2.7 KiB
2.7 KiB
| summary | tags | scope | source | date | last_updated | ||||
|---|---|---|---|---|---|---|---|---|---|
| Planka v2.1.1 API and Docker behaviors that differ from or are absent in its docs — auth/PAT limits, first-login terms flow, card-move and project-delete quirks, container uid — plus service-account credentials location for planka.hyperthrive.io. |
|
global | ovh-prod Planka deploy, 2026-07-08 | 2026-07-08 | 2026-07-08 |
Planka v2 API Gotchas (verified on v2.1.1)
Discovered during the ovh-prod deploy (2026-07-08), verified against a live v2.1.1 instance.
Directly relevant to the backlog CLI in ~/dev/ruby-gems and any Planka automation.
- No scoped API keys / PATs. Only
POST /api/access-tokenswith{emailOrUsername, password}→ bearer JWT. Upstream issue #945 still open as of v2.1.1. Automation must hold real user credentials; a scoped-token proxy is the workaround. - First-ever login requires terms acceptance. The first
POST /api/access-tokensreturnsE_FORBIDDENwith apendingTokenandstep: "accept-terms". Flow:GET /api/terms→ takeitem.signature→POST /api/access-tokens/accept-termswith{pendingToken, signature}→ real token. Subsequent logins are normal. - Card move needs both fields.
PATCH /api/cards/:idrequires bothlistIdandposition;listIdalone returnsE_MISSING_OR_INVALID_PARAMS. - Project delete is not cascading.
DELETE /api/projects/:idreturns 422"Must not have boards"— delete each board first. - Container uid. The
ghcr.io/plankanban/plankaimage runs as uid 1000 (node). A bind-mounted/app/datamust bechown 1000or attachment/avatar uploads fail (container starts healthy either way — the failure is silent until first upload).
Service accounts (planka.hyperthrive.io)
Created 2026-07-08 because of gotcha #1 (no PATs — automation holds real user creds).
Credentials live on the OVH server (ssh alias ovh-vps) at
~/services/planka/bot-credentials.env (mode 600); admin creds remain in
~/services/planka/.env. Copy to Bitwarden.
planka_bot— roleprojectOwner; for the planka-api gem /backlogCLI / cron tick. Env vars:PLANKA_BASE_URL,PLANKA_USERNAME,PLANKA_PASSWORD.hermes— roleboardUser(deliberately restricted; Hermes agent is less trusted). Env vars:HERMES_PLANKA_USERNAME,HERMES_PLANKA_PASSWORD.- Usernames must match
/^[a-zA-Z0-9]+((_|\.)?[a-zA-Z0-9])*$/— no hyphens (henceplanka_bot, notplanka-bot).
Deploy as-built details live in the repo: ovh-prod/docs/planka-deploy-prd.md.
Related: vault-backlog-pilot-plan, backlog-system-options-research.