API overview
The web app exposes an HTTP API under /api, which both the app and the editor use. This page describes its shape. The routes themselves live in the web app's api directory.
Authentication
The API is authenticated with a session. You sign in through the auth endpoints, which set a session cookie, and subsequent requests are authorized from that session. This is the same session the browser app uses.
Scoping
Requests are scoped to your organization, and to your user where that applies. You only see and change your own data.
Resource areas
The API is organized around the product's resources, including:
- Auth for sign-in, sign-up, and session management.
- Designs for projects and their versions.
- Assets for media, including presigned uploads to storage.
- Tags, brands, and calendar for organizing and reviewing work.
- Forms for form configuration and submissions.
Uploads
Media uploads use presigned URLs, so files go directly to your S3-compatible storage rather than through the app. See Architecture.
Read the routes
For exact endpoints and payloads, read the route handlers in the web app. They are the source of truth as the API evolves.