Resources/The Agent API Atlas/Productivity/Wrike

Everything an AI agent can do with the Wrike API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints29

API versionv4

Last updated23 June 2026

Orientation

How the Wrike API works.

The Wrike API is how an app or AI agent works with a Wrike account: searching and creating tasks, building folders and projects, posting comments, logging time, and reading the people and workflows behind the work. Access is granted through an OAuth access token and a set of scopes that decide what each call can read or write, and an agent is limited to the data its token holder can already see in Wrike. Wrike can also push events to a webhook URL when something changes in the workspace.

29Endpoints

9Capability groups

11Read

18Write

5Permissions

Authentication

Every call needs an access token sent as 'Authorization: bearer '. The recommended route is OAuth 2.0, where the user signs in through Wrike and the app receives an access token, a refresh token, and the data-center host to call. A permanent access token is also available for automated workflows and inherits the issuing user's Wrike permissions. Wrike stores accounts in either a US or an EU data center, so the host returned at token exchange must be used for later requests.

Permissions

Scopes decide what a token can do. Most work with tasks, folders, comments, timelogs, and attachments is governed by wsReadOnly for reading and wsReadWrite for writing, with a Default scope that covers common reads. Account-management areas have their own scopes: amReadOnlyWorkflow and amReadWriteWorkflow for workflows, and amReadOnlyUser and amReadWriteUser for user records, alongside group and invitation scopes. A method lists the scopes it accepts, and a token needs at least one of them. Beneath the scope, an agent still only ever reaches the data its token holder can already see in Wrike.

Versioning

Wrike runs a single dated API version, v4, and ships changes through dated release notes rather than minting new version numbers. New methods and fields are added under v4 over time, such as the asynchronous batch endpoint and cascading custom fields, without a breaking version bump. An OpenAPI specification for the public API is published, and the legacy reference pages were retired in 2025.

Data model

The API is resource-oriented JSON, with the entity type in a kind field and the records in a data field. Tasks live inside folders, and a project is a folder with project metadata attached, so a task is always created within a folder or project. Comments, timelogs, and attachments hang off a task, while contacts, workflows, and custom fields sit at the account level. List endpoints page through a nextPageToken, and Wrike can push events to a webhook when something in the workspace changes.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Wrike determines what it can reach. There are a few routes, each governed by the access token behind it and the scopes that token carries.

Ways to connect

REST API (v4)

The REST API answers under /api/v4 at the host returned during the OAuth token exchange, since Wrike stores accounts in either a US or an EU data center. Each response carries the entity type in a kind field and the records in a data field.

Best forConnecting an app or AI agent to Wrike.

Governed byThe OAuth access token and the scopes it carries.

Docs ↗

MCP server (Model Context Protocol)

Wrike's first-party MCP server lets an AI assistant call Wrike through the Model Context Protocol to query projects, manage tasks, and navigate folders. It is a stateless pass-through to the Wrike API that caches and stores nothing, connects over OAuth, and enforces the same permissions the user already has in Wrike. The server is at https://mcp.wrike.com/app/mcp/sse.

Best forConnecting an AI assistant to Wrike.

Governed byOAuth sign-in, enforcing the signed-in user's existing Wrike permissions.

Docs ↗

Webhooks

Webhooks deliver the chosen events to a receiver URL as a JSON array, and an optional pre-shared secret lets the receiver verify the X-Hook-Signature header on each delivery.

Best forReceiving workspace events without polling.

Governed byThe OAuth access token and the scopes it carries.

Docs ↗

Authentication

OAuth 2.0

An OAuth 2.0 flow sends the user through Wrike's sign-in and consent, then returns an access token, a refresh token, and the data-center host to call. The token carries only the scopes the app requested, and the token exchange returns the host because accounts live in either a US or an EU data center. This is the recommended route for connecting to Wrike.

TokenOAuth bearer access token

Best forApps acting on behalf of a Wrike user

Docs ↗

Permanent access token

A permanent access token is generated by a user for one app and inherits that user's Wrike permissions. It does not expire, which suits an automated workflow but means it should be guarded like a long-lived secret.

TokenPermanent access token

Best forAutomated workflows and scripts

Docs ↗

Capability map

What an AI agent can do in Wrike.

The Wrike API is split into areas an agent can act on, such as tasks, folders and projects, comments, timelogs, and workflows. Each area has its own methods and its own scopes, and some grant access to far more than others.

Tasks

6 endpoints

Search tasks across the account, read tasks by id, create a task in a folder, update one or many tasks, and delete a task.

Writes here change real task data.

View endpoints →

Folders & projects

6 endpoints

Read the folder tree, read folders by id, create a folder or project, update one, copy a folder, and delete one.

Writes here change real folder and project data.

View endpoints →

Comments

3 endpoints

Read recent comments across the account, read comments by id, post a comment on a task, update a comment, and delete one.

Writes here change real comment data.

View endpoints →

Timelogs

3 endpoints

Read time entries across the account, create a timelog on a task, modify a timelog, and delete one.

Writes here change real time-tracking data.

View endpoints →

Attachments

2 endpoints

List attachments across the account, read attachments by id, upload an attachment to a task, download attachment content, and delete one.

Writes here change real attachment data.

View endpoints →

Contacts & users

2 endpoints

Query the people in the account and read a user, and update a user's account-level settings.

Writes here change real user data.

View endpoints →

Workflows

3 endpoints

Read the account's workflows, create a workflow, and modify a workflow's statuses.

Writes here change real workflow data.

View endpoints →

Custom fields

2 endpoints

Read the account's custom fields and create a new custom field.

Writes here change real custom field data.

View endpoints →

Webhooks

2 endpoints

List the account's webhooks and create a webhook to receive workspace events.

Writes here change real webhook data.

View endpoints →

Endpoint reference

Every Wrike API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Tasks Search tasks across the account, read tasks by id, create a task in a folder, update one or many tasks, and delete a task.6
GET	`/tasks`	Search among all tasks in the current account.	read	`wsReadOnly`	Current
Accepts Default, wsReadOnly, or wsReadWrite. Returns at most 1000 tasks per page, paged through nextPageToken. Acts ontask Permission (capability)`wsReadOnly` VersionAvailable since the API’s base version Webhook event`TaskCreated` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/tasks/{taskId}`	Get one or more tasks by id.	read	`wsReadOnly`	Current
Accepts Default, wsReadOnly, or wsReadWrite. Several ids can be passed at once, comma-separated. Acts ontask Permission (capability)`wsReadOnly` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/folders/{folderId}/tasks`	Create a task inside a folder or project.	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. A task is always created within a folder or project. Acts ontask Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook event`TaskCreated` Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/tasks/{taskId}`	Update a single task (title, status, dates, assignees, custom fields).	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. Changing status here can fire TaskStatusChanged, and other field changes fire their own events. Acts ontask Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook event`TaskStatusChanged` Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/tasks`	Update several tasks in one request.	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. Applies the same change across the listed task ids. Acts ontask Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/tasks/{taskId}`	Delete a task by id.	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. The task is moved to the recycle bin and fires TaskDeleted. Acts ontask Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook event`TaskDeleted` Rate limitStandard limits apply SourceOfficial documentation ↗
Folders & projects Read the folder tree, read folders by id, create a folder or project, update one, copy a folder, and delete one.6
GET	`/folders`	Return the folder and project tree for the current account.	read	`wsReadOnly`	Current
Accepts Default, wsReadOnly, or wsReadWrite. Runs in folder-tree mode by default, or a filtered folders mode. Acts onfolder Permission (capability)`wsReadOnly` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/folders/{folderId}`	Get one or more folders or projects by id.	read	`wsReadOnly`	Current
Accepts Default, wsReadOnly, or wsReadWrite. A project is a folder with project metadata attached. Acts onfolder Permission (capability)`wsReadOnly` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/folders/{folderId}/folders`	Create a folder or project under a parent folder.	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. Passing project fields turns the new folder into a project. Acts onfolder Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook event`FolderCreated` Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/folders/{folderId}`	Update a folder or project (title, description, sharing, project status).	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. Acts onfolder Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/copy_folder/{folderId}`	Copy a folder or project, with its tasks and structure.	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. Options control which child items and fields are carried over. Acts onfolder Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/folders/{folderId}`	Delete a folder or project by id.	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. The folder is moved to the recycle bin and fires FolderDeleted. Acts onfolder Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook event`FolderDeleted` Rate limitStandard limits apply SourceOfficial documentation ↗
Comments Read recent comments across the account, read comments by id, post a comment on a task, update a comment, and delete one.3
GET	`/comments`	Get comments created in the account over the last seven days.	read	`wsReadOnly`	Current
Accepts Default, wsReadOnly, or wsReadWrite. Acts oncomment Permission (capability)`wsReadOnly` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/tasks/{taskId}/comments`	Post a comment on a task.	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. Fires CommentAdded for that task. Acts oncomment Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook event`CommentAdded` Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/comments/{commentId}`	Update a comment's text.	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. A comment can be edited only within five minutes of being posted. Acts oncomment Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Timelogs Read time entries across the account, create a timelog on a task, modify a timelog, and delete one.3
GET	`/timelogs`	Get time entries across the account.	read	`wsReadOnly`	Current
Accepts Default, wsReadOnly, or wsReadWrite. Filters by user, date range, and timelog category. Acts ontimelog Permission (capability)`wsReadOnly` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/tasks/{taskId}/timelogs`	Log time against a task.	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. Records hours, an optional date, and a category. Acts ontimelog Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook event`TimelogChanged` Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/timelogs/{timelogId}`	Modify a time entry.	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. A timelog inside a locked period cannot be changed. Acts ontimelog Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook event`TimelogChanged` Rate limitStandard limits apply SourceOfficial documentation ↗
Attachments List attachments across the account, read attachments by id, upload an attachment to a task, download attachment content, and delete one.2
POST	`/tasks/{taskId}/attachments`	Upload a file attachment to a task.	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. The file body is sent in the request, and the call fires AttachmentAdded. Acts onattachment Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook event`AttachmentAdded` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/attachments/{attachmentId}/download`	Download an attachment's file content.	read	`wsReadOnly`	Current
Accepts Default, wsReadOnly, or wsReadWrite. Returns the raw file rather than JSON. Acts onattachment Permission (capability)`wsReadOnly` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Contacts & users Query the people in the account and read a user, and update a user's account-level settings.2
GET	`/contacts`	Query the people and groups in the account.	read	`wsReadOnly`	Current
Accepts Default, wsReadOnly, or wsReadWrite. Returns each contact's name, email, role, and group membership. Acts oncontact Permission (capability)`wsReadOnly` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/users/{userId}`	Update a user's account-level settings, such as role or active state.	write	`amReadWriteUser`	Current
Needs the dedicated amReadWriteUser scope, and is restricted to account admins. This is separate from the workspace wsReadWrite scope. Acts onuser Permission (capability)`amReadWriteUser` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Workflows Read the account's workflows, create a workflow, and modify a workflow's statuses.3
GET	`/workflows`	Read the workflows defined in the account.	read	`amReadOnlyWorkflow`	Current
Accepts Default, amReadOnlyWorkflow, amReadWriteWorkflow, wsReadOnly, or wsReadWrite. amReadOnlyWorkflow is part of the default scope. Acts onworkflow Permission (capability)`amReadOnlyWorkflow` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/workflows`	Create a workflow.	write	`amReadWriteWorkflow`	Current
Needs the dedicated amReadWriteWorkflow scope, separate from the workspace scopes. Acts onworkflow Permission (capability)`amReadWriteWorkflow` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/workflows/{workflowId}`	Modify a workflow's name and statuses.	write	`amReadWriteWorkflow`	Current
Needs the dedicated amReadWriteWorkflow scope. Acts onworkflow Permission (capability)`amReadWriteWorkflow` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Custom fields Read the account's custom fields and create a new custom field.2
GET	`/customfields`	Read the custom fields defined in the account.	read	`wsReadOnly`	Current
Accepts Default, wsReadOnly, or wsReadWrite. Acts oncustom field Permission (capability)`wsReadOnly` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/customfields`	Create a custom field.	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. The field can then be set on tasks and folders. Acts oncustom field Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Webhooks List the account's webhooks and create a webhook to receive workspace events.2
GET	`/webhooks`	List the webhooks registered for the account.	read	`wsReadOnly`	Current
Accepts Default, wsReadOnly, or wsReadWrite. Acts onwebhook Permission (capability)`wsReadOnly` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/webhooks`	Create an account-wide webhook to receive workspace events.	write	`wsReadWrite`	Current
Accepts Default or wsReadWrite. A webhook can also be scoped to a single folder or space instead of the whole account. Acts onwebhook Permission (capability)`wsReadWrite` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Wrike can notify an app or AI agent when something happens in a workspace, instead of the app repeatedly asking. Wrike posts a JSON array of events to a webhook URL that has been registered on a folder, a space, or the whole account.

Event	What it signals	Triggered by
`TaskCreated`	Fires when a task is created in a watched folder, space, or account.	`/folders/{folderId}/tasks` `/tasks`
`TaskStatusChanged`	Fires when a task's status changes, such as moving from active to completed.	`/tasks/{taskId}`
`TaskDeleted`	Fires when a task is deleted and moved to the recycle bin.	`/tasks/{taskId}`
`FolderCreated`	Fires when a folder or project is created in a watched scope.	`/folders/{folderId}/folders`
`FolderDeleted`	Fires when a folder or project is deleted and moved to the recycle bin.	`/folders/{folderId}`
`CommentAdded`	Fires when a comment is added to a task in a watched scope.	`/tasks/{taskId}/comments`
`AttachmentAdded`	Fires when an attachment is added to a task in a watched scope.	`/tasks/{taskId}/attachments`
`TimelogChanged`	Fires when a time entry is created, modified, or deleted on a task in a watched scope.	`/tasks/{taskId}/timelogs` `/timelogs/{timelogId}`

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Wrike limits how fast an app or AI agent can call, through a per-token request quota counted by the minute. Going over returns an error that says to retry later.

Request rate

Wrike caps each access token at 400 requests per minute, counted per token or per IP address. Going over returns a 429 with the too_many_requests or rate_limit_exceeded code, and the fix is to slow the request rate and retry after a short wait. The asynchronous batch endpoint lets up to 100 operations ride in a single request, which keeps bulk work inside the per-minute quota.

Pagination

List endpoints return at most a set number of records per page and a nextPageToken when more remain, which is passed back in the next request to fetch the following page. The task query returns up to 1000 tasks per page. When a nextPageToken is used, the page size can be omitted, but the other query parameters from the first request must be repeated.

Request size

Responses are JSON, with the entity type in a kind field and the records in a data field. The asynchronous batch endpoint accepts up to 100 operations per request. File uploads are sent as the request body to the attachment endpoints.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`invalid_parameter`	A request parameter name or value is invalid. Related codes are invalid_request, when the request type or critical data is malformed, and parameter_required, when a required parameter is absent.	Correct the named parameter and resend the request.
401	`not_authorized`	The access token is missing, invalid, malformed, or expired.	Refresh or re-issue the access token and send it as 'Authorization: bearer '.
403	`access_forbidden`	Access to the requested entity is denied for this user. The related not_allowed code means the action is blocked by a license or quota limit.	Confirm the token holder has access to the entity and the scope the method needs.
404	`resource_not_found`	The requested entity does not exist. The related method_not_found code means the API method itself does not exist.	Check the entity id and the request path, then retry.
429	`too_many_requests`	The per-token request rate has been exceeded, which Wrike caps at 400 requests per minute. The related rate_limit_exceeded code carries the same meaning.	Slow the request rate and retry after a short wait.
500	`server_error`	A server-side error occurred at Wrike.	Retry after a short delay, and report it if it persists.

Versioning & freshness

Version history.

Wrike runs a single dated API version, v4, and ships changes through release notes rather than minting new version numbers. New methods and fields are added under v4 without a breaking version bump.

Version history

What changed, and when

Latest versionv4

v4Current version

Current API version

Wrike runs a single dated API version, v4, and ships changes through dated release notes rather than new version numbers. New methods and fields are added under v4 over time without a breaking version bump, and an OpenAPI specification for the public API is now published. The entries below are notable dated additions under v4, newest first.

2026-06-11Feature update

Cascading Fields API

Added endpoints to enable and disable cascading custom fields on tasks and folders, where one field's options depend on another's selection.

2025-12-30Feature update

Asynchronous batch API and expanded bulk updates

Introduced an asynchronous batch endpoint carrying up to 100 operations per request, with quota-based safeguards, plus wider bulk-update support.

2025-10-30Feature update

Timelog lock periods

Added endpoints to query, create, and delete lock periods for timelogs across spaces and folders, so locked time entries cannot be changed.

2025-10-26Feature update

Enhanced webhooks

Added granular event filtering and customizable payloads, so a webhook can request only the events and the contextual fields it needs.

2025-09-28Feature update

Timesheets API

Introduced endpoints to read, create, and approve user timesheets, sitting alongside the existing timelog endpoints.

2025-08-31Feature update

Space-scoped workflows and custom fields

Added endpoints to retrieve the workflows and custom fields that belong to a specific space, rather than only at the account level.

2025-07-02Feature update

OpenAPI specification published

Published a downloadable OpenAPI specification for the public API and began retiring the legacy reference pages, which were removed by the end of August 2025.

An integration stays on v4 and picks up additive changes as they ship.

Wrike API changelog ↗

Questions

Wrike API, answered.

OAuth or a permanent access token, which should I use?+

OAuth 2.0 is the recommended route. The user signs in through Wrike, the app receives an access and refresh token scoped to what it asked for, and the token exchange returns the data-center host to call. A permanent access token is simpler for an unattended script, since it does not expire, but it inherits the full Wrike permissions of the user who created it and should be guarded like a long-lived secret. For an app acting on behalf of a user, prefer OAuth.

What do the scopes mean, and which does a method need?+

Scopes are grouped into workspace data and account management. wsReadOnly and wsReadWrite cover the everyday data a user sees, such as tasks, folders, comments, timelogs, and attachments, for reading and writing. Account-management scopes are separate: amReadOnlyWorkflow and amReadWriteWorkflow for workflows, amReadOnlyUser and amReadWriteUser for user records, plus group and invitation scopes. Each method lists the scopes it accepts, and a token needs at least one of them. amReadOnlyWorkflow is included in the default scope, so listing workflows works out of the box.

What are the rate limits?+

Wrike caps each access token at 400 requests per minute, counted per token or per IP address. Going over returns a 429 with the too_many_requests or rate_limit_exceeded code, and the fix is to slow down and retry after a short wait. For bulk work, the asynchronous batch endpoint carries up to 100 operations in one request, which keeps large updates inside the per-minute quota.

How does pagination work?+

List endpoints return a page of records and a nextPageToken when more remain. The token is passed back in the next request to fetch the following page, and is repeated until no token is returned. The task query returns up to 1000 tasks per page. When a nextPageToken is used, the page size can be omitted, but the other query parameters from the first request must be repeated so the pages stay consistent.

How do I receive events instead of polling?+

Webhooks deliver events without polling. A receiver URL is registered on a folder, a space, or the whole account, and Wrike posts a JSON array of events to it, such as TaskCreated, TaskStatusChanged, CommentAdded, AttachmentAdded, and TimelogChanged. An optional pre-shared secret lets the receiver verify the X-Hook-Signature header on each delivery, computed as an HMAC-SHA256 of the request body. A webhook that keeps failing is suspended automatically.

Does Wrike have an official MCP server for AI agents?+

Yes. Wrike publishes a first-party MCP server at https://mcp.wrike.com/app/mcp/sse that lets an AI assistant query projects, manage tasks, and navigate folders through the Model Context Protocol. It is a stateless pass-through to the Wrike API that caches and stores nothing, connects over OAuth, and enforces the same permissions the signed-in user already has in Wrike.

Why am I getting a 403 when the item seems to exist?+

A 403 access_forbidden means the token holder is not allowed to reach that entity, or the token is missing the scope the method needs. The related not_allowed code points to a license or quota limit rather than a permission gap. The fix is to confirm the user has access to the item in Wrike and that the token carries a scope the method accepts, such as wsReadWrite for a write or amReadWriteWorkflow for a workflow change.

What is Bollard AI?

Control what every AI agent can do in Wrike.

Bollard AI sits between a team's AI agents and Wrike. Grant each agent exactly the access it needs, read or write, area by area, and every call is checked and logged.

Set read, write, or full access per agent, never a shared Wrike token.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Wrike access in Bollard Browse all APIs →

Wrike

Project Agent

Read tasks and projects ResourceOffReadFull use

Create and update tasks ActionOffReadFull use

Edit workflows ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in Wrike

How the Wrike API works.

Connection & authentication methods.

REST API (v4)

MCP server (Model Context Protocol)

Webhooks

OAuth 2.0

Permanent access token

What an AI agent can do in Wrike.

Tasks

Folders & projects

Comments

Timelogs

Attachments

Contacts & users

Workflows

Custom fields

Webhooks

Every Wrike API method.

Tasks

Folders & projects

Comments

Timelogs

Attachments

Contacts & users

Workflows

Custom fields

Webhooks

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Wrike API, answered.

More productivity API guides for agents

Shortcut

Aha!

Miro

Canny

Coda

Notion

Control what every AI agent can do in Wrike.