Platform docs

Platform API.

The administrative surface that powers the console. Hit it directly when you need automation, infrastructure-as-code, or CI/CD-driven workspace management.

Everything the ProductCraft console does — creating a workspace, inviting a member, activating Envoi or Rally, rotating an API key, reading the audit log — is a call against the Platform API. Humans get a friendly UI; your CI/CD pipeline gets the same surface via a Personal Access Token.

Browse

What you’ll find here

Getting started

Mint a Personal Access Token, hit your first endpoint, and understand the workspace boundary. Five minutes to a working CI/CD integration.
Read more

API reference

Every endpoint generated from the live OpenAPI spec. Workspaces, members, roles, services, PATs, audit, introspection — everything the console can do is here.
Read more

Reference

Base URL

https://api.auth.productcraft.co/v1

All Platform API endpoints are relative to this base. Browser sessions use the auth_token cookie on .productcraft.co; programmatic clients send Authorization: Bearer pcft_live_….

When to use this

Console UI vs Platform API

The right surface depends on the actor:

  • Humans — use the console. Faster for one-off changes, and the same workspace-role policy gates every action.
  • CI/CD — mint a PAT scoped to the actions your pipeline needs. Provision a Heimdall app per deploy, rotate keys, attach services, all from a workflow file.
  • Infrastructure-as-code — Terraform, Pulumi, or any tool that calls REST. The same workspace policy applies; PAT scopes act as the cap on what the tool can do.
  • Admin automation — auditing, compliance exports, periodic permission reviews. Read-only PATs make this safe.

What this is not: the Platform API never authenticates your end-users. End-user identity lives on Heimdall. The Platform API is your workspace + your team — it has no concept of your customers’ users.

Start with the getting-started guide