New: MCP server monitoring is live. Start free
Intello

Documentation

HTTP API overview

Most customers never read this page. The Intello web app calls this API for you. Use the sections below only if you’re building scripts, internal tools, or CI integrations.

Intello exposes a JSON HTTP API on your deployment host (e.g., https://api.useintello.com). Local development may proxy to http://localhost:8080 via NEXT_PUBLIC_API_URL.

Base path

Authenticated product routes live under /api/*.

Public routes include:

  • POST /auth/sync — bootstrap user/org records after Supabase login
  • GET /auth/invitations/:token — invitation preview
  • GET /public/providers — rate-limited provider catalog summary

Response envelope

Success:

{
  "data": { }
}

Success with auxiliary message:

{
  "data": [ ],
  "message": "optional human string"
}

Error:

{
  "error": {
    "code": "validation_error",
    "message": "human-readable summary",
    "field": "optional_field_key",
    "upgrade_url": "https://…"
  }
}

Never assume message strings are stable across versions—key off code.

HTTP status codes

StatusMeaning
200Success with body.
201Created (e.g., new dependency).
204Success without body (rare routes).
400Validation / malformed input (validation_error, bad_request).
401Missing/invalid JWT (unauthorized, token_expired).
403Authenticated but not permitted (forbidden).
404Resource not found within org scope (not_found).
409Conflict (duplicate resource, invalid state transition).
428User not synced—call POST /auth/sync (user_not_synced).
429Rate limited (rate_limit_exceeded).
402Payment required / plan gate (payment_required).
500Unexpected failure (internal_error)—retry with backoff.

Rate limiting

  • Authenticated /api/*: per-IP token bucket (high burst for interactive use).
  • Public /auth/*, /public/*: conservative per-IP limits—do not scrape.

Responses may include Retry-After headers—honor them in batch jobs.

CORS

Browser calls require an exact-origin allowlist configured server-side (ALLOWED_ORIGINS). Wildcards and null origins are rejected in production configurations.

Pagination conventions

List endpoints commonly accept limit and page query parameters with upper bounds (e.g., limit ≤ 200). Shapes may be:

  • Array-only data for small lists, or
  • Envelope objects with total, page, limit, total_pages for dashboard tables.

Inspect the specific route in your deployment when building SDKs.

Related topics

Catch OpenAPI breaking changes early

Add your spec—diffs and alerts on every sync. No credit card to start; upgrade for faster polling, Slack or Teams, and more seats.

Start monitoring freeCompare plans