{"info":{"name":"UnifyOne — REST API","description":"Auto-generated Postman collection for UnifyOne / 1commerce.online. Set the {{base_url}} environment variable to https://1commerce.online (or http://localhost:3000 for dev), and {{api_key}} to a uo_live_*** / uo_test_*** key generated from Settings -> Developer.","schema":"https://schema.getpostman.com/json/collection/v2.1.0/collection.json","_postman_id":"ee06aa3e-4d40-4b48-8e9f-b1a8a8a8a8a8"},"item":[{"name":"Health & Status","description":"Public introspection endpoints.","item":[{"name":"GET /api/health","request":{"method":"GET","header":[],"url":{"raw":"{{base_url}}/api/health","host":["{{base_url}}"],"path":["api","health"]},"description":"Returns dependency-pinged health (db / stripe / resend / redis) plus version + env. Public."}}]},{"name":"Auth","description":"Email + scrypt password auth. Sets the app_session_id cookie on success.","item":[{"name":"POST /api/auth/signup","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"}],"url":{"raw":"{{base_url}}/api/auth/signup","host":["{{base_url}}"],"path":["api","auth","signup"]},"body":{"mode":"raw","raw":"{\n  \"email\": \"you@example.com\",\n  \"password\": \"minimum-8-chars\",\n  \"name\": \"Your Name\"\n}","options":{"raw":{"language":"json"}}}}},{"name":"POST /api/auth/signin","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"}],"url":{"raw":"{{base_url}}/api/auth/signin","host":["{{base_url}}"],"path":["api","auth","signin"]},"body":{"mode":"raw","raw":"{\n  \"identifier\": \"you@example.com\",\n  \"password\": \"yyyyyyyy\"\n}","options":{"raw":{"language":"json"}}}}},{"name":"POST /api/auth/logout","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"}],"url":{"raw":"{{base_url}}/api/auth/logout","host":["{{base_url}}"],"path":["api","auth","logout"]}}},{"name":"POST /api/auth/delete-account","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"}],"url":{"raw":"{{base_url}}/api/auth/delete-account","host":["{{base_url}}"],"path":["api","auth","delete-account"]},"body":{"mode":"raw","raw":"{\n  \"confirmEmail\": \"you@example.com\",\n  \"currentPassword\": \"yyyyyyyy\"\n}","options":{"raw":{"language":"json"}}},"description":"GDPR Article 17 / CCPA right-to-delete. Requires email + password confirmation. Sets users.deletedAt and bumps passwordChangedAt to invalidate sessions."}}]},{"name":"Payments","description":"Stripe / PayPal / Square checkout creation + webhooks. Webhooks are receiver-only.","item":[{"name":"POST /api/stripe/checkout","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Authorization","value":"Bearer {{api_key}}","type":"text","description":"uo_live_*** or uo_test_*** API key. Generate from Settings -> Developer."}],"url":{"raw":"{{base_url}}/api/stripe/checkout","host":["{{base_url}}"],"path":["api","stripe","checkout"]},"body":{"mode":"raw","raw":"{\n  \"planSlug\": \"pro\",\n  \"billingCycle\": \"monthly\"\n}","options":{"raw":{"language":"json"}}}}},{"name":"POST /api/stripe/webhook (receiver)","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Stripe-Signature","value":"<provided by Stripe>","type":"text"}],"url":{"raw":"{{base_url}}/api/stripe/webhook","host":["{{base_url}}"],"path":["api","stripe","webhook"]},"description":"Stripe webhook receiver. Verifies signature against STRIPE_WEBHOOK_SECRET. Idempotent on stripe_webhook_events.event_id."}},{"name":"POST /api/paypal/create-order","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Authorization","value":"Bearer {{api_key}}","type":"text","description":"uo_live_*** or uo_test_*** API key. Generate from Settings -> Developer."}],"url":{"raw":"{{base_url}}/api/paypal/create-order","host":["{{base_url}}"],"path":["api","paypal","create-order"]},"body":{"mode":"raw","raw":"{\n  \"amount\": 19.99,\n  \"currency\": \"USD\",\n  \"description\": \"UnifyOne credits\",\n  \"returnUrl\": \"{{base_url}}/checkout/success\",\n  \"cancelUrl\": \"{{base_url}}/checkout/cancel\"\n}","options":{"raw":{"language":"json"}}}}},{"name":"POST /api/paypal/capture-order","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Authorization","value":"Bearer {{api_key}}","type":"text","description":"uo_live_*** or uo_test_*** API key. Generate from Settings -> Developer."}],"url":{"raw":"{{base_url}}/api/paypal/capture-order","host":["{{base_url}}"],"path":["api","paypal","capture-order"]},"body":{"mode":"raw","raw":"{\n  \"paypalOrderId\": \"EC-...\"\n}","options":{"raw":{"language":"json"}}}}},{"name":"POST /api/paypal/webhook (receiver)","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"PAYPAL-TRANSMISSION-ID","value":"<provided by PayPal>","type":"text"}],"url":{"raw":"{{base_url}}/api/paypal/webhook","host":["{{base_url}}"],"path":["api","paypal","webhook"]},"description":"PayPal webhook receiver. Verifies via PayPal's verify-webhook-signature endpoint with PAYPAL_WEBHOOK_ID env var."}},{"name":"POST /api/square/create-checkout","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Authorization","value":"Bearer {{api_key}}","type":"text","description":"uo_live_*** or uo_test_*** API key. Generate from Settings -> Developer."}],"url":{"raw":"{{base_url}}/api/square/create-checkout","host":["{{base_url}}"],"path":["api","square","create-checkout"]},"body":{"mode":"raw","raw":"{\n  \"amountMinor\": 1999,\n  \"currency\": \"USD\"\n}","options":{"raw":{"language":"json"}}}}},{"name":"POST /api/square/webhook (receiver)","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"x-square-hmacsha256-signature","value":"<provided by Square>","type":"text"}],"url":{"raw":"{{base_url}}/api/square/webhook","host":["{{base_url}}"],"path":["api","square","webhook"]},"description":"Square webhook receiver. HMAC-SHA256 over (notification_url + raw body)."}}]},{"name":"Shopify","description":"OAuth install + webhook receiver. Mounted via /api/shopify/* (CR4).","item":[{"name":"GET /api/shopify/install?shop=...","request":{"method":"GET","header":[],"url":{"raw":"{{base_url}}/api/shopify/install?shop=yourstore.myshopify.com","host":["{{base_url}}"],"path":["api","shopify","install"],"query":[{"key":"shop","value":"yourstore.myshopify.com"}]},"description":"OAuth init. Redirects to Shopify with state cookie set."}},{"name":"POST /api/shopify/webhook (receiver)","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"X-Shopify-Hmac-Sha256","value":"<provided by Shopify>","type":"text"},{"key":"X-Shopify-Topic","value":"orders/create","type":"text"},{"key":"X-Shopify-Shop-Domain","value":"yourstore.myshopify.com","type":"text"}],"url":{"raw":"{{base_url}}/api/shopify/webhook","host":["{{base_url}}"],"path":["api","shopify","webhook"]},"description":"Shopify webhook receiver. HMAC-SHA256 base64 timing-safe compare against SHOPIFY_API_SECRET. Topic-to-entity map covers orders, products, customers, inventory, fulfillments."}}]},{"name":"Uploads","description":"Image storage via Netlify Blobs.","item":[{"name":"POST /api/uploads/image","request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{api_key}}","type":"text","description":"uo_live_*** or uo_test_*** API key. Generate from Settings -> Developer."}],"url":{"raw":"{{base_url}}/api/uploads/image","host":["{{base_url}}"],"path":["api","uploads","image"]},"body":{"mode":"formdata","formdata":[{"key":"file","type":"file"}]},"description":"Multipart form data with a 'file' field. image/* only, max 5MB. Returns { url, key }."}},{"name":"GET /api/uploads/image/:key","request":{"method":"GET","header":[],"url":{"raw":"{{base_url}}/api/uploads/image/:key","host":["{{base_url}}"],"path":["api","uploads","image",":key"]},"description":"Re-serves a stored blob. Cache-Control: immutable, max-age=1y."}}]},{"name":"Affiliate Tracking","description":"Impact.com S2S click capture + conversion fire.","item":[{"name":"GET /api/impact/click","request":{"method":"GET","header":[],"url":{"raw":"{{base_url}}/api/impact/click?im_click_id=abc123","host":["{{base_url}}"],"path":["api","impact","click"],"query":[{"key":"im_click_id","value":"abc123"}]},"description":"Public click capture. Sets im_click_id cookie."}}]},{"name":"Admin","description":"Admin-key gated operational endpoints. Set ADMIN_API_KEY env var on Netlify and pass via x-admin-key header.","item":[{"name":"POST /api/admin/recover-subscription","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"x-admin-key","value":"{{admin_api_key}}","type":"text","description":"Server-side ADMIN_API_KEY env var. Required for /api/admin/*."}],"url":{"raw":"{{base_url}}/api/admin/recover-subscription","host":["{{base_url}}"],"path":["api","admin","recover-subscription"]},"body":{"mode":"raw","raw":"{\n  \"tenantId\": 0,\n  \"stripeCustomerId\": \"cus_...\"\n}","options":{"raw":{"language":"json"}}}}},{"name":"POST /api/admin/setup-products","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"x-admin-key","value":"{{admin_api_key}}","type":"text","description":"Server-side ADMIN_API_KEY env var. Required for /api/admin/*."}],"url":{"raw":"{{base_url}}/api/admin/setup-products","host":["{{base_url}}"],"path":["api","admin","setup-products"]}}}]},{"name":"tRPC","description":"All tRPC procedures hang off /api/trpc/<router>.<procedure>. Use the typed client from packages/api in TypeScript projects rather than calling raw — Postman is awkward with tRPC's batched/superjson envelope. This single example shows the shape if you must.","item":[{"name":"POST /api/trpc/customers.create (example)","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Authorization","value":"Bearer {{api_key}}","type":"text","description":"uo_live_*** or uo_test_*** API key. Generate from Settings -> Developer."}],"url":{"raw":"{{base_url}}/api/trpc/customers.create?batch=1","host":["{{base_url}}"],"path":["api","trpc","customers.create"],"query":[{"key":"batch","value":"1"}]},"body":{"mode":"raw","raw":"{\n  \"0\": {\n    \"json\": {\n      \"email\": \"customer@example.com\",\n      \"firstName\": \"Jane\"\n    }\n  }\n}","options":{"raw":{"language":"json"}}},"description":"tRPC HTTP envelope: keys are batch indices ('0', '1', ...), value is { json: <input> } (or { json, meta } for superjson types like Date / BigInt)."}}]}],"variable":[{"key":"base_url","value":"https://1commerce.online","description":"https://1commerce.online for production, http://localhost:3000 for local Express, http://localhost:8888 for local netlify dev."},{"key":"api_key","value":"","description":"uo_live_*** or uo_test_*** — generate from /settings/developer."},{"key":"admin_api_key","value":"","description":"Server-side ADMIN_API_KEY env value — only required for /api/admin/* routes."}]}