API Reference

The base URL for all production API requests is https://api.getpostcard.app/v1.

Authentication

All protected endpoints require an Authorization: Bearer <token> header.

• For Mobile: Use the Auth0 Access Token.
• For Admin: The Cloudflare Access token can be passed via Cf-Access-Jwt-Assertion.

Core Endpoints

Auth

• POST /auth/verify: Validates a token and returns the user profile.
• POST /auth/register: Creates a new user profile.

Users

• GET /users/me: Current user profile.
• GET /users/:public_id: Public profile of another user.
• POST /users/lookup-by-phone-hash: Find friends by contact list.

Posts

• GET /posts/feed: Paginated friend activity feed.
• POST /posts: Create a new post.
• DELETE /posts/:id: Remove a post.

Admin (Internal)

• GET /admin/stats: System-wide metrics.
• GET /admin/users: Search and list all users.
• POST /admin/users/:id/ban: Toggle user access.