Skip to content

API Overview

The Iron API is a REST API served by apps/api (FastAPI). Every route is mounted under /api/v1.

https://your-domain.example/api/v1

The interactive OpenAPI docs (/docs, /redoc) are disabled in production for security. This site is the human-readable reference.

  • JSON request and response bodies.
  • Bearer auth with a Supabase JWT (Authorization: Bearer <jwt>). See Authentication.
  • Org scoping via the X-Org-Id header — every data endpoint is scoped to the acting subaccount. See Subaccounts & X-Org-Id.
  • Standard status codes200/201 on success, 400 malformed input, 401 unauthenticated, 403 not a member of the org (or not permitted), 404 not found, 422 validation error.
Group Prefix Docs
Health /health
Contacts /contacts Contacts
Conversations / Inbox /conversations Conversations
Pipelines & Opportunities /pipelines, /opportunities Pipelines & Opportunities
Calendar & Scheduling /calendar, /scheduling Calendar & Scheduling
Automations /automations, /automation Automations
Setter /setter Setter
Billing /billing Billing
GEO (AI-search visibility) /geo GEO
Social Planner /social Social
Webhooks /webhooks/* Webhooks

Other route groups exist in the API (ads, coaching, dialer, KB, custom objects, connectors, finance, reports, staff, orgs, permissions, and more); the groups above are the core operator surface documented here. The endpoint lists on each page are derived directly from the route definitions in apps/api/src/routes/.

The endpoints listed in this reference are real and verified against the route source. Pages marked Draft are intentionally partial — the endpoints listed are accurate, but request/ response schema detail is still being filled in.