API
The authenticated app calls the Go API with Clerk session tokens.
Public API shape
Section titled “Public API shape”| Route | Purpose |
|---|---|
/rpc/* | ConnectRPC services |
/webhooks/* | Stripe and Clerk webhooks |
/downloads/* | Short-lived signed artifact downloads |
/healthz | Service health |
/readyz | Service and database readiness |
Authorization contract
Section titled “Authorization contract”The API verifies Clerk-issued tokens and authorizes each request against Message Science customer, group, and admin records. Route protection in the app is not a substitute for API authorization.
Access and onboarding status
Section titled “Access and onboarding status”Mounted RPCs support admin-assisted setup: admin/customer/group invitations, accepted-invite membership writes, customer records, groups/sub-accounts, billing-mode changes, and group-scoped direct-pay users.
AccessService covers invitation list/create/resend/revoke/accept, customer and group user lists, customer role changes/removal, and customer type conversion. CustomerService.SelfServeSignup covers direct customer self-serve signup with Stripe customer creation and zero-float billing setup. BillingService.CreatePortalSession gives customers an on-demand Stripe Billing Portal URL for billing profile and payment method edits.