Technical
APIs & access
Discrofy is not a single public REST API with one API key. Customer features use cookie-backed sessions and Next.js Route Handlers. Separate services expose machine endpoints with their own secrets.
Session-authenticated app
The product UI calls routes under /api/dashboard/*, /api/billing/*, /api/ai/*, etc. Authentication is the discrofy-session cookie — there is no anonymous customer API key.
ContinueHealthWebsite probe
GET /api/health returns JSON including a database check when DATABASE_URL is configured — for uptime monitors.
ContinueAI service (v2-ai)
FastAPI service (default port 8090 in docs). When exposed beyond localhost, protect it with AI_API_KEY — the website sends x-api-key from AI_SERVICE_API_KEY. Generation routes live under /v1/generate/...; GET /health is unauthenticated for probes.
Bot HTTP API (v2-bot)
The bot embeds aiohttp routes (snapshots, server profile, blueprint apply, rules, content publish). Mutating routes require Authorization: Bearer <API_SECRET> matching the bot env. GET /api/health is open for load balancers and returns basic status.
Stripe webhooks
Billing uses Stripe’s hosted flows; the app verifies webhooks with the raw body at POST /api/billing/webhook. Configure the signing secret in STRIPE_WEBHOOK_SECRET — see operator docs and Privacy.
Public contact intake
POST /api/support/tickets accepts JSON from the marketing contact form (rate limited). It is not a general-purpose public API — abuse gets throttled.
Partner or high-volume access
Need a formal integration, SLAs, or dedicated capacity? Email [email protected] with org name, use case, and expected volume. Standard SaaS plans do not include a separate “API product” tier by default.