API Overview
The Iron API is a REST API served by apps/api (FastAPI). Every route is mounted under
/api/v1.
Base URL
Section titled “Base URL”https://your-domain.example/api/v1The interactive OpenAPI docs (/docs, /redoc) are disabled in production for security.
This site is the human-readable reference.
Conventions
Section titled “Conventions”- JSON request and response bodies.
- Bearer auth with a Supabase JWT (
Authorization: Bearer <jwt>). See Authentication. - Org scoping via the
X-Org-Idheader — every data endpoint is scoped to the acting subaccount. See Subaccounts & X-Org-Id. - Standard status codes —
200/201on success,400malformed input,401unauthenticated,403not a member of the org (or not permitted),404not found,422validation error.
Route groups
Section titled “Route groups”| Group | Prefix | Docs |
|---|---|---|
| Health | /health |
— |
| Contacts | /contacts |
Contacts |
| Conversations / Inbox | /conversations |
Conversations |
| Pipelines & Opportunities | /pipelines, /opportunities |
Pipelines & Opportunities |
| Calendar & Scheduling | /calendar, /scheduling |
Calendar & Scheduling |
| Automations | /automations, /automation |
Automations |
| Setter | /setter |
Setter |
| Billing | /billing |
Billing |
| GEO (AI-search visibility) | /geo |
GEO |
| Social Planner | /social |
Social |
| Webhooks | /webhooks/* |
Webhooks |
Other route groups exist in the API (ads, coaching, dialer, KB, custom objects,
connectors, finance, reports, staff, orgs, permissions, and more); the groups above are the
core operator surface documented here. The endpoint lists on each page are derived directly
from the route definitions in apps/api/src/routes/.
A note on coverage
Section titled “A note on coverage”The endpoints listed in this reference are real and verified against the route source. Pages marked Draft are intentionally partial — the endpoints listed are accurate, but request/ response schema detail is still being filled in.