Skip to main content
parlance — home

REST API

The parlance REST API lets you drive the platform programmatically — create workspaces and projects, manage contracts and glossaries, and run audits — from your own services and CI.

This page is an overview. It covers the base URL, how to authenticate and how the API fits into the wider toolchain.

Base URL

All requests go to:

https://api.parlance.business

The API is a service in its own right (built on Next.js and Supabase) and is versioned and deployed independently of the web app.

Authentication

The API authenticates with API keys. You create and manage keys in the app under Account → API keys (/account/api-keys).

  • Generate a key, then copy it once — it is shown in full only at creation time.
  • Send the key as a Bearer token in the Authorization header on every request.
  • Treat keys as secrets: keep them in environment variables or a secrets manager, never in client-side code or version control.
  • Revoke a key from /account/api-keys the moment it may have been exposed; revocation takes effect immediately.

For the full picture of how accounts and sign-in work, see authentication.

An illustrative request

The example below is illustrative — it shows the shape of a call, not a literal endpoint reference. Replace <api-key> with a key from /account/api-keys.

curl https://api.parlance.business/v1/audits \
  -H "Authorization: Bearer <api-key>" \
  -H "Content-Type: application/json"

Requests are JSON in and JSON out. A missing or invalid key returns an explicit authentication error rather than failing silently.

Versioning and stability

  • The API is versioned via a path prefix (for example /v1), so a given version stays stable as the platform evolves.
  • Breaking changes ship under a new version; we avoid breaking a published version in place.
  • Treat anything not yet documented as unstable and subject to change.

How it fits together

The REST API is the foundation of the rest of the toolchain:

  • The client SDK is a typed TypeScript wrapper over this API.
  • Every extension — for Figma, the browser, VS Code, Xcode, native apps and the MCP server — talks to the platform through that SDK, and therefore through this API.

Whether you call the API directly or through the SDK, you authenticate the same way: an API key from /account/api-keys, sent as a Bearer token.