You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The REST API is served from the same binary as the UI. Routing uses stdlib net/http.ServeMux with
Go 1.22 method patterns.
Conventions
Auth: send Authorization: Bearer <accessToken> on protected routes. Access tokens are
short-lived JWTs; refresh via POST /auth/refresh.
Org scope: org-scoped routes require an X-Org-ID: <org-id> header. The OrgScope middleware
verifies membership and runs reads under that org's RLS context.
Roles:owner, admin, member (builders) and stakeholder (free). See Concepts.
Feature routes are skipped if the server boots without a database (dev-without-DB).
Public (no auth)
Method
Path
Description
GET
/healthz
Liveness probe
GET
/api/config
Public config: which login providers (github/gitlab) are enabled, billing charge currency
Begin "Sign in with GitHub/GitLab" (identity scopes only; CSRF state cookie)
GET
/auth/oauth/{provider}/callback
OAuth callback; redirects with tokens in the URL fragment
On GitHub/GitLab login the account email comes from the OAuth profile (GitHub's verified primary via
/user/emails). If the user hid their email we store a @users.noreply.github.com /
@users.noreply.gitlab.com placeholder; GET /api/profile returns emailIsPlaceholder: true so
Settings → Account can prompt for a real contact email.
Profile
Method
Path
Description
GET
/api/profile
Authed: the user's name + contact email and an emailIsPlaceholder flag
PATCH
/api/profile
Authed: update the user's name and/or contact email
Orgs & members
Method
Path
Description
GET
/api/orgs
List orgs the user belongs to
POST
/api/orgs
Create an org
GET
/api/orgs/{id}/members
List members (org-scoped)
POST
/api/orgs/{id}/members
Invite a member (role incl. free stakeholder)
PATCH
/api/orgs/{id}/members/{userId}
Change a member's role
DELETE
/api/orgs/{id}/members/{userId}
Remove a member
POST
/api/invites/accept
Accept an invite token
Projects
Method
Path
Description
GET
/api/projects
List projects (org-scoped)
POST
/api/projects
Create a project
Repos & issues (sync)
Method
Path
Description
GET
/api/repos
List connected repos
POST
/api/repos
Connect a GitHub/GitLab repo (platform, fullName, token, optional baseURL)