Skip to main content
Back to home

Technical

APIs & access

Discrofy is not a single public REST API with one API key. Customer features use cookie-backed sessions and Next.js Route Handlers. Separate services expose machine endpoints with their own secrets.

AI service (v2-ai)

FastAPI service (default port 8090 in docs). When exposed beyond localhost, protect it with AI_API_KEY — the website sends x-api-key from AI_SERVICE_API_KEY. Generation routes live under /v1/generate/...; GET /health is unauthenticated for probes.

Bot HTTP API (v2-bot)

The bot embeds aiohttp routes (snapshots, server profile, blueprint apply, rules, content publish). Mutating routes require Authorization: Bearer <API_SECRET> matching the bot env. GET /api/health is open for load balancers and returns basic status.

Stripe webhooks

Billing uses Stripe’s hosted flows; the app verifies webhooks with the raw body at POST /api/billing/webhook. Configure the signing secret in STRIPE_WEBHOOK_SECRET — see operator docs and Privacy.

Public contact intake

POST /api/support/tickets accepts JSON from the marketing contact form (rate limited). It is not a general-purpose public API — abuse gets throttled.

Partner or high-volume access

Need a formal integration, SLAs, or dedicated capacity? Email [email protected] with org name, use case, and expected volume. Standard SaaS plans do not include a separate “API product” tier by default.