Skip to main content
The full engineering changelog lives in the backend repo (backend/docs/api/CHANGELOG.md). This page mirrors the user-facing highlights. We follow Keep a Changelog and semantic-ish versioning — breaking changes always ship under a new URL prefix (/api/v2/*), and /api/v1/* stays live for at least 12 months after any major version bump.

Unreleased (v1.0.0-alpha)

The initial API surface. Everything below is new.

Endpoints

  • Self-service signupPOST /signup creates a workspace org and your first API key in one call (Firebase-authed).
  • Organization key managementPOST / GET / DELETE /organizations/{org_id}/api-keys.
  • IdentityGET /verify validates a key and returns org context.
  • PreflightPOST /preflight dry-runs a request through the LLM validator without spending credits.
  • File uploadsPOST /files for generic files.
  • Image uploadsPOST /images with tags/caption, plus full CRUD (GET /images, GET /images/{id}, DELETE /images/{id}).
  • Generation (natural language)POST /excel/generate, POST /word/generate, POST /slides/generate. Sync (default) or async: true. Resume via run_id.
  • Excel analysisPOST /excel/analyze returns a JSON answer against an uploaded workbook.
  • Slide outlinesPOST /slides/outline for preview-before-generate workflows.
  • TasksGET /tasks/{task_id} for async polling.
  • RunsGET /runs, GET /runs/{id}, GET /runs/{id}/download, POST /runs/{id}/export (PDF / CSV / PNG / etc.).
  • WebhooksPOST / GET / DELETE /webhooks for subscriptions, plus per-request webhook_url on generation endpoints.
  • Embedded editor — every completed run includes an edit_url your app can iframe.

Features

  • Sync and async modes on every generation endpoint — sync promotes to async automatically at the 300s ceiling.
  • Run resume semantics — pass run_id to iterate on the same document without re-explaining what it is.
  • Preflight LLM validator — rejects requests referencing missing assets before spending real credits.
  • HMAC-signed webhooks — SHA-256, replay-protection timestamp, 7 retry attempts with exponential backoff.
  • Credit ledger — every movement logged for audit.
  • Org-scoped tenancy — every resource lookup enforces (caller_org == resource_org) — no cross-tenant leaks.

Supported formats

  • Excel: .xlsx primary, exports to pdf / csv / png / html
  • Word: .docx primary, exports to pdf / html / txt / odt
  • Slides: .pptx primary, exports to pdf / png / odp

Current limitations

  • Personal vs. workspace key scoping — available via the dashboard key-creation flow; every key inherits the creator’s current workspace role.
  • Text and static visuals only — no audio or video generation.
  • Slides: max 30 slides per call. Larger decks should be built in chunks via run_id resume.
  • Webhooks fire on run.completed and run.failed only.

Versioning policy

  • URL-based: breaking changes land at /api/v2/*; /api/v1/* stays live for at least 12 months.
  • Additive changes (new endpoints, new optional fields, new enum values, new error codes) are always safe within v1.
  • Breaking changes require a deprecation window:
    • Announce here + email notice.
    • Response includes X-Deprecated: true and Sunset: <date> headers for 12+ months.
    • Removal only on the v2 boundary.

Follow releases