API Reference¶

Comprehensive documentation of all Subscribe Flow API endpoints.

Interactive Documentation¶

Base URL¶

Authentication¶

Subscribe Flow supports dual authentication: API key OR session cookie. Every /api/v1/* endpoint accepts either method.

API Key (Programmatic Access)¶

All admin endpoints (/api/v1/*) accept API key authentication:

1
2

curl -X GET "http://localhost:8000/api/v1/subscribers" \
  -H "X-API-Key: sf_live_your_api_key"

API keys are organization-scoped. Each key belongs to exactly one organization.

Scopes:

Session Cookie (Dashboard Access)¶

Dashboard users authenticate via magic link, which sets an HTTP-only sf_session cookie. Organization context is provided via the X-Organization-Id header:

1
2
3

curl -X GET "http://localhost:8000/api/v1/subscribers" \
  -H "X-Organization-Id: 550e8400-e29b-41d4-a716-446655440000" \
  -b "sf_session=eyJhbGciOi..."

Token (Preference Center)¶

Preference Center endpoints use JWT tokens as query parameters:

1

curl "http://localhost:8000/preference-center?token=eyJhbGciOi..."

Auth API¶

Endpoints for magic link login, session management, and organization management. These endpoints do not require API key auth.

Request Magic Link¶

1

POST /auth/magic-link

Request Body:

1
2
3

{
  "email": "user@example.com"
}

Response (200 OK):

1
2
3

{
  "message": "If the email exists, a magic link has been sent."
}

Verify Magic Link¶

Verifies the token and sets an HTTP-only session cookie (sf_session, 7 days).

1

GET /auth/verify?token={magic_link_token}

Response (200 OK):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

{
  "user_id": "550e8400-e29b-41d4-a716-446655440000",
  "email": "user@example.com",
  "has_organizations": true,
  "organizations": [
    {
      "id": "660e8400-e29b-41d4-a716-446655440000",
      "name": "My Company",
      "slug": "my-company",
      "role": "owner"
    }
  ]
}

Errors:

Create Organization¶

Requires session auth (cookie). The calling user becomes the owner.

1

POST /auth/organizations

Request Body:

1
2
3
4

{
  "name": "My Company",
  "slug": "my-company"
}

Response (200 OK):

1
2
3
4
5

{
  "id": "660e8400-e29b-41d4-a716-446655440000",
  "name": "My Company",
  "slug": "my-company"
}

List Organizations¶

Requires session auth. Returns all organizations the current user belongs to.

1

GET /auth/organizations

Response (200 OK):

1
2
3
4
5
6
7
8

[
  {
    "id": "660e8400-e29b-41d4-a716-446655440000",
    "name": "My Company",
    "slug": "my-company",
    "role": "owner"
  }
]

Logout¶

Clears the session cookie.

1

POST /auth/logout

Response (200 OK):

1
2
3

{
  "message": "Logged out successfully."
}

Subscribers API¶

Create Subscriber¶

Creates a new subscriber with optional tag subscriptions.

1

POST /api/v1/subscribers

Auth: API Key or Session

Request Body:

1
2
3
4
5
6
7
8

{
  "email": "user@example.com",
  "tags": ["3fa85f64-5717-4562-b3fc-2c963f66afa6"],
  "metadata": {
    "source": "website",
    "campaign": "summer-2026"
  }
}

Response (201 Created):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "email": "user@example.com",
  "status": "active",
  "tags": [
    {
      "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "name": "Product Updates",
      "slug": "product-updates"
    }
  ],
  "metadata": {
    "source": "website",
    "campaign": "summer-2026"
  },
  "created_at": "2026-02-03T10:30:00Z",
  "updated_at": "2026-02-03T10:30:00Z"
}

Errors:

List Subscribers¶

Lists subscribers with pagination and filtering.

1

GET /api/v1/subscribers

Auth: API Key or Session

Query Parameters:

Response (200 OK):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

{
  "items": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "email": "user@example.com",
      "status": "active",
      "tags": [],
      "created_at": "2026-02-03T10:30:00Z",
      "updated_at": "2026-02-03T10:30:00Z"
    }
  ],
  "total": 1234,
  "next_cursor": "eyJpZCI6IjU1MGU4NDAwLi4uIn0="
}

Response Headers:

Get Subscriber¶

1

GET /api/v1/subscribers/{subscriber_id}

Auth: API Key or Session

Get Subscriber by Email¶

1

GET /api/v1/subscribers/by-email/{email}

Auth: API Key or Session

Update Subscriber¶

1

PUT /api/v1/subscribers/{subscriber_id}

Auth: API Key or Session

Request Body:

1
2
3
4
5
6

{
  "metadata": {
    "plan": "premium"
  },
  "status": "unsubscribed"
}

Response (200 OK): Updated subscriber

Delete Subscriber¶

Permanently deletes a subscriber.

1

DELETE /api/v1/subscribers/{subscriber_id}

Auth: API Key or Session

Response: 204 No Content

Manage Subscriber Tags¶

Add Tags¶

1

POST /api/v1/subscribers/{subscriber_id}/tags

Auth: API Key or Session

Request Body:

1
2
3

{
  "tag_ids": ["3fa85f64-5717-4562-b3fc-2c963f66afa6"]
}

Remove Tag¶

1

DELETE /api/v1/subscribers/{subscriber_id}/tags/{tag_id}

Auth: API Key or Session

Get Subscriber Tags¶

1

GET /api/v1/subscribers/{subscriber_id}/tags

Auth: API Key or Session

Tags API¶

Create Tag¶

1

POST /api/v1/tags

Auth: API Key or Session

Request Body:

1
2
3
4
5
6
7
8

{
  "name": "Product Updates",
  "slug": "product-updates",
  "description": "Receive notifications about new features",
  "metadata": {
    "category": "product"
  }
}

Response (201 Created):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "name": "Product Updates",
  "slug": "product-updates",
  "description": "Receive notifications about new features",
  "metadata": {
    "category": "product"
  },
  "subscriber_count": 0,
  "created_at": "2026-02-03T10:30:00Z",
  "updated_at": "2026-02-03T10:30:00Z"
}

List Tags¶

1

GET /api/v1/tags

Auth: API Key or Session

Query Parameters:

Get Tag¶

1

GET /api/v1/tags/{tag_id}

Auth: API Key or Session

Get Tag by Name¶

1

GET /api/v1/tags/by-name/{name}

Auth: API Key or Session

Update Tag¶

1

PUT /api/v1/tags/{tag_id}

Auth: API Key or Session

Request Body:

1
2
3
4

{
  "name": "New Name",
  "description": "New description"
}

Delete Tag¶

1

DELETE /api/v1/tags/{tag_id}

Auth: API Key or Session

Response: 204 No Content

Templates API¶

Create Template¶

1

POST /api/v1/templates

Auth: API Key or Session

List Templates¶

1

GET /api/v1/templates

Auth: API Key or Session

Get Template¶

1

GET /api/v1/templates/{template_id}

Auth: API Key or Session

Update Template¶

1

PUT /api/v1/templates/{template_id}

Auth: API Key or Session

Delete Template¶

1

DELETE /api/v1/templates/{template_id}

Auth: API Key or Session

Preview Template¶

1

POST /api/v1/templates/{template_id}/preview

Auth: API Key or Session

Emails API¶

Send Email¶

1

POST /api/v1/emails/send

Auth: API Key or Session

Errors:

Campaigns API¶

Create Campaign¶

1

POST /api/v1/campaigns

Auth: API Key or Session

List Campaigns¶

1

GET /api/v1/campaigns

Auth: API Key or Session

Get Campaign¶

1

GET /api/v1/campaigns/{campaign_id}

Auth: API Key or Session

Update Campaign¶

1

PUT /api/v1/campaigns/{campaign_id}

Auth: API Key or Session

Send Campaign¶

1

POST /api/v1/campaigns/{campaign_id}/send

Auth: API Key or Session

Cancel Campaign¶

1

POST /api/v1/campaigns/{campaign_id}/cancel

Auth: API Key or Session

Retry Campaign¶

1

POST /api/v1/campaigns/{campaign_id}/retry

Auth: API Key or Session

Duplicate Campaign¶

1

POST /api/v1/campaigns/{campaign_id}/duplicate

Auth: API Key or Session

Count Campaign Recipients¶

1

POST /api/v1/campaigns/{campaign_id}/count-recipients

Auth: API Key or Session

Email Triggers API¶

Create Trigger¶

1

POST /api/v1/email-triggers

Auth: API Key or Session

List Triggers¶

1

GET /api/v1/email-triggers

Auth: API Key or Session

Get Trigger¶

1

GET /api/v1/email-triggers/{trigger_id}

Auth: API Key or Session

Update Trigger¶

1

PUT /api/v1/email-triggers/{trigger_id}

Auth: API Key or Session

Delete Trigger¶

1

DELETE /api/v1/email-triggers/{trigger_id}

Auth: API Key or Session

Outgoing Webhooks API¶

Create Webhook Endpoint¶

1

POST /api/v1/webhooks

Auth: API Key or Session

Request Body:

1
2
3
4
5
6
7
8
9

{
  "url": "https://your-app.com/webhooks/subscribeflow",
  "events": [
    "subscriber.created",
    "subscriber.updated",
    "tag.subscribed"
  ],
  "description": "Main production webhook"
}

Response (201 Created):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

{
  "id": "8fa85f64-5717-4562-b3fc-2c963f66afa6",
  "url": "https://your-app.com/webhooks/subscribeflow",
  "events": ["subscriber.created", "subscriber.updated", "tag.subscribed"],
  "description": "Main production webhook",
  "status": "active",
  "signing_secret": "whsec_abc123...",
  "created_at": "2026-02-03T10:30:00Z",
  "updated_at": "2026-02-03T10:30:00Z"
}

Available Events:

List Webhooks¶

1

GET /api/v1/webhooks

Auth: API Key or Session

Get Webhook¶

1

GET /api/v1/webhooks/{webhook_id}

Auth: API Key or Session

Update Webhook¶

1

PUT /api/v1/webhooks/{webhook_id}

Auth: API Key or Session

Delete Webhook¶

1

DELETE /api/v1/webhooks/{webhook_id}

Auth: API Key or Session

Test Webhook¶

Sends a test event to the webhook endpoint.

1

POST /api/v1/webhooks/{webhook_id}/test

Auth: API Key or Session

Response (200 OK):

1
2
3
4
5

{
  "success": true,
  "status_code": 200,
  "response_time_ms": 145
}

Regenerate Webhook Secret¶

1

POST /api/v1/webhooks/{webhook_id}/regenerate-secret

Auth: API Key or Session

List Webhook Deliveries¶

1

GET /api/v1/webhooks/{webhook_id}/deliveries

Auth: API Key or Session

Retry Webhook Delivery¶

1

POST /api/v1/webhooks/{webhook_id}/deliveries/{delivery_id}/retry

Auth: API Key or Session

Get Webhook Stats¶

1

GET /api/v1/webhooks/{webhook_id}/stats

Auth: API Key or Session

Get Global Webhook Stats¶

1

GET /api/v1/webhooks/stats/global

Auth: API Key or Session

List Webhook Event Types¶

1

GET /api/v1/webhooks/event-types

Auth: API Key or Session

Subscriber Notes API¶

Create Note¶

1

POST /api/v1/subscribers/{subscriber_id}/notes

Auth: API Key or Session

List Notes¶

1

GET /api/v1/subscribers/{subscriber_id}/notes

Auth: API Key or Session

Get Note¶

1

GET /api/v1/subscribers/{subscriber_id}/notes/{note_id}

Auth: API Key or Session

Update Note¶

1

PUT /api/v1/subscribers/{subscriber_id}/notes/{note_id}

Auth: API Key or Session

Delete Note¶

1

DELETE /api/v1/subscribers/{subscriber_id}/notes/{note_id}

Auth: API Key or Session

API Keys API¶

List Available Scopes¶

1

GET /api/v1/api-keys/scopes

Auth: API Key or Session

Create API Key¶

1

POST /api/v1/api-keys

Auth: API Key or Session

Request Body:

1
2
3
4

{
  "name": "Production Backend",
  "scopes": ["subscribers:read", "subscribers:write", "tags:read"]
}

Response (201 Created):

1
2
3
4
5
6
7

{
  "id": "9fa85f64-5717-4562-b3fc-2c963f66afa6",
  "name": "Production Backend",
  "key": "sf_live_abc123xyz...",
  "scopes": ["subscribers:read", "subscribers:write", "tags:read"],
  "created_at": "2026-02-03T10:30:00Z"
}

List API Keys¶

1

GET /api/v1/api-keys

Auth: API Key or Session

Get API Key¶

1

GET /api/v1/api-keys/{api_key_id}

Auth: API Key or Session

Update API Key¶

1

PATCH /api/v1/api-keys/{api_key_id}

Auth: API Key or Session

Rotate API Key¶

1

POST /api/v1/api-keys/{api_key_id}/rotate

Auth: API Key or Session

Delete API Key¶

1

DELETE /api/v1/api-keys/{api_key_id}

Auth: API Key or Session

Preference Center API¶

Public endpoints for subscriber self-service. These endpoints use token-based authentication (JWT in query parameter).

Get Preferences¶

1

GET /preference-center?token={jwt_token}

Response:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

{
  "email": "user@example.com",
  "subscribed_tags": [
    {
      "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "name": "Product Updates",
      "slug": "product-updates",
      "description": "Receive notifications about new features",
      "subscribed": true,
      "subscribed_at": "2026-01-15T10:30:00Z"
    }
  ],
  "available_tags": [
    {
      "id": "7ca85f64-5717-4562-b3fc-2c963f66afa9",
      "name": "Weekly Digest",
      "slug": "weekly-digest",
      "description": "Weekly summary",
      "subscribed": false
    }
  ]
}

Subscribe to Tag¶

1

PUT /preference-center/tags/{tag_id}?token={jwt_token}

Unsubscribe from Tag¶

1

DELETE /preference-center/tags/{tag_id}?token={jwt_token}

Request Data Export (GDPR)¶

1

GET /preference-center/data-export?token={jwt_token}

Request Account Deletion (GDPR)¶

1

DELETE /preference-center/account?token={jwt_token}

Billing API¶

Endpoints for subscription management and Stripe integration.

Get Current Subscription¶

1

GET /api/v1/billing/subscription

Auth: API Key or Session (Owner only)

Response (200 OK):

1
2
3
4
5
6
7
8
9

{
  "tier": "starter",
  "status": "active",
  "current_period_end": "2026-03-03T00:00:00Z",
  "max_subscribers": 5000,
  "max_emails_per_month": 10000,
  "emails_sent_this_month": 1234,
  "subscriber_count": 450
}

Create Checkout Session¶

Creates a Stripe Checkout session for upgrading the subscription.

1

POST /api/v1/billing/create-checkout-session

Auth: API Key or Session (Owner only)

Request Body:

1
2
3

{
  "price_id": "price_xxx"
}

Response (200 OK):

1
2
3

{
  "checkout_url": "https://checkout.stripe.com/..."
}

Customer Portal¶

Opens the Stripe Customer Portal for managing payment methods and invoices.

1

POST /api/v1/billing/customer-portal

Auth: API Key or Session (Owner only)

Response (200 OK):

1
2
3

{
  "portal_url": "https://billing.stripe.com/..."
}

Sync Subscription¶

Manually syncs the subscription status from Stripe.

1

POST /api/v1/billing/sync-subscription

Auth: API Key or Session (Owner only)

Email Settings API¶

Endpoints for managing organization email sending configuration.

Get Email Settings¶

1

GET /api/v1/settings/email

Auth: API Key or Session

Response (200 OK):

1
2
3
4
5
6
7
8
9

{
  "from_name": "My Company",
  "from_address": "noreply@mycompany.com",
  "effective_from": "My Company <noreply@mycompany.com>",
  "is_custom_domain": true,
  "custom_domain": "mycompany.com",
  "custom_domain_status": "verified",
  "can_add_custom_domain": false
}

Update Email Settings¶

Update from_name (all tiers) or from_address (requires verified custom domain).

1

PUT /api/v1/settings/email

Auth: API Key or Session

Request Body:

1
2
3
4

{
  "from_name": "My Company",
  "from_address": "noreply@mycompany.com"
}

Add Custom Domain¶

Start domain verification via Resend API. Professional tier only.

1

POST /api/v1/settings/email/domain

Auth: API Key or Session

Request Body:

1
2
3

{
  "domain": "mycompany.com"
}

Response (201 Created):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

{
  "domain": "mycompany.com",
  "status": "pending",
  "dns_records": [
    {
      "type": "TXT",
      "name": "_resend.mycompany.com",
      "value": "v=spf1 ..."
    }
  ]
}

Check Domain Verification¶

1

GET /api/v1/settings/email/domain

Auth: API Key or Session

Remove Custom Domain¶

1

DELETE /api/v1/settings/email/domain

Auth: API Key or Session

Response: 204 No Content

Platform Admin API¶

Endpoints for platform-level administration. Only accessible by organizations with is_platform_admin = true (currently only Talent Factory GmbH).

All endpoints require the RequirePlatformAdmin dependency, which verifies the requesting organization has platform admin privileges.

List Organizations¶

1

GET /api/v1/admin/organizations

Auth: API Key or Session (Platform Admin only)

Get Organization¶

1

GET /api/v1/admin/organizations/{organization_id}

Auth: API Key or Session (Platform Admin only)

Update Organization¶

1

PATCH /api/v1/admin/organizations/{organization_id}

Auth: API Key or Session (Platform Admin only)

Delete Organization¶

1

DELETE /api/v1/admin/organizations/{organization_id}

Auth: API Key or Session (Platform Admin only)

List Users¶

1

GET /api/v1/admin/users

Auth: API Key or Session (Platform Admin only)

Get User¶

1

GET /api/v1/admin/users/{user_id}

Auth: API Key or Session (Platform Admin only)

List Members of Organization¶

1

GET /api/v1/admin/organizations/{organization_id}/members

Auth: API Key or Session (Platform Admin only)

Add Member to Organization¶

1

POST /api/v1/admin/organizations/{organization_id}/members

Auth: API Key or Session (Platform Admin only)

Remove Member from Organization¶

1

DELETE /api/v1/admin/organizations/{organization_id}/members/{user_id}

Auth: API Key or Session (Platform Admin only)

Incoming Webhooks¶

Resend Webhook¶

Receives webhook events from Resend (contact and email events).

1

POST /webhooks/resend

Auth: HMAC SHA-256 signature (X-Resend-Signature header)

No API key required. Signature-verified only.

Stripe Webhook¶

Receives webhook events from Stripe (checkout, subscription, payment events).

1

POST /webhooks/stripe

Auth: Stripe webhook signature

No API key required. Signature-verified only.

Health Endpoints¶

Basic Health Check¶

1

GET /health

Response (200 OK):

1
2
3

{
  "status": "healthy"
}

Readiness Check¶

Checks database connection and Redis.

1

GET /ready

Response (200 OK):

1
2
3
4
5
6
7

{
  "status": "ready",
  "checks": {
    "database": "ok",
    "redis": "ok"
  }
}

Error Responses¶

All errors follow the RFC 7807 Problem Details format:

1
2
3
4
5
6
7

{
  "type": "https://subscribeflow.net/errors/not_found",
  "title": "Resource Not Found",
  "status": 404,
  "detail": "Subscriber with ID '550e8400...' not found",
  "instance": "/api/v1/subscribers/550e8400..."
}

See Error Codes Reference for the complete list.

SDKs¶

Python¶

1
2
3
4
5
6
7

from subscribeflow import SubscribeFlowClient

async with SubscribeFlowClient(api_key="sf_live_xxx") as client:
    subscriber = await client.subscribers.create(
        email="user@example.com",
        tags=["product-updates"],
    )

TypeScript¶

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

import { SubscribeFlowClient } from '@subscribeflow/sdk';

const client = new SubscribeFlowClient({
  apiKey: 'sf_live_xxx',
});

const subscriber = await client.subscribers.create({
  email: 'user@example.com',
  tags: ['product-updates'],
});

See SDK Setup Guide for details.

Further Reading¶

• Authentication Guide
• Error Codes Reference
• Webhook Integration
• SDK Setup Guide