API reference
The GridCraft API is JSON over HTTPS. Authenticated endpoints take a JWT in the Authorization header. Errors come back with a stable code string so you can branch on them.
Base URL
https://api.gridcraft.dev
Authentication
Call POST /auth/login (or /auth/register) and you get back a JWT. Pass it on every authenticated request:
Authorization: Bearer <token>
The token expires 24 hours after it is issued, so request a fresh one when it lapses. There is no server-side revocation yet; signing out clears the token locally, so treat it like a password and keep it private.
Errors
Errors have a standard shape. Use code for branching; message is for humans.
{
"error": "Map not found",
"code": "MAP_NOT_FOUND"
}Sections
- Auth: register, login, profile, password change, admin activity feed.
- Maps: list, read, create, update, delete your maps.
- Billing: Stripe checkout, customer portal, status, invoices.
- Admin: user management and audit log. Admin-only.
- Discord linking: OAuth start, callback, unlink.
- Devices: register, list, unlink desktop devices.
The Stripe webhook (POST /billing/webhook) is internal. Stripe calls it directly with a signed payload. Not documented here.