Start for Free
Important: This documentation covers only the GitFlare API contract. You must define how integration behavior should work inside your product.

Developer Docs

GitFlare API Documentation

Complete integration reference for GitFlare gateway APIs. This page is designed so a customer can implement end-to-end integration without leaving the docs.

Start for Free Login Open Full Endpoint Matrix

Integration Quickstart (Production)

  1. Create developer app (dashboard or POST /v1/developer/apps) and store client_id + one-time client_secret.
  2. Render hosted Connect URL (/oauth/authorize) in redirect or iframe mode with customer_ref and secure state.
  3. Customer approves providers/repositories on hosted consent screen.
  4. Receive callback at your redirect_uri with code and verify state.
  5. Exchange code via POST /oauth/token and persist accessToken securely.
  6. Call unified read endpoints with Authorization: Bearer ACCESS_TOKEN.
  7. Implement cursor pagination for collection endpoints using limit + cursor and page_info.next_cursor.
  8. Handle canonical errors by error.code and request_id for retries/support workflows.

End-To-End API Flow (At A Glance)

# 1) Create app (developer session)
POST https://api.gitflare.dev/v1/developer/apps
-> persist client.id + clientSecret

# 2) Redirect customer to hosted authorize
GET https://panel.gitflare.dev/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=https%3A%2F%2Fyourapp.com%2Fcallback&scope=read:repositories%20read:commits&state=SECURE_STATE&customer_ref=CUSTOMER_EXTERNAL_ID

# 3) Exchange callback code for access token
POST https://api.gitflare.dev/oauth/token
Content-Type: application/json
{
  "grant_type": "authorization_code",
  "client_id": "CLIENT_ID",
  "client_secret": "CLIENT_SECRET",
  "code": "CODE_FROM_CALLBACK",
  "redirect_uri": "https://yourapp.com/callback"
}

# 4) Read provider data through unified endpoints
GET https://api.gitflare.dev/v1/repositories?provider=github&limit=25
Authorization: Bearer ACCESS_TOKEN

Base URLs And Hosted Routes

Base URL: https://api.gitflare.dev

  • Authorize endpoint: https://panel.gitflare.dev/oauth/authorize
  • Token endpoint: https://api.gitflare.dev/oauth/token
  • Customer management route: https://panel.gitflare.dev/app/company/apps/CLIENT_ID?customer_ref=CUSTOMER_EXTERNAL_ID
  • Provider callbacks are platform-managed and exposed via /v1/auth/callback-urls.

Authentication Models

Model How To Send Used By
Platform Access Token Authorization: Bearer ACCESS_TOKEN Unified third-party read API (/v1/me, /v1/repositories/...)
User Session Authorization: Bearer USER_SESSION_TOKEN or session cookie Developer and account APIs (/v1/developer/apps, /v1/account/*)
Admin Key x-admin-api-key: SGG_ADMIN_API_KEY Platform admin and firewall config endpoints
Legacy Connection Mode x-connection-id header or ?connectionId= Compatibility mode when ENFORCE_PLATFORM_AUTH=false

Create App (API Example)

Equivalent to dashboard action, useful for automation in CI/admin tools.

POST https://api.gitflare.dev/v1/developer/apps
Authorization: Bearer DEVELOPER_SESSION_TOKEN
content-type: application/json

{
  "name": "Acme Git Insights",
  "description": "Read-only Git analytics integration",
  "allowedRedirectUris": ["https://acme.example.com/oauth/callback"],
  "defaultPermissions": ["read:profile","read:repositories","read:commits","read:pull-requests","read:tags","read:file-tree"]
}

Authorize URL (Hosted Connect)

https://panel.gitflare.dev/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=https%3A%2F%2Fyourapp.com%2Fcallback&scope=read:repositories read:commits&state=SECURE_RANDOM_STATE&customer_ref=CUSTOMER_EXTERNAL_ID

Use one hosted URL per customer. They can connect GitHub/GitLab/Bitbucket accounts, select repositories, and manage future updates in the same hosted flow.

Required query params: response_type=code, client_id, redirect_uri. Strongly recommended: secure random state, stable customer_ref, explicit scope. 

<iframe
  src="https://panel.gitflare.dev/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=https%3A%2F%2Fyourapp.com%2Fcallback&scope=read:repositories read:commits&state=SECURE_RANDOM_STATE&customer_ref=CUSTOMER_EXTERNAL_ID"
  title="GitFlare Connect"
  style="width:100%;height:760px;border:0;border-radius:16px;"
  loading="lazy"
></iframe>

state Validation (Required)

state protects your OAuth flow against CSRF and callback confusion. Generate a random value per authorization attempt, store it in your backend session/store, and verify the callback state matches exactly. 

import crypto from 'node:crypto';

// Before redirecting customer to /oauth/authorize
const state = crypto.randomBytes(24).toString('hex');
session.oauthState = state;

// After callback returns to your redirect_uri
if (!req.query.state || req.query.state !== session.oauthState) {
  throw new Error('Invalid OAuth state');
}

Treat each state value as one-time, short-lived, and bound to the user session that initiated auth.

Token Exchange

POST https://api.gitflare.dev/oauth/token
content-type: application/json

{
  "grant_type": "authorization_code",
  "client_id": "CLIENT_ID",
  "client_secret": "CLIENT_SECRET",
  "code": "CODE_FROM_CALLBACK",
  "redirect_uri": "https://acme.example.com/oauth/callback"
}

grant_type=authorization_code returns connection-bound tokens for unified read APIs. grant_type=client_credentials is also supported for service-level flows. 

{
  "id": "atk_123",
  "accessToken": "sggat_...",
  "tokenType": "Bearer",
  "expiresAt": "2026-04-02T14:00:00.000Z",
  "expiresInSeconds": 3600,
  "tenantId": "tenant_123",
  "clientId": "client_123",
  "authorizationId": "authz_123",
  "issuedBy": "authorization_code",
  "permissions": ["read:repositories","read:commits"],
  "connectionIds": ["conn_1","conn_2"]
}

Supported Read Scopes

Scope Label Description
read:profile Profile Read the connected account profile details.
read:repositories Repositories List and inspect repository metadata.
read:branches Branches List repository branches.
read:commits Commits List commit history and commit metadata.
read:pull-requests Pull Requests Read pull/merge request summaries.
read:diffs Diffs Read pull/merge request diffs and changed files.
read:authors Authors Read repository contributors/authors data.
read:tags Tags Read repository tags.
read:releases Releases Read repository releases.
read:checks Checks Read CI/check run status metadata.
read:deployments Deployments Read repository deployment records.
read:file-tree File Tree Read repository file tree structure.
events:subscribe Events Subscribe Create repository event subscriptions/webhooks when provider supports it.

Scope catalog can be fetched programmatically from /v1/platform/capabilities.

Deterministic Ordering Assumptions

  • /v1/repositories with provider + cursor uses provider-native stable pagination pointer from upstream.
  • /v1/repositories/:provider/:repoId/branches uses provider-native branch order; cursor continues from provider next pointer.
  • /v1/repositories/:provider/:repoId/commits order is provider-native commit listing, with branch bound into cursor scope.
  • /v1/repositories/:provider/:repoId/pull-requests order is provider-native and state is bound into cursor scope.
  • /v1/repositories/:provider/:repoId/checks, /deployments, and /file-tree bind filter params into cursor scope.
  • Provider support differs by endpoint; unsupported pairs return canonical UNSUPPORTED_ENDPOINT.
  • If upstream datasets drift between page calls, GitFlare Phase 1 does not attempt snapshot healing or deduplication.

Canonical Error Model

Every JSON error response follows one shape. Use error.code for deterministic handling.

{
  "error": {
    "code": "INVALID_CURSOR",
    "message": "The provided pagination cursor is invalid.",
    "source": "gitflare",
    "provider": null,
    "retryable": false,
    "user_action_required": true,
    "suggested_action": "restart_pagination",
    "upstream_status": null,
    "request_id": "gf_req_123",
    "provider_request_id": null,
    "retry_after_seconds": null
  }
}
Code HTTP Meaning
INVALID_REQUEST 400 Malformed or semantically invalid request payload/query.
INVALID_LIMIT 400 limit is missing range/integer constraints.
INVALID_CURSOR 400 Cursor token cannot be parsed/verified for this request.
CURSOR_EXPIRED 410 Cursor TTL expired; restart pagination from first page.
PAGINATION_NOT_SUPPORTED 400 Request shape is incompatible with pagination mode.
AUTH_REQUIRED 401 Missing authentication token/session.
AUTH_EXPIRED 401 Authentication expired; reconnect or refresh token.
INVALID_CREDENTIALS 401 Invalid client/provider credentials.
INSUFFICIENT_SCOPE 403 Required permissions/scopes are missing.
PROVIDER_ACCOUNT_NOT_CONNECTED 403 No active provider account bound to token/policy.
ACCESS_BLOCKED_BY_POLICY 403 Policy disallows this provider/resource.
REPOSITORY_NOT_APPROVED 403 Repository is outside approved repository set.
APPROVAL_REQUIRED 403 Token has no usable approval/policy yet.
APPROVAL_PENDING 403 Authorization exists but approval is not active yet.
RESOURCE_NOT_FOUND 404 Requested resource was not found upstream or in platform.
REPOSITORY_NOT_FOUND 404 Repository id/path not found on provider.
INSTALLATION_NOT_FOUND 404 Provider installation/workspace context missing.
RATE_LIMITED 429 Upstream provider rate limited request.
UPSTREAM_TIMEOUT 504 Provider timeout while serving request.
UPSTREAM_UNAVAILABLE 503 Provider temporarily unavailable.
UNSUPPORTED_PROVIDER 400 Provider id is unsupported or disabled.
UNSUPPORTED_ENDPOINT 501 Provider is connected but requested endpoint is not supported.
INTERNAL_ERROR 500 Unexpected platform-side internal failure.

Always log and persist x-request-id response header and error.request_id to speed up support triage.

Query Parameter Reference

Endpoint Query Params Behavior
/v1/repositories provider, limit, cursor Cursor pagination requires provider in Phase 1.
/v1/repositories/:provider/:repoId/branches limit, cursor Stable branch listing with canonical pagination.
/v1/repositories/:provider/:repoId/commits branch, limit, cursor Branch filter is part of cursor scope.
/v1/repositories/:provider/:repoId/pull-requests state, limit, cursor state defaults to open.
/v1/repositories/:provider/:repoId/contributors limit, cursor Canonical pagination response with opaque cursor.
/v1/repositories/:provider/:repoId/tags limit, cursor Canonical pagination response with opaque cursor.
/v1/repositories/:provider/:repoId/releases limit, cursor Canonical pagination response with opaque cursor.
/v1/repositories/:provider/:repoId/checks ref, branch, limit, cursor ref/branch filter is part of cursor scope.
/v1/repositories/:provider/:repoId/deployments environment, state, limit, cursor Filter values are part of cursor scope.
/v1/repositories/:provider/:repoId/file-tree ref, branch, path, recursive, limit, cursor Tree filters are part of cursor scope.
/v1/repositories/:provider/:repoId/events/subscribe (request body) Accepts callbackUrl, events, active, secret.
/v1/account/connections tenantId Filters visible connections by tenant.
/v1/account/repositories tenantId, provider Provider filter supports github/gitlab/bitbucket/azure.
/v1/account/usage/summary from, to, top Returns aggregated usage stats.
/v1/account/usage/logs from, to, top, offset, clientId, endpointKey, provider, repositoryId Returns filtered, offset-based activity logs.
/v1/auth/:provider/start web, popup, redirect, returnTo, tenantId Supports API JSON mode and browser redirect mode.
/oauth/authorize response_type, client_id, redirect_uri, scope, state, customer_ref, customer_name Hosted customer consent entrypoint for integration callback flow.
/app/company/apps/:clientId customer_ref, customer_name Hosted app access management surface for a specific customer context.
/testapp/live/repository-scenario provider, repoId, repositoryId Selects specific provider/repository while running integration diagnostics.

Endpoint Cards

Quick scan view of endpoints by method, auth model, scope, and description.

Public Discovery Endpoints

OPTIONS /*

Auth: public

Scope: -

CORS preflight handler for all routes.

Public Discovery Endpoints

GET /health

Auth: public

Scope: -

Service health, enabled providers, environment flags.

Public Discovery Endpoints

GET /v1/providers

Auth: public

Scope: -

Lists provider configuration and enabled status.

Public Discovery Endpoints

GET /v1/auth/callback-urls

Auth: public

Scope: -

Returns provider callback URLs used in OAuth setup.

Public Discovery Endpoints

GET /v1/platform/capabilities

Auth: public

Scope: -

Returns permission catalog, OAuth endpoints, and firewall capability metadata.

OAuth And Token Endpoints

GET /oauth/authorize

Auth: embedded company session (created/loaded by customer_ref)

Scope: -

Hosted consent page for repository-level authorization and permission approval.

OAuth And Token Endpoints

POST /oauth/authorize/approve

Auth: company session

Scope: -

Approves selected repositories/scopes and issues authorization code redirect.

OAuth And Token Endpoints

GET /oauth/authorize/deny

Auth: same browser session as authorize flow

Scope: -

Denies consent and redirects with error=access_denied.

OAuth And Token Endpoints

POST /oauth/token

Auth: client credentials in request body

Scope: -

Issues access tokens for grant_type=authorization_code or client_credentials.

OAuth And Token Endpoints

POST /v1/platform/tokens

Auth: client credentials in request body

Scope: -

Alternative token issuance API for grant/client_credentials based flows.

OAuth And Token Endpoints

GET /v1/platform/client/me

Auth: Bearer ACCESS_TOKEN

Scope: -

Token introspection shortcut: returns token, client, and tenant context.

Unified Third-party API

GET /v1/me

Auth: Bearer ACCESS_TOKEN

Scope: read:profile

Returns connected provider viewer profile data.

Unified Third-party API

GET /v1/repositories

Auth: Bearer ACCESS_TOKEN

Scope: read:repositories

Returns approved repositories. Cursor pagination is provider-scoped in Phase 1.

Unified Third-party API

GET /v1/repositories/:provider/:repoId

Auth: Bearer ACCESS_TOKEN

Scope: read:repositories

Returns a single repository detail object.

Unified Third-party API

GET /v1/repositories/:provider/:repoId/branches

Auth: Bearer ACCESS_TOKEN

Scope: read:branches

Returns branches with canonical cursor pagination.

Unified Third-party API

GET /v1/repositories/:provider/:repoId/commits

Auth: Bearer ACCESS_TOKEN

Scope: read:commits

Returns commits with canonical cursor pagination. Supports branch filter.

Unified Third-party API

GET /v1/repositories/:provider/:repoId/commits/:commitId/diff

Auth: Bearer ACCESS_TOKEN

Scope: read:diffs

Returns commit diff payload (firewall-filtered).

Unified Third-party API

GET /v1/repositories/:provider/:repoId/pull-requests

Auth: Bearer ACCESS_TOKEN

Scope: read:pull-requests

Returns pull/merge requests with canonical cursor pagination.

Unified Third-party API

GET /v1/repositories/:provider/:repoId/pull-requests/:pullRequestId/diff

Auth: Bearer ACCESS_TOKEN

Scope: read:diffs

Returns pull request diff payload (firewall-filtered).

Unified Third-party API

GET /v1/repositories/:provider/:repoId/contributors

Auth: Bearer ACCESS_TOKEN

Scope: read:authors

Returns contributors/authors with canonical cursor pagination.

Unified Third-party API

GET /v1/repositories/:provider/:repoId/tags

Auth: Bearer ACCESS_TOKEN

Scope: read:tags

Returns repository tags with canonical cursor pagination.

Unified Third-party API

GET /v1/repositories/:provider/:repoId/releases

Auth: Bearer ACCESS_TOKEN

Scope: read:releases

Returns repository releases with canonical cursor pagination.

Unified Third-party API

GET /v1/repositories/:provider/:repoId/checks

Auth: Bearer ACCESS_TOKEN

Scope: read:checks

Returns repository checks/CI statuses with canonical cursor pagination.

Unified Third-party API

GET /v1/repositories/:provider/:repoId/deployments

Auth: Bearer ACCESS_TOKEN

Scope: read:deployments

Returns repository deployments with canonical cursor pagination.

Unified Third-party API

GET /v1/repositories/:provider/:repoId/file-tree

Auth: Bearer ACCESS_TOKEN

Scope: read:file-tree

Returns repository file tree entries with canonical cursor pagination.

Unified Third-party API

POST /v1/repositories/:provider/:repoId/events/subscribe

Auth: Bearer ACCESS_TOKEN

Scope: events:subscribe

Creates repository event subscription/webhook when provider supports it.

Provider Connection API

GET /v1/auth/:provider/start

Auth: public (api mode) or user session (web=1)

Scope: -

Starts provider OAuth and returns/redirects authorization URL.

Provider Connection API

GET /v1/auth/:provider/callback

Auth: provider redirect callback

Scope: -

Consumes OAuth state, creates connection, and returns flow-dependent payload.

Provider Connection API

GET /v1/connections

Auth: none (internal)

Scope: -

Lists raw stored connections (internal diagnostics).

Provider Connection API

POST /v1/connections/manual

Auth: none (internal)

Scope: -

Creates connection directly from provider access token (manual mode).

Provider Connection API

GET /v1/connections/:connectionId

Auth: none (internal)

Scope: -

Returns one connection by id.

Provider Connection API

DELETE /v1/connections/:connectionId

Auth: none (internal)

Scope: -

Deletes/disconnects one connection by id.

Session Account API

GET /v1/account/me

Auth: Bearer USER_SESSION_TOKEN or session cookie

Scope: -

Returns current user, tenant memberships, and session details.

Session Account API

GET /v1/account/connections

Auth: Bearer USER_SESSION_TOKEN or session cookie

Scope: -

Lists visible provider connections for current user/tenant.

Session Account API

GET /v1/account/repositories

Auth: Bearer USER_SESSION_TOKEN or session cookie

Scope: -

Lists repositories visible via current user connections.

Session Account API

GET /v1/account/usage/summary

Auth: Bearer USER_SESSION_TOKEN or session cookie

Scope: -

Aggregated request analytics for customer or developer context.

Session Account API

GET /v1/account/usage/logs

Auth: Bearer USER_SESSION_TOKEN or session cookie

Scope: -

Paginated usage logs with filters for endpoint/client/provider/repository.

Developer App Management API

GET /v1/developer/apps

Auth: Bearer DEVELOPER_SESSION_TOKEN or session cookie

Scope: -

Lists developer-owned apps with OAuth endpoint metadata.

Developer App Management API

POST /v1/developer/apps

Auth: Bearer DEVELOPER_SESSION_TOKEN or session cookie

Scope: -

Creates developer app and returns one-time client_secret.

Developer App Management API

PATCH /v1/developer/apps/:clientId

Auth: Bearer DEVELOPER_SESSION_TOKEN or session cookie

Scope: -

Updates app metadata, redirect URIs, and default permissions.

Developer App Management API

DELETE /v1/developer/apps/:clientId

Auth: Bearer DEVELOPER_SESSION_TOKEN or session cookie

Scope: -

Soft-deletes app and revokes active grants/tokens.

Platform Admin API

GET /v1/platform/tenants

Auth: x-admin-api-key

Scope: -

Lists tenants.

Platform Admin API

POST /v1/platform/tenants

Auth: x-admin-api-key

Scope: -

Creates tenant.

Platform Admin API

GET /v1/platform/clients

Auth: x-admin-api-key

Scope: -

Lists clients filtered by tenantId/ownerUserId.

Platform Admin API

POST /v1/platform/clients

Auth: x-admin-api-key

Scope: -

Creates client directly under platform context.

Platform Admin API

GET /v1/platform/grants

Auth: x-admin-api-key

Scope: -

Lists grants filtered by tenant/client/connection.

Platform Admin API

POST /v1/platform/grants

Auth: x-admin-api-key

Scope: -

Creates a grant record for tenant/client/connection.

Platform Admin API

DELETE /v1/platform/grants/:grantId

Auth: x-admin-api-key

Scope: -

Revokes a grant.

Platform Admin API

GET /v1/platform/tokens

Auth: x-admin-api-key

Scope: -

Lists issued access tokens.

Platform Admin API

POST /v1/platform/tokens/introspect

Auth: x-admin-api-key

Scope: -

Introspects an access token.

Platform Admin API

DELETE /v1/platform/tokens/:tokenId

Auth: x-admin-api-key

Scope: -

Revokes token by token id.

Platform Admin API

GET /v1/security/firewall/config

Auth: x-admin-api-key

Scope: -

Returns security firewall configuration.

Platform Admin API

POST /v1/security/firewall/config

Auth: x-admin-api-key

Scope: -

Updates firewall enabled flag and blocked file patterns.

Hosted Embedded Management Routes

GET /app/company/apps/:clientId?customer_ref=...&customer_name=...

Auth: embedded company session

Scope: -

Hosted customer access-management page (connect/disconnect/approve/revoke).

Hosted Embedded Management Routes

POST /app/company/apps/:clientId/update

Auth: embedded company session

Scope: -

Updates selected repositories and permissions for that app authorization.

Hosted Embedded Management Routes

POST /app/company/apps/:clientId/revoke

Auth: embedded company session

Scope: -

Revokes app authorization for the customer.

Hosted Embedded Management Routes

POST /app/company/apps/:clientId/connections/:connectionId/disconnect

Auth: embedded company session

Scope: -

Disconnects a linked provider account from customer workspace.

Web App Routes (HTML)

GET /

Auth: public or active session

Scope: -

Landing page and signed-in redirect helper.

Web App Routes (HTML)

GET /docs, /docs/api, /zero-trust

Auth: public

Scope: -

Public documentation and trust pages.

Web App Routes (HTML)

GET /assets/app.css, /assets/landing-page.js, /assets/secure-git-connect-page.js, /assets/gitflare-logo.svg

Auth: public

Scope: -

Static frontend assets used by docs, landing, and embedded connect UIs.

Web App Routes (HTML)

GET /app/signup, /app/developer/signup, /app/customer/signup

Auth: public

Scope: -

Signup form route. customer paths are deprecated and currently return 410.

Web App Routes (HTML)

POST /app/signup, /app/developer/signup, /app/customer/signup

Auth: public

Scope: -

Signup submit route. customer paths are deprecated and currently return 410.

Web App Routes (HTML)

GET /app/login, /app/developer/login, /app/customer/login

Auth: public

Scope: -

Login form route. customer paths are deprecated and currently return 410.

Web App Routes (HTML)

POST /app/login, /app/developer/login, /app/customer/login

Auth: public

Scope: -

Login submit route. customer paths are deprecated and currently return 410.

Web App Routes (HTML)

GET /app/dashboard

Auth: session cookie or bearer user session

Scope: -

Dashboard route with developer/customer views.

Web App Routes (HTML)

GET /app/logout

Auth: session cookie

Scope: -

Revokes user session and clears session cookie.

Web App Routes (HTML)

POST /app/developer/apps

Auth: developer session

Scope: -

Dashboard form submit to create developer app.

Web App Routes (HTML)

POST /app/developer/apps/:clientId/update

Auth: developer session

Scope: -

Dashboard form submit to update developer app.

Web App Routes (HTML)

POST /app/developer/apps/:clientId/delete

Auth: developer session

Scope: -

Dashboard form submit to delete developer app.

Test App Routes

GET /testapp

Auth: testapp session cookie

Scope: -

Hosted integration sandbox page with live API probes.

Test App Routes

POST /testapp/config

Auth: testapp session cookie

Scope: -

Saves testapp gateway/client configuration.

Test App Routes

POST /testapp/disconnect

Auth: testapp session cookie

Scope: -

Revokes and clears current testapp access token.

Test App Routes

GET /testapp/callback

Auth: provider redirect callback + testapp session state

Scope: -

Handles testapp OAuth callback and token exchange.

Test App Routes

GET /testapp/live/commit-metrics

Auth: testapp session cookie

Scope: -

Live commit metrics probe across granted repositories.

Test App Routes

GET /testapp/live/endpoint-suite

Auth: testapp session cookie

Scope: -

Runs endpoint suite checks across sample repositories.

Test App Routes

GET /testapp/live/repository-scenario

Auth: testapp session cookie

Scope: -

Runs detailed single-repository scenario diagnostics.

Complete Endpoint Matrix

This table reflects the current server implementation end-to-end, including public, session, OAuth, unified read, internal tooling, and admin routes.

Method Path Auth Scope Description
Public Discovery Endpoints (No authentication required)
OPTIONS /* public - CORS preflight handler for all routes.
GET /health public - Service health, enabled providers, environment flags.
GET /v1/providers public - Lists provider configuration and enabled status.
GET /v1/auth/callback-urls public - Returns provider callback URLs used in OAuth setup.
GET /v1/platform/capabilities public - Returns permission catalog, OAuth endpoints, and firewall capability metadata.
OAuth And Token Endpoints (Core third-party integration flow)
GET /oauth/authorize embedded company session (created/loaded by customer_ref) - Hosted consent page for repository-level authorization and permission approval.
POST /oauth/authorize/approve company session - Approves selected repositories/scopes and issues authorization code redirect.
GET /oauth/authorize/deny same browser session as authorize flow - Denies consent and redirects with error=access_denied.
POST /oauth/token client credentials in request body - Issues access tokens for grant_type=authorization_code or client_credentials.
POST /v1/platform/tokens client credentials in request body - Alternative token issuance API for grant/client_credentials based flows.
GET /v1/platform/client/me Bearer ACCESS_TOKEN - Token introspection shortcut: returns token, client, and tenant context.
Unified Third-party API (Requires Bearer ACCESS_TOKEN from /oauth/token)
GET /v1/me Bearer ACCESS_TOKEN read:profile Returns connected provider viewer profile data.
GET /v1/repositories Bearer ACCESS_TOKEN read:repositories Returns approved repositories. Cursor pagination is provider-scoped in Phase 1.
GET /v1/repositories/:provider/:repoId Bearer ACCESS_TOKEN read:repositories Returns a single repository detail object.
GET /v1/repositories/:provider/:repoId/branches Bearer ACCESS_TOKEN read:branches Returns branches with canonical cursor pagination.
GET /v1/repositories/:provider/:repoId/commits Bearer ACCESS_TOKEN read:commits Returns commits with canonical cursor pagination. Supports branch filter.
GET /v1/repositories/:provider/:repoId/commits/:commitId/diff Bearer ACCESS_TOKEN read:diffs Returns commit diff payload (firewall-filtered).
GET /v1/repositories/:provider/:repoId/pull-requests Bearer ACCESS_TOKEN read:pull-requests Returns pull/merge requests with canonical cursor pagination.
GET /v1/repositories/:provider/:repoId/pull-requests/:pullRequestId/diff Bearer ACCESS_TOKEN read:diffs Returns pull request diff payload (firewall-filtered).
GET /v1/repositories/:provider/:repoId/contributors Bearer ACCESS_TOKEN read:authors Returns contributors/authors with canonical cursor pagination.
GET /v1/repositories/:provider/:repoId/tags Bearer ACCESS_TOKEN read:tags Returns repository tags with canonical cursor pagination.
GET /v1/repositories/:provider/:repoId/releases Bearer ACCESS_TOKEN read:releases Returns repository releases with canonical cursor pagination.
GET /v1/repositories/:provider/:repoId/checks Bearer ACCESS_TOKEN read:checks Returns repository checks/CI statuses with canonical cursor pagination.
GET /v1/repositories/:provider/:repoId/deployments Bearer ACCESS_TOKEN read:deployments Returns repository deployments with canonical cursor pagination.
GET /v1/repositories/:provider/:repoId/file-tree Bearer ACCESS_TOKEN read:file-tree Returns repository file tree entries with canonical cursor pagination.
POST /v1/repositories/:provider/:repoId/events/subscribe Bearer ACCESS_TOKEN events:subscribe Creates repository event subscription/webhook when provider supports it.
Provider Connection API (Used by hosted dashboard and operational tooling)
GET /v1/auth/:provider/start public (api mode) or user session (web=1) - Starts provider OAuth and returns/redirects authorization URL.
GET /v1/auth/:provider/callback provider redirect callback - Consumes OAuth state, creates connection, and returns flow-dependent payload.
GET /v1/connections none (internal) - Lists raw stored connections (internal diagnostics).
POST /v1/connections/manual none (internal) - Creates connection directly from provider access token (manual mode).
GET /v1/connections/:connectionId none (internal) - Returns one connection by id.
DELETE /v1/connections/:connectionId none (internal) - Deletes/disconnects one connection by id.
Session Account API (Requires user session bearer token or cookie)
GET /v1/account/me Bearer USER_SESSION_TOKEN or session cookie - Returns current user, tenant memberships, and session details.
GET /v1/account/connections Bearer USER_SESSION_TOKEN or session cookie - Lists visible provider connections for current user/tenant.
GET /v1/account/repositories Bearer USER_SESSION_TOKEN or session cookie - Lists repositories visible via current user connections.
GET /v1/account/usage/summary Bearer USER_SESSION_TOKEN or session cookie - Aggregated request analytics for customer or developer context.
GET /v1/account/usage/logs Bearer USER_SESSION_TOKEN or session cookie - Paginated usage logs with filters for endpoint/client/provider/repository.
Developer App Management API (Requires developer user session)
GET /v1/developer/apps Bearer DEVELOPER_SESSION_TOKEN or session cookie - Lists developer-owned apps with OAuth endpoint metadata.
POST /v1/developer/apps Bearer DEVELOPER_SESSION_TOKEN or session cookie - Creates developer app and returns one-time client_secret.
PATCH /v1/developer/apps/:clientId Bearer DEVELOPER_SESSION_TOKEN or session cookie - Updates app metadata, redirect URIs, and default permissions.
DELETE /v1/developer/apps/:clientId Bearer DEVELOPER_SESSION_TOKEN or session cookie - Soft-deletes app and revokes active grants/tokens.
Platform Admin API (Requires x-admin-api-key)
GET /v1/platform/tenants x-admin-api-key - Lists tenants.
POST /v1/platform/tenants x-admin-api-key - Creates tenant.
GET /v1/platform/clients x-admin-api-key - Lists clients filtered by tenantId/ownerUserId.
POST /v1/platform/clients x-admin-api-key - Creates client directly under platform context.
GET /v1/platform/grants x-admin-api-key - Lists grants filtered by tenant/client/connection.
POST /v1/platform/grants x-admin-api-key - Creates a grant record for tenant/client/connection.
DELETE /v1/platform/grants/:grantId x-admin-api-key - Revokes a grant.
GET /v1/platform/tokens x-admin-api-key - Lists issued access tokens.
POST /v1/platform/tokens/introspect x-admin-api-key - Introspects an access token.
DELETE /v1/platform/tokens/:tokenId x-admin-api-key - Revokes token by token id.
GET /v1/security/firewall/config x-admin-api-key - Returns security firewall configuration.
POST /v1/security/firewall/config x-admin-api-key - Updates firewall enabled flag and blocked file patterns.
Hosted Embedded Management Routes (Browser routes used in customer-facing embed flows)
GET /app/company/apps/:clientId?customer_ref=...&customer_name=... embedded company session - Hosted customer access-management page (connect/disconnect/approve/revoke).
POST /app/company/apps/:clientId/update embedded company session - Updates selected repositories and permissions for that app authorization.
POST /app/company/apps/:clientId/revoke embedded company session - Revokes app authorization for the customer.
POST /app/company/apps/:clientId/connections/:connectionId/disconnect embedded company session - Disconnects a linked provider account from customer workspace.
Web App Routes (HTML) (Browser-rendered routes for developer/customer dashboards)
GET / public or active session - Landing page and signed-in redirect helper.
GET /docs, /docs/api, /zero-trust public - Public documentation and trust pages.
GET /assets/app.css, /assets/landing-page.js, /assets/secure-git-connect-page.js, /assets/gitflare-logo.svg public - Static frontend assets used by docs, landing, and embedded connect UIs.
GET /app/signup, /app/developer/signup, /app/customer/signup public - Signup form route. customer paths are deprecated and currently return 410.
POST /app/signup, /app/developer/signup, /app/customer/signup public - Signup submit route. customer paths are deprecated and currently return 410.
GET /app/login, /app/developer/login, /app/customer/login public - Login form route. customer paths are deprecated and currently return 410.
POST /app/login, /app/developer/login, /app/customer/login public - Login submit route. customer paths are deprecated and currently return 410.
GET /app/dashboard session cookie or bearer user session - Dashboard route with developer/customer views.
GET /app/logout session cookie - Revokes user session and clears session cookie.
POST /app/developer/apps developer session - Dashboard form submit to create developer app.
POST /app/developer/apps/:clientId/update developer session - Dashboard form submit to update developer app.
POST /app/developer/apps/:clientId/delete developer session - Dashboard form submit to delete developer app.
Test App Routes (Internal integration sandbox UI and live probes)
GET /testapp testapp session cookie - Hosted integration sandbox page with live API probes.
POST /testapp/config testapp session cookie - Saves testapp gateway/client configuration.
POST /testapp/disconnect testapp session cookie - Revokes and clears current testapp access token.
GET /testapp/callback provider redirect callback + testapp session state - Handles testapp OAuth callback and token exchange.
GET /testapp/live/commit-metrics testapp session cookie - Live commit metrics probe across granted repositories.
GET /testapp/live/endpoint-suite testapp session cookie - Runs endpoint suite checks across sample repositories.
GET /testapp/live/repository-scenario testapp session cookie - Runs detailed single-repository scenario diagnostics.

Phase 1 Scope Boundaries

  • No previous-page cursor support in Phase 1.
  • No cursor history persistence in DB/Redis for Phase 1 cursor handling.
  • No cross-provider merged pagination stream in Phase 1.
  • No prefetch/caching/smart page filling from multiple upstream pages in a single request.
  • No snapshot-consistent pagination guarantees across mutable upstream datasets.

Security Firewall And Data Handling

  • Unified third-party data responses are passed through GitFlare security firewall when called with platform access tokens.
  • Blocked file path patterns (for example .env, *.pem, *.key) are stripped from diff/file payloads.
  • Secret-like assignments (api_key/token/secret/password patterns) are hashed before response leaves GitFlare.
  • Firewall config is runtime-managed via /v1/security/firewall/config (admin key required).
  • Usage audit logs are recorded for unified read endpoints called with platform access tokens.

Operational Tips

  • Use /v1/platform/client/me immediately after token exchange to validate token/client/tenant wiring.
  • Store and replay opaque cursors exactly as returned. Never decode or alter cursor strings.
  • Treat CURSOR_EXPIRED and INVALID_CURSOR as restart-from-first-page signals.
  • For retries on RATE_LIMITED/UPSTREAM_TIMEOUT/UPSTREAM_UNAVAILABLE, apply exponential backoff and idempotent reads.
  • Persist request_id for all failed calls for support/debugging correlation.
  • If you enable strict mode with ENFORCE_PLATFORM_AUTH=true, legacy x-connection-id fallback is disabled.