API
The authenticated app calls the Go API with Clerk session tokens.
Public API shape
Section titled “Public API shape”| Route | Purpose |
|---|---|
/rpc/* | ConnectRPC services |
/webhooks/* | Stripe and Clerk webhooks |
/downloads/* | Short-lived signed artifact downloads |
/healthz | Service health |
/readyz | Service and database readiness |
Authorization contract
Section titled “Authorization contract”The API verifies Clerk-issued tokens and authorizes each request against Message Science customer, group, and admin records. Route protection in the app is not a substitute for API authorization.