Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.auction-rise.com/llms.txt

Use this file to discover all available pages before exploring further.

Auction Rise exposes a small number of REST endpoints. Most data mutations (creating workspaces, managing members, updating settings, etc.) are handled through Next.js Server Actions rather than REST endpoints, keeping data access secure and type-safe on the server.
For querying and mutating workspace data, use the Supabase client libraries with the apikey and Authorization headers described in the Authentication guide.

Billing

Stripe webhook

POST /api/billing/webhook
Receives and processes Stripe webhook events. This endpoint is called by Stripe — configure the URL in your Stripe dashboard under Developers → Webhooks. Requests are verified using the STRIPE_WEBHOOK_SECRET environment variable. Do not call this endpoint directly from your application. Handled event types (extend in app/api/billing/webhook/route.ts):
EventDescription
checkout.session.completedUser completed checkout; provision access
customer.subscription.updatedSubscription plan or status changed
customer.subscription.deletedSubscription cancelled
invoice.payment_succeededRecurring payment collected
invoice.payment_failedPayment failed; notify or restrict access
Responses:
StatusDescription
200Webhook received and processed successfully
400Invalid payload or missing Stripe signature
401Webhook signature verification failed
Authentication: Stripe-signed webhook (verified via STRIPE_WEBHOOK_SECRET)

Notifications

Trigger digest emails

POST /api/notifications/digest?frequency=daily
Sends activity digest emails to eligible users. This endpoint is protected by CRON_SECRET and is intended to be called by Vercel Cron, not by end users. Query parameters:
ParameterTypeRequiredValues
frequencystringYesdaily or weekly
Responses:
StatusDescription
200Digests processed. Returns { ok: true, frequency, sent }
400Invalid or missing frequency parameter
401Missing or invalid CRON_SECRET
Authentication: Authorization: Bearer <CRON_SECRET> Cron schedule (configured in vercel.json): 
{
  "crons": [
    { "path": "/api/notifications/digest?frequency=daily", "schedule": "0 8 * * *" },
    { "path": "/api/notifications/digest?frequency=weekly", "schedule": "0 8 * * 1" }
  ]
}

Server Actions

Most mutations in Auction Rise use Next.js Server Actions rather than REST endpoints. Server Actions run on the server, have access to the authenticated session, and automatically enforce RLS policies. Examples of operations handled via Server Actions:
  • Creating and updating workspaces
  • Managing workspace members and roles
  • Sending invitations
  • Updating user profile and notification preferences
  • Workspace-scoped data mutations
See the Supabase Data API documentation for direct database access patterns.