Static OpenAPI 3.1 specs and Swagger UI. With Docker/nginx, this site is served under
/docs/; local serve build/web uses the same paths. Prefer opening via
http://localhost:8082/docs/openapi/
(trailing slash) so relative links resolve correctly. Short URL /doc is nginx only.
8080):
API at http://localhost:8080/api/v1/…, hosted UI at
http://localhost:8080/app/….
8081): servlet context path is
/api/v1, e.g. http://localhost:8081/api/v1/workspaces.
| Specification | Swagger UI | YAML | Audience |
|---|---|---|---|
|
Integration & hosted login Hosted browser login entrypoint contract ( /app/login)
|
integration-auth.html | integration-auth.yaml | Third-party apps integrating hosted SafeHook login |
|
Management API Users, workspaces (get/patch), invites, anonymous & invite flows |
management API | secure-flows-user-api.yaml | Developers building against the admin console flows |
|
Sessions Encrypted session payloads keyed by Firebase user |
session API | secure-flows-session-api.yaml | Automation / agents (session-only surface) |
|
End-to-end example (Postman) Reference collection (CI-validated); not runnable without your own Firebase credentials |
examples guide | secureFlows-sanity.postman_collection.json | Download to inspect request sequences alongside OpenAPI |
End-to-end integration guide:
docs/integration/quickstart.md
(same-folder layout under docs/ when synced into web/docs).