Documentation

Sign up and get your first org

Create an account, get your orgid, and generate an API key.

Five minutes from a fresh browser to a usable orgid and API key. You'll need an email address you can receive mail at — that's it.

Create an account

Open https://appmint.io/register and pick one of two paths:

  • Email + password — fill in name, email, password. AppMint sends a verification email; click the link.
  • Magic link — request a sign-in link from the same form. The link signs you in without a password and you can set one later from your profile.

The magic-link flow is backed by GET /magic-link?email=…&type=link and POST /magic-link/redirect. It's also available for staff (/user/magic-link) and as a 6-digit code (?type=code).

Sign-up provisions:

  • A User principal (your staff/admin account).
  • An Organization that owns everything you'll create.
  • A starter role assignment (typically RootAdmin for the first user in an org).

Find your orgid

After sign-in you land on the Appmint Studio admin. The orgid shows up in two places:

  • Settings → Organization in the admin UI. Copy the Org ID field.
  • The orgid cookie set by the admin on the same domain (visible in browser devtools under Application → Cookies).

Every API call to AppEngine sends this value as an orgid header. Without it you get a 400. With the wrong one you get an empty result — tenant boundaries are enforced server-side.

curl https://appengine.appmint.io/profile/whoami \
  -H "orgid: your-org-id" \
  -H "Authorization: Bearer <jwt>"

Generate an API key

API keys are long-lived credentials suited for server-to-server calls, build pipelines, and headless clients. Create one from Settings → API Keys → New API Key in the admin.

You name the key, pick scopes, and optionally set a rate limit and expiry. The same operation is available via API:

POST/api-key/createJWT
curl https://appengine.appmint.io/api-key/create \
  -H "orgid: your-org-id" \
  -H "Authorization: Bearer <jwt>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "build pipeline",
    "scopes": ["read", "write"],
    "rateLimit": { "requestsPerMinute": 60 }
  }'

The response includes the plaintext key once — copy it now, you can't read it again. Subsequent calls to GET /api-key/list and GET /api-key/:keyId show metadata only.

Treat keys like passwords

Keys grant full access within their scopes for as long as they live. Never commit a key to git, never paste one into a client-side bundle, and rotate via POST /api-key/regenerate/:keyId if a key leaks.

Use the key

Send the key as x-api-key instead of (or alongside) a JWT:

curl https://appengine.appmint.io/data/contact \
  -H "orgid: your-org-id" \
  -H "x-api-key: amk_..."

What you have now

  • An orgid — paste this into env files and config.
  • A JWT — short-lived, refresh via POST /user/refresh. Good for end-user sessions.
  • An API key — long-lived, good for servers and pipelines.

That's everything you need to make a real call. Continue to Hello World (Next.js) or Hello World (Mobile).