.

Busymate's backend is a standard, fully-documented API surface. There's one credential and three ways in: a REST API, Realtime channels, and the MCP server. Pick whichever fits your integration.

One token

Everything on these Reference pages authenticates with the same OAuth 2.1 access token. There is no second key, no per-service token — the one token authenticates REST, Realtime, MCP, and the BusyBro ask API alike.

How you get one:

• External clients run the OAuth 2.1 flow (Dynamic Client Registration + PKCE) against the MCP server — see MCP → Connect.
• In the dashboard, your logged-in session is exchanged for the identical token automatically.

The token carries your identity and role. Every surface enforces row-level security + capabilities server-side, so a request only ever returns or changes what your role permits — see Roles & permissions.

Three ways in

On this page set

• REST API — tables, filters, writes, and the integrator RPCs (effective_settings_for_device, expand_service_groups, entries_filtered_list/_count, get_stats).
• Realtime channels — the broadcast channels (ws:<workspace_id>, device:<uuid>, and the fleet/settings fan-outs) plus postgres_changes CDC.
• Stats & status API — live fleet stats and infra health over REST, MCP, and Realtime.
• Telegram linking — bind a Telegram account to your dashboard identity.
• BusyBro ask API — call the assistant programmatically with streaming SSE.
• Release & versioning — the version.json single-source model and /api/version.

Want the internals — how captures flow from a device through the database to the dashboard, how the token is verified, how the VPS and the cloud backend split responsibilities? That's Under the Hood.