For querying and mutating workspace data, use the Supabase client libraries with the
apikey and Authorization headers described in the Authentication guide.Billing
Stripe webhook
STRIPE_WEBHOOK_SECRET environment variable. Do not call this endpoint directly from your application.
Handled event types (extend in app/api/billing/webhook/route.ts):
| Event | Description |
|---|---|
checkout.session.completed | User completed checkout; provision access |
customer.subscription.updated | Subscription plan or status changed |
customer.subscription.deleted | Subscription cancelled |
invoice.payment_succeeded | Recurring payment collected |
invoice.payment_failed | Payment failed; notify or restrict access |
| Status | Description |
|---|---|
200 | Webhook received and processed successfully |
400 | Invalid payload or missing Stripe signature |
401 | Webhook signature verification failed |
STRIPE_WEBHOOK_SECRET)
Notifications
Trigger digest emails
CRON_SECRET and is intended to be called by Vercel Cron, not by end users.
Query parameters:
| Parameter | Type | Required | Values |
|---|---|---|---|
frequency | string | Yes | daily or weekly |
| Status | Description |
|---|---|
200 | Digests processed. Returns { ok: true, frequency, sent } |
400 | Invalid or missing frequency parameter |
401 | Missing or invalid CRON_SECRET |
Authorization: Bearer <CRON_SECRET>
Cron schedule (configured in vercel.json):
Server Actions
Most mutations in Auction Rise use Next.js Server Actions rather than REST endpoints. Server Actions run on the server, have access to the authenticated session, and automatically enforce RLS policies. Examples of operations handled via Server Actions:- Creating and updating workspaces
- Managing workspace members and roles
- Sending invitations
- Updating user profile and notification preferences
- Workspace-scoped data mutations