Base URL

https://changebreeze.com/api/v1

Content Type

• Responses are JSON.

• Requests for these endpoints are GET only (read-only)

Authentication

API Key Auth (Required)

All endpoints except /status/ require an API key.

Header format

Send the key in the Authorization header:

Example:
curl -H "Authorization: Api-Key cb_xxxxxxxxxxxxxxxxx" \
  "http://changebreeze.com/api/v1/changes/"

Common auth errors

• 401 Unauthorized

  • {"detail":"Invalid or revoked API key."}

  • Causes:

    • Missing Authorization header

    • Key is wrong / revoked / inactive

    • Key doesn’t meet server rules (e.g., not an allowed user type)

Rate Limits (Throttling)

• Anonymous (typically only /status/):

  • 30 requests / minute

• Authenticated (API key requests):

  • 120 requests / minute

If exceeded you’ll receive 429 Too Many Requests.

Pagination

List endpoints are paginated (DRF PageNumberPagination).

Default page size

• 50 results per page

Response shape

{
  "count": 123,
  "next": "http://.../api/v1/changes/?page=2",
  "previous": null,
  "results": [ ... ]
}

Pagination parameters

page: integer

Example: ?page=2

Health / Status

GET /status/

• Authentication: Not required

• Purpose: Uptime / connectivity check

Example:
curl "http://changebreeze.com/api/v1/status/"

 

Response:
{
  "status": "ok",
  "version": "v1",
  "timestamp": "2026-02-14T18:26:37.123456+00:00"
}

 

Changes

GET /changes/

Returns a paginated list of changes across all companies you’re allowed to access (scoped to your API key’s organisation).

Example

GET /changes/{ticket_id}/

Returns a single change by ticket_id.

Example

Change fields returned

• change_id (string) — the ticket id

• title (string)

• description (string)

• change_type (string enum)

• change_type_display (string)

• status (string enum)

• status_display (string)

• priority (string enum)

• priority_display (string)

• risk_level (string enum)

• risk_level_display (string)

• company_name (string)

• created_by_name (string|null)

• created_by_email (string|null)

• assigned_to_name (string|null)

• assigned_to_email (string|null)

• scheduled_start (datetime|null)

• scheduled_end (datetime|null)

• created_at (datetime)

• updated_at (datetime)

• detail_url (string) — relative URL to the UI page

Change list filters (GET /changes/)

All filters are combined using AND logic (chaining is supported): ?company=...&status=...&priority=...

Filter: company (exact match)

• Parameter: company

• Type: string

• Match: case-insensitive exact

• Example:

  • ?company=Acme%20Corp

Spaces in company names (your issue)

In a URL, spaces must be encoded. Use either:

• %20 (recommended)

• + (also valid in query strings)

Examples:

• ?company=Far%20Far%20Away

• ?company=Far+Far+Away

If you’re using curl, you must quote the URL:

curl -H "Authorization: Api-Key cb_xxx" \
  "http://changebreeze.com/api/v1/changes/?company=Far%20Far%20Away"

If you do this but it still doesn’t match, it usually means one of:

• The company name isn’t exactly that string (extra spaces, different punctuation)

• The company isn’t active (is_active=True is enforced)

• The company is not in your organisation scope (you’ll get empty results)

Filter: status

Parameter: status
Type: string enum
Allowed values: must be one of ChangePlan.STATUS_CHOICES

Example:
?status=submitted

 

Filter: change_type

Parameter: change_type
Type: string enum
Allowed values: must be one of ChangePlan.CHANGE_TYPE_CHOICES

Example:
?change_type=standard

 

Filter: priority

Parameter: priority
Type: string enum
Allowed values: must be one of ChangePlan.PRIORITY_CHOICES

 

Example:
?priority=high

 

Filter: search

Free-text search (case-insensitive partial match) across:

title
description
ticket id

Example:
?search=firewall

Date/time filters (ISO-8601)

All date-time values must be ISO-8601 parseable by Django (examples below use UTC Z).

from: created_at >= from
to: created_at <= to
since: created_at >= since
updated_after: updated_at >= updated_after

Examples:
?from=2026-02-01T00:00:00Z&to=2026-02-14T00:00:00Z
?since=2026-02-10T00:00:00Z
?updated_after=2026-02-13T00:00:00Z

Ordering

Parameter: ordering
Allowed values (whitelist):
created_at, -created_at
updated_at, -updated_at
title, -title
status, -status
priority, -priority
scheduled_start, -scheduled_start

Example:
?ordering=-updated_at

Chaining filters (example)

curl -H "Authorization: Api-Key cb_xxx" \
  "http://changebreeze.com/api/v1/changes/?company=Far%20Far%20Away&status=submitted&priority=high&since=2026-02-01T00:00:00Z&ordering=-created_at"

Pending Approvals

GET /approvals/pending/
Returns changes that are awaiting approval across your organisation.

Pending statuses are:

submitted
technical_approved
vcab_pending

Example:

curl -H "Authorization: Api-Key cb_xxx" \
  "http://changebreeze.com/api/v1/approvals/pending/"

Pending approvals filters

Supported query params:

company (exact match, same encoding rules for spaces)
from, to, since, updated_after (ISO-8601)
ordering (whitelist):
submitted_at, -submitted_at
created_at, -created_at
priority, -priority
title, -title

Example:
curl -H "Authorization: Api-Key cb_xxx" \
  "http://changebreeze.com/api/v1/approvals/pending/?company=Far%20Far%20Away&ordering=submitted_at"

Fields returned

• change_id

• title

• change_type, change_type_display

• status, status_display

• priority, priority_display

• approval_stage

• approval_mode

• company_name

• created_by_name, created_by_email

• assigned_to_name

• technical_approver_name, technical_approved, technical_approved_at

• operational_approver_name, operational_approved, operational_approved_at

• submitted_at

• scheduled_start, scheduled_end

• created_at

• detail_url

Notes / Known Behaviors

Company names with spaces

• Browsers handle encoding automatically.

• In scripts/curl, you must encode spaces as %20 or + and quote the URL.

Company filter behavior and security

• Data is always organisation-scoped.

• A company outside your org will return empty results