Skip to content

Platform API

Base URL: https://<platform-host>/api. Authentication: Authorization: Bearer <Entra access token> for the sprig-platform-api audience. The Ops app role gates the decision endpoints.

Method Route Caller Purpose
GET /health anyone Liveness (no auth)
GET /config any signed-in user Non-secret config for tooling
POST /apps {name} builder Create or update an app: Entra registration (owner-locked), Static Web App in the builder’s sandbox, metadata + audit
GET /apps builder List own apps
POST /apps/{name}/deploy-token owner Scoped deployment token for content upload
POST /apps/{name}/share {groupId | groupName} owner Create a share request (pending Ops)
GET /share-requests Ops List pending requests
POST /share-requests/{id}/decision {ownerOid, approve} Ops Approve (assigns the group) or reject

Conventions: JSON bodies; errors as {error, message} with conventional status codes (401 unauthenticated, 403 missing role, 404 unknown/foreign resource, 409 conflicts). App names are slugs: 2–40 chars, lowercase letters/digits/hyphens, starting with a letter. All mutating calls append audit events attributed to the caller.