API

Build on SkyCanvass.

The same REST surface the SkyCanvass web and iOS apps run on, documented in one OpenAPI 3.1.1 contract.

Manage API keys Download OpenAPI spec

Surface

§01

OpenAPI 3.1.1

Single source of truth at /api/openapi.json. The iOS companion app is generated from the same contract.

§02

Bearer token auth

Sign in via /api/auth/login with X-Client-Platform: ios to receive an access token for the Authorization header.

§03

Abuse-throttled

Per-IP and per-account rate limits on auth and public endpoints return clean HTTP 429s.

§04

Same surface as the app

These are the production endpoints the web and iOS apps run on — not a parallel integration tier that drifts.

Endpoints

GET /api/health Service health + running build SHA. No auth.

POST /api/auth/login Email + password sign-in. Returns an access token for Bearer use.

GET /api/auth/session Current session + account context.

POST /api/account/profile Account profile, company details, preferences.

POST /api/account/storm_reports Storm reports generated by your account.

POST /api/account/storm_feed Storm activity feed for your saved areas.

POST /api/account/storm_alerts Saved-area storm alert subscriptions.

POST /api/account/permits Permit lookups attached to your account.

POST /api/account/photo_packets Photo packets generated by your account.

Full machine-readable reference (OpenAPI JSON) →

Quickstart

# Health check — no auth required
curl https://skycanvass.com/api/health

# Sign in and capture the access token
curl -X POST https://skycanvass.com/api/auth/login \
  -H "Content-Type: application/json" \
  -H "X-Client-Platform: ios" \
  -d '{"email":"you@yourcompany.com","password":"..."}'

# Call an authenticated endpoint with the returned accessToken
# (account reads are POST — Leptos server-fn convention)
curl -X POST https://skycanvass.com/api/account/storm_reports \
  -H "Authorization: Bearer <accessToken>"