PMFKit
For engineers and contributors. User-facing documentation lives at /docs.

Public API (v1)

Programmatic access to run a PMF analysis and get the report as JSON.

Endpoint

POST /api/v1/analyze

Auth: API key via Authorization: Bearer <key> or header X-Api-Key: <key>.

Body:

{ "url": "https://example.com" }

Success (200):

{
  "runId": "uuid",
  "report": { ... },
  "executionLog": { ... }
}

Errors:

  • 400 — Missing or invalid URL (see validateUrl in operations.md).
  • 401 — Missing or invalid API key.
  • 402 — Analysis limit reached (monthly quota).
  • 429 — Rate limit exceeded (10 requests per minute per user).
  • 500 — Analysis failed (message in body).

Rate limits: 10 requests per minute per API key (user). Monthly quota same as web (5 free, then plan limits). Response header X-RateLimit-Remaining indicates remaining requests in the current minute.

Creating an API key

  1. Sign in to the app.
  2. POST /api/api-keys with session cookie (or same auth as the app).
    • Body (optional): { "name": "My key" }.
    • Response: { "id", "plainKey", "keyPrefix", "message" }.
  3. Store plainKey securely; it is not shown again. Use keyPrefix in the UI to identify the key (e.g. "pmf_abc12…").

Example

# Create a key (after signing in; use your session cookie or Supabase auth)
curl -X POST https://your-app.com/api/api-keys \
  -H "Content-Type: application/json" \
  -d '{"name":"CLI"}' \
  --cookie "sb-...=..."

# Run analysis
curl -X POST https://your-app.com/api/v1/analyze \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer pmf_xxxxxxxxxxxx" \
  -d '{"url":"https://example.com"}'