v1.0.0
March 2026
Latest
Initial public API release. All core reselling platform endpoints are now stable. No prior versions exist — there are no breaking changes in this release.
New
Authentication
POST /api/auth/login— Issue JWT access token + refresh token pair.POST /api/auth/refresh— Exchange a valid refresh token for a new access token (7-day sliding window).POST /api/auth/logout— Revoke the current refresh token.POST /api/auth/register— Create a new user account.POST /api/auth/mfa/setup— Initiate TOTP MFA enrollment.POST /api/auth/mfa/verify— Verify a TOTP code during login.- All mutating routes require a valid
X-CSRF-Tokenheader (token issued viaGET /api/auth/csrf).
New
Inventory
GET /api/inventory— List InventoryItems with pagination, full-text search (FTS5), and tag filtering.POST /api/inventory— Create an InventoryItem.GET /api/inventory/:id— Fetch a single InventoryItem.PUT /api/inventory/:id— Update an InventoryItem.DELETE /api/inventory/:id— Soft-delete an InventoryItem.
New
Listings & Cross-Listing
GET /api/listings— List all Listings across all platforms for the authenticated user.POST /api/cross-list— Submit an InventoryItem for cross-listing to one or more platforms.GET /api/listings/:id— Fetch a single Listing including platform-specific metadata.DELETE /api/listings/:id— Delist from a specific platform.
New
Offers
GET /api/offers— List incoming Offers with status filter.POST /api/offers/:id/accept— Accept an Offer.POST /api/offers/:id/decline— Decline an Offer.POST /api/offers/:id/counter— Submit a counter-offer.
New
Sales
GET /api/sales— List Sales with date-range and platform filters.GET /api/sales/:id— Fetch a single Sale with full Listing and InventoryItem context.PUT /api/sales/:id— Update shipping or notes on a Sale.
New
Analytics
GET /api/analytics/summary— Aggregated revenue, sell-through rate, and top-performing platforms over a given period.GET /api/analytics/platform— Per-platform breakdown of Sales and active Listings.GET /api/analytics/price-history/:itemId— PriceHistory series for an InventoryItem.
New
Automations
GET /api/automations— List configured Automations (closet share, follow-back, offer rules).POST /api/automations— Create an Automation.PUT /api/automations/:id— Update an Automation's schedule or rule set.DELETE /api/automations/:id— Remove an Automation.POST /api/automations/:id/run— Manually trigger an Automation run.
New
AI Features
POST /api/ai/generate-listing— Generate a platform-optimised listing title and description from an InventoryItem (backed by Anthropic Claude).POST /api/ai/price-suggestion— Return a price suggestion based on PriceHistory and comparable sales.POST /api/ai/tag-image— Analyse an ImageAsset and return suggested tags and condition notes.POST /api/ai/chat— Vault Buddy conversational assistant (streaming SSE response).
New
Platform OAuth
GET /api/platforms— List connected Platform integrations and their OAuth status.GET /api/oauth/:platform/start— Initiate OAuth 2.0 flow for a marketplace (eBay, Etsy, Shopify, Poshmark, Mercari).GET /api/oauth/:platform/callback— OAuth callback handler — do not call directly.DELETE /api/platforms/:platform— Disconnect a Platform integration and revoke stored OAuth tokens.
New
Image Bank
POST /api/images/upload— Upload an ImageAsset (multipart/form-data, max 10 MB).GET /api/images— List ImageAssets for the authenticated user.DELETE /api/images/:id— Delete an ImageAsset and remove from associated InventoryItems.
New
Infrastructure
GET /api/health— Health check endpoint (unauthenticated). Returns{"status":"ok"}when the server and database are available.POST /api/csp-report— CSP violation reporting endpoint (production only).- All responses include
X-API-VersionandX-Request-IDheaders. - Rate limiting is applied to all auth and AI endpoints. Limits are communicated via
RateLimit-RemainingandRateLimit-Resetresponse headers.