API Reference

Henry Onboard provides a REST API and MCP server for programmatic access.

Authentication

All authenticated endpoints require a Bearer token from Supabase Auth. Include the token in the Authorization header:

Authorization: Bearer <supabase_access_token>

Admin endpoints require the x-admin-key header matching your ADMIN_API_KEY env var.

Base URL

https://your-app.vercel.app

Clients

GET/api/v1/clientsAuth required

List all clients for the authenticated user

Response

{ "clients": [{ "id": "uuid", "name": "string", "email": "string", "status": "invited|started|completed", "slug": "string", "created_at": "timestamp" }] }

POST/api/v1/clientsAuth required

Create a new client and send invite email

Request Body

{ "name": "string", "email": "string", "project_name": "string", "template_id": "uuid" }

Response

{ "client": { "id": "uuid", "slug": "string", ... } }

GET/api/v1/clients/:idAuth required

Get a single client with all data

Response

{ "client": { ...client, "questionnaire_answers": {}, "milestones": [] } }

PATCH/api/v1/clients/:idAuth required

Update client data

Request Body

{ "status": "string", "milestones": [] }

Response

{ "client": { ... } }

DELETE/api/v1/clients/:idAuth required

Delete a client and all associated data

Response

{ "success": true }

Templates

GET/api/v1/templatesAuth required

List all templates for the authenticated user

Response

{ "templates": [{ "id": "uuid", "name": "string", "questions": [], "request_assets": true, "request_credentials": false }] }

POST/api/v1/templatesAuth required

Create a new template

Request Body

{ "name": "string", "questions": [{ "id": "string", "label": "string", "type": "text|textarea|select", "required": true }], "request_assets": true, "request_credentials": false }

Response

{ "template": { "id": "uuid", ... } }

Onboarding (Public)

POST/api/onboard/:slug/save

Save client onboarding step progress. No auth required.

Request Body

{ "step": "questionnaire|credentials|milestones", "data": {} }

Response

{ "success": true }

POST/api/onboard/:slug/upload

Upload a brand asset file. No auth required. Multipart form data.

Request Body

FormData: file (binary), name (string)

Response

{ "asset": { "id": "uuid", "name": "string", "file_path": "string" } }

MCP Server

POST/api/mcpAuth required

MCP server endpoint. Supports tools: list_clients, get_client, create_client, onboarding_status

Request Body

{ "method": "tools/call", "params": { "name": "list_clients", "arguments": {} } }

Response

MCP protocol response

Admin

GET/api/admin

Admin overview. Requires ADMIN_API_KEY header.

Response

{ "status": "ok", "version": "1.0.0" }

GET/api/admin/stats

Platform-wide stats

Response

{ "total_users": 0, "total_clients": 0, "total_completed": 0 }

GET/api/admin/users

List all users

Response

{ "users": [] }

Billing

POST/api/stripe/checkoutAuth required

Create a Stripe Checkout session. If STRIPE_SECRET_KEY not set, redirects to /pricing?demo=1

Request Body

{ "price_id": "string" }

Response

{ "url": "https://checkout.stripe.com/..." }

POST/api/stripe/portalAuth required

Create a Stripe Customer Portal session

Response

{ "url": "https://billing.stripe.com/..." }

POST/api/stripe/webhook

Stripe webhook handler

Response

{ "received": true }