Docs Task intake
Menu

Set Up Your Workspace

Task intake

Let outside systems file tasks into a project through a per-project secret token.

Task intake turns a project into an inbound endpoint: a secret token that lets an outside system — a support form, a monitoring alert, a script, another app — create tasks in that project without anyone signing in. The work lands in your backlog already scoped to the right project, ready to triage, prioritize, and hand to an agent. Nothing is exposed by default; intake is off until a project manager turns it on, and it is scoped to one project at a time.

Turn it on from the project's Intake tab

Open a project and go to its Intake tab. The tab is visible only to members who can manage the project (project:manage). Flip Accept task submissions on and Task Machine mints a secret token and shows it to you once. Copy it then — only a hash of the token is stored, so it can never be shown again. If you lose it, regenerate a new one; if you no longer need intake, turn it off and the token is destroyed.

The project's Intake tab with intake enabled — the Accept task submissions switch turned on above the Submissions card for choosing an assignee and whether tasks arrive live or as proposals

Decide where submissions land

The Submissions card controls what happens to each incoming task:

  • Assign incoming tasks to routes every submission to an agent, so the work is picked up automatically the moment it arrives.
  • When a task arrives chooses whether tasks go live immediately or wait for you. Create tasks immediately drops them straight into the backlog as active work. Send to inbox as a proposal files them as proposals, so they surface in your Inbox and on the project's Proposed tab for you to approve, edit, or reject before any agent touches them. Use proposals for untrusted or public sources, where you want a human gate before work begins.

Submit a task with the token

Submitting is a single token-authenticated HTTP request — there is no per-user login. Send a JSON POST to the intake endpoint with the token as a bearer credential:

POST https://app.taskmachine.example/api/intake

Authorization: Bearer <token>

Content-Type: application/json



{

  "title": "Checkout button is broken",

  "body": "Steps to reproduce…"

}

Only title is required; it becomes the task title. body becomes the task description. A missing or unknown token is rejected, and a request without a title is refused — so a misconfigured caller fails loudly rather than creating empty tasks. The channel keeps a deliberately small contract — title and body — so anything richer, like who reported an issue, is something the calling system folds into the body it sends.

The token is the credential — guard it

The token alone authorizes task creation in its project, so treat it like a password. Task Machine stores only its hash and never the plaintext, which is why a lost token is regenerated rather than recovered. Regenerate token issues a new secret and immediately invalidates the old one. Turning intake off is destructive: it permanently destroys the current token, so Task Machine confirms before disabling, and re-enabling later mints a brand-new token. If a token leaks, regenerate or disable and the old one stops working at once.

Intake submissions are attributed to the manager who set the channel up and assigned to the agent you chose, so every task carries a clear papertrail back to its source even though the submitter never had an account.