API Reference
REST API
AgencyAI API routes, authentication, and webhook endpoints. All dashboard API routes require authentication.
Authentication#
All dashboard routes require authentication via Auth.js (JWT strategy) with Google OAuth. Storefront and webhook routes are public.
# Auth is handled via session cookies after Google OAuth login.
# No API key needed for dashboard routes — session-based auth.
# For CLI and MCP, use API keys:
Authorization: Bearer op_live_your_key_hereStripe Webhooks#
POST
/api/stripe/webhookReceives Stripe webhook events. Authenticates via Stripe-signed payload. Idempotent.
checkout.session.completed— Marks order as paidaccount.updated— Updates expert Stripe onboarding status
Communications#
GET
/api/communications/templatesList available email templates. Auth required.
POST
/api/communications/sendEnqueue an email for sending. Auth required.
{
"orderId": "uuid",
"templateId": "deliverable_ready",
"variables": {
"customerName": "Jane",
"expertName": "Dr. Smith",
"productName": "Market Analysis"
},
"recipientEmail": "jane@example.com"
}Template IDs: order_confirmation, in_progress, deliverable_ready, review_requested, completed
Rate Limits#
| Endpoint Type | Limit |
|---|---|
| Dashboard API | 100 requests / minute |
| Webhook endpoints | No rate limit (Stripe managed) |
| Storefront | 200 requests / minute |
Error Responses#
All errors follow a consistent format:
{
"error": "Unauthorized",
"message": "Valid session required"
}401 — Unauthorized (no session)
403 — Forbidden (wrong ownership)
404 — Not found
429 — Rate limited
500 — Internal server error