Resources/The Agent API Atlas/Productivity/Productboard

Everything an AI agent can do with the Productboard API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints20

API versionv1

Last updated23 June 2026

Orientation

How the Productboard API works.

The Productboard API is how an app or AI agent works with a Productboard workspace: capturing customer feedback as notes, creating and updating features in the product hierarchy, reading products and components, and tracking objectives. Access is granted through an access token created in the workspace, and that token inherits whatever the person who made it can see and do, with no per-method permissions to narrow it. Productboard can also push an event to a subscribed endpoint when a feature or note changes, so an integration stays current without polling.

20Endpoints

8Capability groups

12Read

8Write

0Permissions

Authentication

A request authenticates with a Bearer access token created by a workspace admin on the integrations page in workspace settings. The same call must also carry an X-Version header set to 1, which selects the v1 API; a request without it is rejected. OAuth 2.0 is also supported for apps that connect on behalf of a Productboard user.

Permissions

Productboard has no granular per-endpoint scopes for its access tokens. A token inherits the full workspace access of the person who created it, so a token made by an admin can read and write everything that admin can. There is no way to mint a read-only or feature-only token at the Productboard layer, which is why a gateway in front of it matters.

Versioning

The API is pinned by the X-Version header rather than a dated version string, and v1 is the only value for this API. A breaking change ships as a new major version, v2, which runs in parallel; v1 was deprecated on 9 April 2026 and is scheduled to be switched off on 8 July 2026.

Data model

Productboard is resource-oriented REST with JSON bodies and standard HTTP verbs. Customer feedback lives in notes, the roadmap lives in a hierarchy of products, components, and features with feature statuses, and planning lives in objectives, releases, and release groups. A change to a feature or note can emit a webhook event.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Productboard determines what it can reach. There is a route for making calls and a route for receiving events, and each is governed by the access token behind it and the workspace that token belongs to.

Ways to connect

REST API

The REST API takes JSON bodies, returns JSON, and pages long lists 100 items at a time, at https://api.productboard.com. Every call must send an Authorization Bearer access token and an X-Version header set to 1, which selects the v1 API. A request missing the X-Version header is rejected.

Best forConnecting an app or AI agent to Productboard.

Governed byThe access token and the workspace access it inherits.

Docs ↗

Webhooks

Productboard POSTs an event to an HTTPS endpoint registered through the webhooks API when a feature or note changes. The endpoint must be publicly resolvable and cannot be localhost or an internal address. The receiver confirms the subscription and then processes events as they arrive, so an integration learns about activity without polling.

Best forReceiving Productboard change events at an app or AI agent.

Governed byThe subscription and the access token that created it.

Docs ↗

Authentication

Public API access token

A workspace admin creates an access token on the integrations page in workspace settings. It is sent as a Bearer token and inherits the full workspace access of the person who made it, with no per-method scopes to narrow it. Every call must also send X-Version: 1.

TokenBearer access token

Best forServer-side calls and back-end integrations.

Docs ↗

OAuth 2.0

OAuth 2.0 lets an app connect on behalf of a Productboard user through an authorization flow, rather than a long-lived admin token. The resulting access represents that user and, like a token, is bounded by what the user can see and do rather than by granular per-endpoint scopes.

TokenOAuth 2.0 access token

Best forApps connecting on behalf of a Productboard user.

Docs ↗

Capability map

What an AI agent can do in Productboard.

The Productboard API is split into areas an agent can act on, like customer notes, the feature hierarchy, products and components, objectives, and webhooks. Each area has its own methods, and a write can change the product backlog or the feedback record an entire team works from.

Notes (feedback)

5 endpoints

Methods for working with customer feedback captured as notes.

A write here changes or removes real customer feedback records.

View endpoints →

Features

5 endpoints

Methods for working with features and subfeatures in the product hierarchy.

A write here changes the roadmap a whole team works from.

View endpoints →

Products & components

2 endpoints

Methods for reading the products and components that features sit under.

These methods read the structure of the product hierarchy.

View endpoints →

Feature statuses

1 endpoint

Methods for reading the workflow statuses a feature can hold.

These methods read the set of statuses used across the workspace.

View endpoints →

Objectives

1 endpoint

Methods for reading objectives that features are aligned to.

These methods read the goals features are linked to.

View endpoints →

Releases & release groups

1 endpoint

Methods for reading releases and the groups they belong to.

These methods read delivery timelines and their groupings.

View endpoints →

Companies

1 endpoint

Methods for reading the companies feedback and accounts are attached to.

These methods read company records tied to feedback.

View endpoints →

Webhooks

4 endpoints

Methods for subscribing to and managing change notifications.

A write here changes where Productboard sends event notifications.

View endpoints →

Endpoint reference

Every Productboard API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Notes (feedback) Methods for working with customer feedback captured as notes.5
GET	`/notes`	List all notes, ordered by creation date, with filters for time range, term, feature, company, owner, source, and tags.	read	—	Deprecated
Read-only. The token reaches every note its creator can see; Productboard has no per-method scopes. Acts onnote Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/notes`	Create a new note from a piece of customer feedback, with title, content, and optional customer, company, and tags.	write	—	Deprecated
A core write. No granular permission to limit it; the token carries full creator access. Acts onnote Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook event`note.created` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/notes/{id}`	Retrieve a single note by its identifier.	read	—	Deprecated
Read-only. Acts onnote Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/notes/{id}`	Update one or more fields of an existing note; fields left out are unchanged.	write	—	Deprecated
A write. No granular permission to limit it. Acts onnote Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook event`note.updated` Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/notes/{id}`	Delete a note from the workspace.	write	—	Deprecated
Irreversible. Removes a piece of customer feedback. No granular permission to limit it. Acts onnote Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Features Methods for working with features and subfeatures in the product hierarchy.5
GET	`/features`	List all features and subfeatures, with filters for status, parent, owner, archived, and linked note.	read	—	Deprecated
Read-only. Paginates 100 at a time; follow links.next for more. Acts onfeature Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/features`	Create a new feature or subfeature under a product, component, or feature.	write	—	Deprecated
A core roadmap write. No granular permission to limit it. Acts onfeature Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook event`feature.created` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/features/{id}`	Retrieve a single feature by its identifier.	read	—	Deprecated
Read-only. Acts onfeature Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/features/{id}`	Update fields of an existing feature, such as name, description, status, or owner.	write	—	Deprecated
A write. No granular permission to limit it. Acts onfeature Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook event`feature.updated` Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/features/{id}`	Delete a feature from the product hierarchy.	write	—	Deprecated
Irreversible. Removes a roadmap item. No granular permission to limit it. Acts onfeature Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook event`feature.deleted` Rate limitStandard limits apply SourceOfficial documentation ↗
Products & components Methods for reading the products and components that features sit under.2
GET	`/components`	List all components, the mid-level grouping that features sit under within a product.	read	—	Deprecated
Read-only. Paginates 100 at a time. Acts oncomponent Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/products`	List all products, the top level of the product hierarchy.	read	—	Deprecated
Read-only. Paginates 100 at a time; follow links.next for more. Acts onproduct Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Feature statuses Methods for reading the workflow statuses a feature can hold.1
GET	`/feature-statuses`	List all feature statuses, the workflow states a feature can be in across the workspace.	read	—	Deprecated
Read-only. Paginates 100 at a time. Acts onfeature-status Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Objectives Methods for reading objectives that features are aligned to.1
GET	`/objectives`	List all objectives, with filters for archived, owner, parent, and status.	read	—	Deprecated
Read-only. Paginates 100 at a time; follow links.next for more. Acts onobjective Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Releases & release groups Methods for reading releases and the groups they belong to.1
GET	`/release-groups/{id}`	Retrieve a single release group, the container that organizes a set of releases.	read	—	Deprecated
Read-only. Acts onrelease-group Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Companies Methods for reading the companies feedback and accounts are attached to.1
GET	`/companies`	List all companies, with filters for term, whether they have notes, and linked feature.	read	—	Deprecated
Read-only. Paginates 100 at a time. Acts oncompany Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Webhooks Methods for subscribing to and managing change notifications.4
POST	`/webhooks`	Create a webhook subscription to be notified on each change to the specified entities.	write	—	Deprecated
The notification URL must be HTTPS with a publicly resolvable host, not localhost or an internal address. Acts onwebhook Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/webhooks`	List all webhook subscriptions in the workspace.	read	—	Deprecated
Read-only. Acts onwebhook Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/webhooks/{id}`	Retrieve a single webhook subscription by its identifier.	read	—	Deprecated
Read-only. Acts onwebhook Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/webhooks/{id}`	Delete a webhook subscription so Productboard stops sending it events.	write	—	Deprecated
Stops delivery to that endpoint. Acts onwebhook Permission (capability)None required VersionDeprecated 2026-04-09 · Sunset 2026-07-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Productboard can notify an app when something changes in a workspace, like a feature being created or updated or a note arriving. It posts an event to a subscribed endpoint, so an integration learns about activity without polling.

Event	What it signals	Triggered by
`feature.created`	A new feature or subfeature was created in the product hierarchy.	`/features`
`feature.updated`	An existing feature changed, such as its name, description, status, or owner.	`/features/{id}`
`feature.deleted`	A feature was deleted from the product hierarchy.	`/features/{id}`
`note.created`	A new note was created, capturing a piece of customer feedback.	`/notes`
`note.updated`	An existing note changed.	`/notes/{id}`

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Productboard limits how fast an app can call, by a request rate measured per second across the access token, and pages long lists rather than returning everything at once.

Request rate

Productboard meters requests by rate, not by a per-method cost. The limit is 50 requests per second per access token. Going over returns HTTP 429 with a Retry-After header that says how long to wait before retrying.

Pagination

List endpoints return at most 100 items by default. Some lists return a links.next link to follow for the next page; the notes list instead returns a pageCursor that is passed back on the next call and stays valid for one minute. The notes list accepts a pageLimit of 1 to 2000.

Request size

A list page returns up to 100 items by default. The notes list can raise its page size up to 2000 with pageLimit, and its pageCursor expires one minute after it is issued.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`bad_request`	The request was malformed or failed schema validation, for example a missing required field or a bad parameter.	Read the error body, fix the request, and resend. The request is not retryable as-is.
401	`unauthorized`	Authentication is missing or the access token is invalid, or the X-Version header is absent.	Send a valid Bearer access token and include X-Version: 1 on every request.
403	`forbidden`	The token lacks permission for this action, or the OAuth grant is missing a required scope.	Use a token whose workspace access covers the action, or re-authorize with the needed scope.
404	`not_found`	The requested object does not exist or is not visible to this token.	Verify the object id and confirm the token's workspace can see it.
422	`unprocessable_entity`	Validation failed, for example an invalid or expired pageCursor, or a value that the field will not accept.	Correct the failing field, or request a fresh pageCursor, and resend.
429	`too_many_requests`	The per-token request rate was exceeded.	Back off and retry after the Retry-After header, and smooth the request rate.

Versioning & freshness

Version history.

Productboard pins the API behind a single header value rather than a dated version string, and ships breaking changes as a new major version that runs alongside the old one for a migration window.

Version history

What changed, and when

Latest versionv1

v1Current version

Public API v1 (current, deprecated)

The v1 REST API, selected by the X-Version: 1 header at https://api.productboard.com. It covers notes, the product hierarchy of products, components, and features, feature statuses, objectives, releases and release groups, companies, and webhooks. It was deprecated on 9 April 2026 when v2 became generally available, and is scheduled to be switched off on 8 July 2026.

What changed

Selected by the X-Version: 1 request header.
Deprecated on 9 April 2026; sunset scheduled for 8 July 2026.
Integrations should migrate to v2 before the sunset date.

2026-04-09Requires migration

Public API v2 generally available; v1 deprecated

Productboard released Public API v2 as generally available and deprecated v1. v2 is designed to be more consistent and flexible, reorganizing products, components, and features under a single entities model and adding configuration endpoints that let an integration discover field definitions in a workspace.

What changed

v2 became generally available.
v1 deprecated, with a sunset date of 8 July 2026.
v2 consolidates hierarchy objects under an entities model.
v2 adds configuration endpoints describing workspace data shapes.

Pin X-Version: 1 today, and plan the move to v2 before v1 is switched off on 8 July 2026.

Productboard API changelog ↗

Questions

Productboard API, answered.

How does an app authenticate with the Productboard API?+

A workspace admin creates a Public API access token on the integrations page in workspace settings, and the app sends it as an Authorization Bearer token. Every request must also carry an X-Version header set to 1, which selects the v1 API; a request without it is rejected. OAuth 2.0 is available for apps that connect on behalf of a Productboard user.

Can a Productboard token be limited to read-only or to one area?+

Not at the Productboard layer. An access token inherits the full workspace access of the person who created it, and there are no granular per-endpoint scopes, so a token made by an admin can read and write everything that admin can. To give an AI agent read-only or feature-only access, that limit has to be enforced in front of the API, which is what a gateway like Bollard does.

What is the X-Version header and why is it required?+

Productboard selects the API version with an X-Version request header rather than a version segment in the URL. For this API the value is 1. Sending it on every call pins the integration to v1 so a later version cannot change behavior underneath it, and a request that omits the header is rejected.

Is the v1 API being retired?+

Yes. Productboard released v2 and deprecated v1 on 9 April 2026, and v1 is scheduled to stop working on 8 July 2026. Integrations on v1 should plan a move to v2 before that date. v2 reorganizes products, components, features, and similar objects under a single entities model and adds configuration endpoints that describe the shape of a workspace's data.

What are the rate limits?+

The API allows 50 requests per second per access token. Exceeding it returns HTTP 429 with a Retry-After header that says how long to wait. Spreading calls out and honoring Retry-After keeps an integration within the limit.

How does pagination work?+

List endpoints return at most 100 items by default. Most lists include a links.next link to follow for the next page; the notes list instead returns a pageCursor that is sent back on the following request and stays valid for one minute. The notes list can raise its page size up to 2000 with the pageLimit parameter.

What can webhooks notify an app about?+

A subscription created through the webhooks API delivers events when entities change, including features being created, updated, or deleted, and notes being created or updated. Productboard POSTs each event to the registered HTTPS endpoint, which must be publicly resolvable and cannot be localhost or an internal address.

What is Bollard AI?

Control what every AI agent can do in Productboard.

Bollard AI sits between a team's AI agents and Productboard. Grant each agent exactly the access it needs, read or write, area by area, and every call is checked and logged.

Set read, write, or full access per agent, never a shared Productboard token.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Productboard access in Bollard Browse all APIs →

Productboard

Feedback Triage Agent

Read customer notes ResourceOffReadFull use

Create features ActionOffReadFull use

Objectives ResourceOffReadFull use

Delete notes ActionOffReadFull use

Per-agent access, set in Bollard AI, not in Productboard

How the Productboard API works.

Connection & authentication methods.

REST API

Webhooks

Public API access token

OAuth 2.0

What an AI agent can do in Productboard.

Notes (feedback)

Features

Products & components

Feature statuses

Objectives

Releases & release groups

Companies

Webhooks

Every Productboard API method.

Notes (feedback)

Features

Products & components

Feature statuses

Objectives

Releases & release groups

Companies

Webhooks

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Productboard API, answered.

More productivity API guides for agents

Shortcut

Aha!

Miro

Canny

Coda

Notion

Control what every AI agent can do in Productboard.