Atividades
Atividades são o recurso central do PushWard. Cada atividade representa um item rastreável que pode ser exibido como uma Live Activity nos dispositivos inscritos.
Each user can have a maximum of 50 activities. Attempting to create more returns 409 with a Problem Details body whose code is "activity.limit_exceeded" and a Retry-After header.
Create Activity
/activitiesCreate a new activity. Starts in `ended` state. All user devices are automatically subscribed.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
slug | string | Yes | URL-safe identifier, unique per user |
name | string | Yes | Human-readable display name |
priority | integer | No | Eviction priority 0-10 (default: 0). Higher = kept longer server-side and ordered ahead of other Live Activities on the iOS Lock Screen and Dynamic Island (mapped to APNs relevance-score). |
ended_ttl | integer | No | Seconds after ended transition before server auto-deletes the activity |
stale_ttl | integer | No | Seconds of inactivity while ongoing before server auto-ends the activity |
curl -X POST https://api.pushward.app/activities \
-H "Authorization: Bearer hlk_YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"slug": "dishwasher",
"name": "Dishwasher",
"priority": 3
}'Response (always 201 Created):
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"kind": "owned",
"slug": "dishwasher",
"name": "Dishwasher",
"state": "ended",
"priority": 3,
"content": {},
"ended_ttl": null,
"stale_ttl": null,
"delete_at": null,
"created_at": "2025-06-15T10:30:00Z",
"updated_at": "2025-06-15T10:30:00Z",
"ended_at": null,
"share_role": null,
"owner_id": null,
"owner_nickname": null,
"share_count": null
}Re-POSTing the same slug is idempotent: the server upserts the existing activity and still returns 201 Created rather than 409 Conflict. The X-Resource-Action response header distinguishes the two cases:
X-Resource-Action: created— a fresh row was insertedX-Resource-Action: updated— an existing slug was refreshed (name / priority / TTLs)
This lets integration bridges retry safely on network errors.
List Activities
/activitiesList activities for the current user, including activities shared with you. Returns a cursor-paginated envelope sorted by slug.
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
limit | integer | 50 | Page size, between 1 and 100. |
after | string | — | Opaque base64url cursor returned as next_cursor on the previous page. Omit for the first page. |
state | string | — | Filter on activity state. One of ongoing, ended, preempted (lowercase — the same casing response bodies use). Unknown values are rejected with 422. Omit to return all states. |
curl "https://api.pushward.app/activities?limit=50" \
-H "Authorization: Bearer hlk_YOUR_TOKEN"Response (200):
{
"items": [
{
"id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
"kind": "owned",
"slug": "ci-pipeline",
"name": "CI Pipeline",
"state": "ended",
"priority": 0,
"content": {},
"ended_ttl": 3600,
"stale_ttl": null,
"delete_at": "2025-06-15T12:00:00Z",
"created_at": "2025-06-15T10:00:00Z",
"updated_at": "2025-06-15T11:00:00Z",
"ended_at": "2025-06-15T11:00:00Z",
"share_role": null,
"owner_id": null,
"owner_nickname": null,
"share_count": null
},
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"kind": "owned",
"slug": "dishwasher",
"name": "Dishwasher",
"state": "ongoing",
"priority": 3,
"content": {
"template": "generic",
"progress": 0.65,
"state": "Washing",
"icon": "washer",
"remaining_time": 1800,
"subtitle": "Cycle 2 of 3",
"accent_color": "blue"
},
"ended_ttl": null,
"stale_ttl": null,
"delete_at": null,
"created_at": "2025-06-15T10:30:00Z",
"updated_at": "2025-06-15T11:00:00Z",
"ended_at": null,
"share_role": null,
"owner_id": null,
"owner_nickname": null,
"share_count": null
},
{
"id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"kind": "shared",
"slug": "oven-timer",
"name": "Oven Timer",
"state": "ongoing",
"priority": 0,
"content": {},
"ended_ttl": null,
"stale_ttl": null,
"delete_at": null,
"created_at": "2025-06-15T09:00:00Z",
"updated_at": "2025-06-15T10:00:00Z",
"ended_at": null,
"share_role": "viewer",
"owner_id": "usr_abc123",
"owner_nickname": "Bob",
"share_count": null
}
],
"next_cursor": "eyJzIjoib3Zlbi10aW1lciIsImkiOjE5fQ"
}Iterate by passing next_cursor as the after parameter on the next request, until next_cursor is null or empty (the last page). The cursor encodes a stable (slug, id) pair, so paging stays consistent even if items are added or removed between requests.
Treat next_cursor as opaque — don't parse or construct it. Pass it back unchanged, and keep limit (and any future filter params) identical across pages of the same traversal.
# Fetch the next page
curl "https://api.pushward.app/activities?limit=50&after=eyJzIjoib3Zlbi10aW1lciIsImkiOjE5fQ" \
-H "Authorization: Bearer hlk_YOUR_TOKEN"Get Activity
/activities/{slug}Get a single activity by slug.
curl https://api.pushward.app/activities/dishwasher \
-H "Authorization: Bearer hlk_YOUR_TOKEN"Delete Activity
/activities/{slug}Delete an activity and all associated subscriptions.
curl -X DELETE https://api.pushward.app/activities/dishwasher \
-H "Authorization: Bearer hlk_YOUR_TOKEN"Response: 204 No Content
If the activity is still ongoing at the time of DELETE, the Live Activity is force-dismissed from the Lock Screen and Dynamic Island immediately — the server sends a push-end with a dismissal date in the past, so iOS removes it as soon as the call completes. This is independent of ended_ttl (which only applies to natural ongoing → ended transitions).
Deleting an activity that has already transitioned to ended only cleans up the database row. The on-screen lifetime is already governed by the dismissal date that was sent when the activity ended, so subsequent DELETEs cannot shorten it.
Update Activity (Primary Integration Endpoint)
/activities/{slug}Partial update using RFC 7396 JSON Merge Patch semantics. State transitions automatically trigger push notifications to subscribed devices.
This is the main endpoint for integrations. Absent fields are preserved; explicit null clears the field; present values overwrite. Server-owned fields (warning_pushed, snoozed_until) are stripped from incoming patches.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
state | string | No | "ongoing" or "ended". If omitted, the current stored state is kept. Required when the activity is preempted — the caller must explicitly set ongoing or ended. |
content | object | No | Partial template content. Fields present overwrite stored values; fields set to null clear them; absent fields are preserved. See Live Activities. |
priority | integer | No | Update eviction priority (0-10). Also drives APNs relevance-score, so higher-priority activities are ordered ahead of others on the iOS Lock Screen and Dynamic Island. |
sound | string | No | Optional Live Activity alert sound. Plays on Lock Screen and Dynamic Island and marks the push time-sensitive so it breaks through Focus modes. Request-scoped (not persisted) and ignored on ended transitions. One of default, chime, alert, success, warning, bell, ding, buzz, notification. |
Merge-patch rules (per RFC 7396):
- The canonical request
Content-Typeisapplication/merge-patch+json;application/jsonis also accepted. - Once set,
alarmandwarning_thresholdpersist across updates until explicitly cleared withnull. - If both
end_dateanddurationare sent,end_datewins. durationaccepts integer seconds (60) or a string ("60s","5m","1h30m").- Transitioning to
endedclearsalarm,snoozed_until, andwarning_pushedon the server. - Semantic validation failures (e.g. arming
alarm: truewithoutend_date) return422 Unprocessable Entity;400is reserved for malformed JSON or wrong shape.
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
upsert | boolean | false | When true and the slug doesn't exist yet, the server creates the activity (its name defaults to the slug) and applies the patch in the same request, instead of returning 404. |
Create-on-missing with ?upsert=true. A plain PATCH to a slug that doesn't exist returns 404. Add ?upsert=true to create the activity on the fly and patch it in a single round-trip:
- New slug → the activity is created (
name= the slug), the patch is applied, and the response is201 CreatedwithX-Resource-Action: created. - Existing slug → behaves like a normal patch and returns
200 OK. - Creation requires a key with the
activity:managescope (or full access). Anactivity:updatekey gets403(activity.upsert_forbidden) for a missing slug when the flag is set, because it isn't allowed to create activities. Without the flag, a missing slug is a plain404.
curl -X PATCH "https://api.pushward.app/activities/dishwasher?upsert=true" \
-H "Authorization: Bearer hlk_YOUR_TOKEN" \
-H "Content-Type: application/merge-patch+json" \
-d '{
"state": "ongoing",
"content": {
"template": "generic",
"progress": 0.1,
"state": "Washing",
"icon": "washer",
"accent_color": "blue"
}
}'If you'd rather not depend on the query flag, POST /activities is itself an idempotent upsert (re-posting a slug refreshes its name / priority / TTLs and preserves state and content). So POST then PATCH is the zero-flag way to guarantee the activity exists before you push content: the POST creates or refreshes the shell, the PATCH starts and updates it. Use ?upsert=true when you want to collapse those two requests into one.
State Transitions
| From | To | Push Action |
|---|---|---|
ended | ongoing | Push-to-start (starts Live Activity) |
ongoing | ongoing | Push update (updates running activity) |
ongoing | ended | Push end (dismisses after 4 hours) |
curl -X PATCH https://api.pushward.app/activities/dishwasher \
-H "Authorization: Bearer hlk_YOUR_TOKEN" \
-H "Content-Type: application/merge-patch+json" \
-d '{
"state": "ongoing",
"content": {
"template": "generic",
"progress": 0.65,
"state": "Washing",
"icon": "washer",
"remaining_time": 1800,
"subtitle": "Cycle 2 of 3",
"accent_color": "blue"
}
}'curl -X PATCH https://api.pushward.app/activities/dishwasher \
-H "Authorization: Bearer hlk_YOUR_TOKEN" \
-H "Content-Type: application/merge-patch+json" \
-d '{
"state": "ongoing",
"sound": "chime",
"content": {
"template": "generic",
"progress": 1.0,
"state": "Done",
"icon": "washer",
"accent_color": "green"
}
}'Response (200):
The response is the unified Activity object — the same shape returned by GET, list, and POST. Sharing fields are always present (and null for activities the caller owns and hasn't shared).
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"kind": "owned",
"slug": "dishwasher",
"name": "Dishwasher",
"state": "ongoing",
"priority": 3,
"content": {
"template": "generic",
"progress": 0.65,
"state": "Washing",
"icon": "washer",
"remaining_time": 1800,
"subtitle": "Cycle 2 of 3",
"accent_color": "blue"
},
"ended_ttl": null,
"stale_ttl": null,
"delete_at": null,
"created_at": "2025-06-15T10:30:00Z",
"updated_at": "2025-06-15T11:00:00Z",
"ended_at": null,
"share_role": null,
"owner_id": null,
"owner_nickname": null,
"share_count": null
}Content Object
The content object is shared across all templates. Only template is required; each template adds its own required fields on top.
| Field | Type | Description |
|---|---|---|
template | string | Required. One of: generic, countdown, steps, alert, gauge, timeline, board, log |
progress | float | Optional. Value between 0.0 and 1.0. Computed automatically for gauge from value/min_value/max_value. |
alarm | boolean | Optional. Opt-in iOS AlarmKit alarm at end_date. Rings through silent mode and Focus. Requires end_date; iOS 26+ only. See Alarms. |
snooze_seconds | integer | Optional. How many seconds POST /activities/{slug}/snooze extends end_date, and the iOS AlarmKit snooze window. 60–3600; defaults to 300 (5 min) when omitted. Only meaningful with alarm: true. |
snoozed_until | integer | Read-only. Unix timestamp set when the user snoozes an alarm from iOS. When non-null and in the future, iOS renders a "Snoozed" banner; it auto-clears when the client sees snoozed_until ≤ now. Any client-supplied value is stripped on PATCH. |
tiles | array | Required for the board template. 1–4 tile objects. See Board. |
lines | array | Required for the log template. 1–20 line objects, newest first. See Log. |
log_backlog | array | Read-only (log template). Server-kept scroll-back history, returned only on GET /activities/{slug}?include=log_backlog. Never sent by clients. |
See the Live Activities section for template-specific fields.
Tap actions
Every template accepts up to three optional tap targets on its content:
| Field | Where the tap target appears |
|---|---|
tap_action | The Live Activity background — tapping anywhere outside a button. |
url_action | The primary button (replaces the legacy url string). |
secondary_url_action | The secondary button (replaces the legacy secondary_url string). |
All three accept the same Action object:
| Field | Type | Description |
|---|---|---|
url | string | Required. Max 2,048 chars. Any scheme except javascript:, data:, file:, vbscript:. http(s) URLs require a host; custom schemes (e.g. youtube://, homeassistant://) open the matching app on the user's device. |
foreground | boolean | http(s) only. true opens the URL in Safari / the in-app browser. false (combined with at least one of method / headers / body) fires the request silently from the widget process without launching the app. Ignored for custom schemes. |
method | string | HTTP method for a silent webhook. One of GET, POST, PUT, PATCH, DELETE, HEAD. Defaults to GET. Ignored for custom schemes. |
headers | object<string,string> | HTTP headers for a silent webhook. ≤1,024 bytes total across keys and values. Ignored for custom schemes. |
body | string | HTTP request body for a silent webhook. ≤1,024 chars. Ignored for custom schemes. |
title | string | Button label. Max 64 chars. Only meaningful on url_action / secondary_url_action — ignored on tap_action. |
icon | string | SF Symbol name (e.g. checkmark.circle). Max 64 chars. Only meaningful on url_action / secondary_url_action. |
Dispatch modes
iOS decides what to do with the tap by inspecting the action object:
- Custom scheme (e.g.
homeassistant://,youtube://) → callsopenURLto launch the target app.foreground,method,headers, andbodyare ignored. http(s)withforeground: true→ opens the URL in Safari / the in-app browser. The app is brought to the foreground.http(s)with at least one ofmethod/headers/body(andforegroundabsent orfalse) → fires the HTTP request silently from the Live Activity widget process. The user's app stays in the background; the request runs inside the widget extension under tight time and memory limits.- Bare
{"url":"https://…"}without any HTTP shape → treated like #2 (opens Safari). Without an explicit HTTP shape there is no silent-dispatch intent, so the absentforegroundkey is interpreted as "open this".
Silent webhooks are best-effort. They run inside the iOS widget extension under tight time and memory limits. Treat them as fire-and-forget acknowledgements — the device discards the response. For anything that needs reliable delivery or a return value, use foreground: true so your own app or backend handles the work.
Back-compat with string url / secondary_url
The legacy string fields url and secondary_url on each template are still accepted — older integrations don't need to change. Whenever url_action is set, the server omits the legacy url string from the APNs payload entirely (and likewise for secondary_url vs secondary_url_action) — emitting both blows past the 4 KB APNs cap. Newer iOS clients read the structured action; older clients fall back to the legacy string only when the structured action isn't sent.
Example
A Grafana alert activity that lets the user acknowledge with one tap (silent webhook), open the panel in Safari (foreground), and deep-link into the Grafana iOS app when tapping the background of the Live Activity:
{
"state": "ongoing",
"content": {
"template": "alert",
"progress": 0.0,
"state": "CPU usage is 94.2%",
"icon": "exclamationmark.triangle.fill",
"subtitle": "Grafana · nas-01",
"severity": "warning",
"fired_at": 1750009000,
"accent_color": "red",
"tap_action": {
"url": "grafana://alerts/1afz29v7z"
},
"url_action": {
"url": "https://hooks.example.com/grafana/ack",
"method": "POST",
"headers": { "Authorization": "Bearer hooks_xxx" },
"body": "{\"alert\":\"1afz29v7z\",\"acked\":true}",
"title": "Acknowledge",
"icon": "checkmark.circle"
},
"secondary_url_action": {
"url": "https://grafana.example.com/d/abc123?viewPanel=1",
"foreground": true,
"title": "Open panel",
"icon": "chart.bar"
}
}
}Server-Side TTL
Activities support optional server-side time-to-live (TTL) for automatic lifecycle management:
| Field | Set On | Behavior |
|---|---|---|
stale_ttl | Create | If an ongoing activity receives no updates for this many seconds, the server auto-ends it |
ended_ttl | Create | When an activity transitions to ended, the server schedules auto-deletion after this many seconds and tells iOS to dismiss the Live Activity from the lock screen at the same moment (capped at the iOS 4-hour limit). Without it, iOS keeps the ended activity on the lock screen for the full 4-hour default. |
delete_at | Auto | Computed timestamp (read-only). Set automatically from ended_ttl when state becomes ended |
ended_at | Auto | Server-stamped timestamp (read-only). Set the first time state transitions to ended and preserved across later transitions, so callers can tell when the most recent end happened independently of updated_at. null until the activity has ended at least once. |
When stale_ttl expires, the server auto-ends the activity with a distinct visual state: it sets content.state to "Stale (auto-ended)", accent_color to #8E8E93 (system gray), and icon to clock.badge.xmark. The activity then transitions to ended and a push-end notification is sent to all subscribed devices. If ended_ttl is also set, the auto-delete timer starts from that point.
The same expiration is sent to iOS as the APNs stale-date, so the Lock Screen presentation is marked stale at the same moment the server auto-ends the activity.
Lock Screen dismissal & linger
When a Live Activity ends, iOS doesn't remove it instantly. It keeps a de-emphasized, dimmed copy on the Lock Screen for a while so the user can still see the final state (the "Done", the final score, the delivered package). How long that ended card lingers is controlled by the APNs dismissal date, which PushWard derives from ended_ttl.
This is PushWard's answer to Apple's ActivityUIDismissalPolicy: yes, it's supported — you set it per activity through ended_ttl rather than in client code.
- Default (no
ended_ttl) — the ended card lingers for the full iOS maximum of 4 hours, then iOS removes it. The database row is kept for 30 days after its last change and then auto-deleted. - With
ended_ttl— the value drives both the server-side auto-delete and the on-device dismissal date. The minimum is1(one second, near-instant dismissal); e.g.ended_ttl: 600lets the card linger ten minutes.0is rejected with422. - iOS caps the linger at 4 hours — a value larger than
14400still governs when the database row is deleted, but the Lock Screen card is gone after 4 hours regardless.
Use ended_ttl to let the server clean up finished activities automatically and remove the Live Activity from the iOS lock screen at the same moment — the value is sent to APNs as dismissal-date. Integration bridges typically set this on creation so activities don't pile up either in the database or on the user's lock screen. Apple caps lock-screen dismissal at 4 hours; larger values still control row deletion but the on-device dismissal happens at 4h. An activity that reaches ended without an explicit ended_ttl is still removed automatically: the server deletes it 30 days after its last change.
Alarms (iOS 26+ AlarmKit)
Setting content.alarm: true schedules a native iOS alarm at content.end_date using Apple's AlarmKit framework. The alarm rings like a Clock app alarm — breaking through silent mode and Focus — in addition to the Live Activity countdown.
iOS 26 or later. On older iOS versions the field is silently ignored. The user is prompted to authorize alarms the first time one is scheduled; if denied, the alarm is skipped and the Live Activity still updates normally.
Rules
- Opt-in, persists until cleared. Once set, the alarm stays armed across partial updates. Clear it with
{"content":{"alarm":null}}in aPATCHbody, or by transitioning toended. - Requires
end_date. Sendingalarm: truewithoutcontent.end_datereturns422 Unprocessable Entity. - Updating
end_datereschedules the alarm. Send a new PATCH with the newend_date; the armed alarm re-derives automatically. - Past
end_dateis a no-op. If the push arrives afterend_datehas already elapsed, no alarm is scheduled (but the Live Activity content still updates). - Designed for the countdown template. Other templates accept the field if they set
end_date, but onlycountdownmeaningfully uses it. - What the user sees. When the alarm fires, iOS presents a full-screen alarm using the activity's
nameas the title with Dismiss and Snooze buttons. Snooze extendsend_dateby the configured snooze window and setssnoozed_untilso the Live Activity shows a "Snoozed" banner. The PushWard Live Activity continues to display alongside. - Configurable snooze window. Set
content.snooze_seconds(60–3600) to control how long Snooze extends the timer; it defaults to300(5 min) when omitted. iOS reads this value to size its AlarmKit snooze countdown, so a changed value applies to the next scheduled alarm.
iOS enforces a small per-app cap on pending AlarmKit alarms. If a user has many concurrent timers with alarm: true, iOS rejects further schedules until one fires or is cancelled — the Live Activity still updates normally in that case.
# Arm the alarm
curl -X PATCH https://api.pushward.app/activities/oven-timer \
-H "Authorization: Bearer hlk_YOUR_TOKEN" \
-H "Content-Type: application/merge-patch+json" \
-d '{
"state": "ongoing",
"content": {
"template": "countdown",
"progress": 0.0,
"state": "Baking",
"icon": "flame",
"duration": "25m",
"completion_message": "Done baking!",
"accent_color": "orange",
"alarm": true
}
}'# Clear the alarm without touching the rest of content
curl -X PATCH https://api.pushward.app/activities/oven-timer \
-H "Authorization: Bearer hlk_YOUR_TOKEN" \
-H "Content-Type: application/merge-patch+json" \
-d '{"content": {"alarm": null}}'AlarmKit complements the existing sound field: sound plays once when a push arrives, while alarm rings continuously at end_date until the user dismisses it — even if the device was locked and silent the whole time.
Error Responses
All errors follow RFC 9457 Problem Details and are served with Content-Type: application/problem+json. The same shape is used everywhere on the API — including auth, rate-limit, subscription-gate, and permission-check responses from middleware.
{
"type": "about:blank",
"title": "Conflict",
"status": 409,
"detail": "Activity limit reached (max 50).",
"instance": "/activities",
"code": "activity.limit_exceeded",
"retry_after_ms": 3000,
"errors": [
{ "message": "...", "location": "..." }
]
}Prefer matching on the stable code field over the human-readable detail string — detail messages may be reworded between releases, but code is contract-level. errors is an array of per-field messages, populated for shape-validation failures.
Status Codes
| Status | Meaning |
|---|---|
400 | Malformed JSON or wrong shape. Semantic validation now uses 422. |
401 | Missing or invalid token |
403 | Integration key not allowed for this activity, or insufficient scope |
404 | Activity not found |
409 | Conflict — e.g. activity limit reached or demo cooldown active. Pairs with a Retry-After response header and a retry_after_ms extension. |
422 | Unprocessable: semantic validation failure (e.g. arming alarm: true without end_date, or POST /notifications referencing an unknown activity_slug). |
429 | Two distinct cases — distinguish via the code field (rate_limit.exceeded or quota.exceeded). See the code table below for per-mode contracts and retry semantics. |
Known code Values
| Code | Status | Description |
|---|---|---|
activity.limit_exceeded | 409 | Per-user activity cap reached on POST /activities. |
demo.conflict | 409 | Demo flow is on cooldown — retry after retry_after_ms. |
subscription.required | 403 | Endpoint requires an active subscription. |
rate_limit.exceeded | 429 | IP rate limit hit — back off using Retry-After. |
quota.exceeded | 429 | Free-tier monthly quota exhausted. The Problem Details body includes kind ("notifications" or "live_activity_updates"), used, limit, and reset_at (RFC 3339 UTC, the start of next calendar month). The Retry-After header gives seconds until reset_at. Upgrading the user's plan clears the quota immediately — retrying before reset_at on the free tier will keep failing. |
Free-Tier Quota Response Example
HTTP/1.1 429 Too Many Requests
Content-Type: application/problem+json
Retry-After: 1209600
{
"type": "about:blank",
"title": "Too Many Requests",
"status": 429,
"detail": "Monthly notification quota exceeded for the free tier.",
"instance": "/notifications",
"code": "quota.exceeded",
"kind": "notifications",
"used": 501,
"limit": 500,
"reset_at": "2026-06-01T00:00:00Z"
}Pin clients to the code field, not the HTTP status — the same 429 means very different things for rate_limit.exceeded (transient, retry after a few seconds) versus quota.exceeded (sticky until the start of next month, or until the user upgrades). For quota.exceeded, surface an upgrade prompt rather than a blind retry loop.