Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tattoo.dev/llms.txt

Use this file to discover all available pages before exploring further.

Current API Surface Map

TattooAPI is in a conservative public-read phase. The runtime has more route files than the promoted public surface, but only a small set should be treated as supported product API today.
This page is generated by npm run generate:mintlify-current-api-surface. Do not hand-edit route posture here; update the source contracts and rerun the generator.

Canonical Hosts

SurfaceURLNotes
Public docshttps://docs.tattoo.devMintlify-hosted developer docs.
REST APIhttps://api.tattooapi.com/v1Canonical public/API docs base URL.
Docs MCPhttps://docs.tattoo.dev/mcpRead-only docs search/filesystem endpoint generated by Mintlify.
Marketplace/internal aliashttps://api.tattoo.co/v1Compatibility alias only; SDKs and docs should prefer api.tattooapi.com.

Public No-Auth Reads

These endpoints are the promoted public product surface today.
RouteMethodsStatusNotes
/api/v1/healthGETPublicOperational health and runtime posture.
/api/v1/studiosGETPublicStudio discovery projection.
Public studio writes are blocked.

Existing Public Ingress That Is Not New Product Surface

Some legacy or infrastructure routes are reachable without the internal beta WorkOS flow. They should not be confused with the promoted public API roadmap.
RouteMethodsStatusNotes
/api/v1/docsGETPublic metadataRuntime-served API metadata.
/api/v1/search/autocompleteGETPublic helperLegacy/autocomplete helper, not the main internal-beta search endpoint.
/api/v1/auth/loginPOSTLegacy auth ingressSupabase-era route; WorkOS is the default path for internal beta.
/api/v1/auth/registerPOSTLegacy auth ingressSupabase-era route; not the current access-management direction.
/api/v1/auth/refreshPOSTLegacy auth ingressCompatibility route.
/api/v1/auth/forgot-passwordPOSTLegacy auth ingressCompatibility route.
/api/v1/auth/reset-passwordPOSTLegacy auth ingressCompatibility route.
/api/v1/webhooks/stripePOSTProvider webhookPublic webhook ingress, not a user-facing write API.
The WorkOS cutover keeps these legacy paths from becoming the promoted team, owner, or agent auth model.

Authenticated Internal Beta Reads

These routes require WorkOS auth plus an active TattooAPI actor mapping.
RouteMethodsStatusNotes
/api/v1/searchGETInternal betaUnified discovery across studios, artists, and designs.
/api/v1/artistsGETInternal betaRuntime-backed artist catalog.
/api/v1/artists/{id}GETInternal betaRuntime-backed artist detail.
/api/v1/portfoliosGETInternal betaPublic creative projection only.
/api/v1/portfolios/{id}GETInternal betaPublic creative projection only.
/api/v1/designsGETInternal betaPublic design projection only.
/api/v1/designs/{id}GETInternal betaPublic design projection only.
These routes exist so internal SDKs, Mastra tools, and early operator workflows can test real read envelopes without widening the public product surface.

Blocked-Write Runtime Read Families

Several noun families have useful runtime-backed reads while public writes stay blocked.
Route familyRead postureWrite posture
/api/v1/artists*Authenticated runtime read betaPublic writes blocked.
/api/v1/designs*Authenticated creative public projectionPublic writes blocked.
/api/v1/inventory*Runtime read surfacePublic writes blocked.
/api/v1/payments*Runtime read surfacePublic writes blocked.
/api/v1/portfolios*Authenticated creative public projectionPublic writes blocked.
/api/v1/studios*Public/runtime read projectionPublic writes blocked.
Two booking route families still have mixed runtime-read and legacy-write posture. They are not promoted as public write APIs and should not be used as the pattern for new route families.

Owner-Scoped Creative Beta

These routes require WorkOS auth plus owner mapping to the relevant studio or artist scope.
RouteMethodsStatusNotes
/api/v1/me/portfolio-assetsGETOwner betaOwner-filtered portfolio assets across draft/private/public states.
/api/v1/me/portfolio-assets/{id}GETOwner betaOwner-filtered portfolio asset detail.
/api/v1/me/designsGETOwner betaOwner-filtered designs across private/public states.
/api/v1/me/designs/{id}GETOwner betaOwner-filtered design detail.
Owner creative writes are contract-gated. POST, PUT, PATCH, and DELETE return owner-write-gated boundary responses until governed owner mutation contracts are promoted.

Internal-Only Infrastructure

These are not public API products.
SurfaceStatusNotes
Mastra StudioInternal onlyLocal operator and agent tuning surface.
Ontology Guidance MCPInternal onlyRead-first ontology guidance for acquisition agents.
Source-pack staging uploadInternal onlyWorkOS-protected staging path for acquisition artifacts.
Runtime mutation routesInternal onlyApproval-gated operator workflows only.
Convex dashboard/adminInternal onlyCanonical runtime operations.

Blocked Or Deprecated

SurfaceCurrent posture
Public writesBlocked.
Public legal adviceBlocked. Law data is citation-backed staging/review only.
Public SEO page generationBlocked. SEO demand descriptors stay internal review inputs.
Public SDK launchWave F gated.
Public GraphQL endpointWave F+ gated; current GraphQL work is PRD/schema planning.
Local TattooAPI API-key managementRetired in WorkOS mode; WorkOS API Keys are the credential authority.
Broad scraper-to-Convex importBlocked. Scrapers produce source packs only.

Runtime Route Inventory

This inventory is not the same thing as the promoted public surface. It is included so documentation drift is visible.
RouteMethodsRuntime file
/api/v1/analytics/artist/{id}GETapps/tattoo-api/api-implementation/pages/api/v1/analytics/artist/[id].ts
/api/v1/analytics/dashboardGETapps/tattoo-api/api-implementation/pages/api/v1/analytics/dashboard.ts
/api/v1/analytics/platformGETapps/tattoo-api/api-implementation/pages/api/v1/analytics/platform.ts
/api/v1/analytics/revenueGETapps/tattoo-api/api-implementation/pages/api/v1/analytics/revenue.ts
/api/v1/analytics/studio/{id}GETapps/tattoo-api/api-implementation/pages/api/v1/analytics/studio/[id].ts
/api/v1/api-keysGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/api-keys/index.ts
/api/v1/api-keys/{id}GET, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/api-keys/[id].ts
/api/v1/artistsGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/artists/index.ts
/api/v1/artists/{id}GET, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/artists/[id]/index.ts
/api/v1/artists/automation/inquiriesGET, POST, PUTapps/tattoo-api/api-implementation/pages/api/v1/artists/automation/inquiries.ts
/api/v1/auth/forgot-passwordPOSTapps/tattoo-api/api-implementation/pages/api/v1/auth/forgot-password.ts
/api/v1/auth/loginPOST, OPTIONSapps/tattoo-api/api-implementation/pages/api/v1/auth/login.ts
/api/v1/auth/profileGET, PUTapps/tattoo-api/api-implementation/pages/api/v1/auth/profile.ts
/api/v1/auth/refreshPOST, OPTIONSapps/tattoo-api/api-implementation/pages/api/v1/auth/refresh.ts
/api/v1/auth/registerPOST, OPTIONSapps/tattoo-api/api-implementation/pages/api/v1/auth/register.ts
/api/v1/auth/reset-passwordPOSTapps/tattoo-api/api-implementation/pages/api/v1/auth/reset-password.ts
/api/v1/bookingsGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/bookings/index.ts
/api/v1/bookings/{id}GET, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/bookings/[id]/index.ts
/api/v1/bookings/createPOSTapps/tattoo-api/api-implementation/pages/api/v1/bookings/create.ts
/api/v1/brandsGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/brands/index.ts
/api/v1/brands/{id}GET, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/brands/[id]/index.ts
/api/v1/brands/{id}GET, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/brands/[id].ts
/api/v1/brands/{id}/analyticsGETapps/tattoo-api/api-implementation/pages/api/v1/brands/[id]/analytics.ts
/api/v1/brands/{id}/studiosGETapps/tattoo-api/api-implementation/pages/api/v1/brands/[id]/studios.ts
/api/v1/clientsGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/clients/index.ts
/api/v1/clients/{id}GET, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/clients/[id]/index.ts
/api/v1/clients/onboardPOSTapps/tattoo-api/api-implementation/pages/api/v1/clients/onboard.ts
/api/v1/communication/messagesGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/communication/messages.ts
/api/v1/communication/notificationsGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/communication/notifications.ts
/api/v1/compliance/consentGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/compliance/consent.ts
/api/v1/compliance/recordsGETapps/tattoo-api/api-implementation/pages/api/v1/compliance/records.ts
/api/v1/compliance/requirementsGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/compliance/requirements.ts
/api/v1/compliance/requirements/{id}GET, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/compliance/requirements/[id].ts
/api/v1/compliance/verifyGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/compliance/verify.ts
/api/v1/designsGET, POST, PUT, PATCH, DELETEapps/tattoo-api/api-implementation/pages/api/v1/designs/index.ts
/api/v1/designs/{id}GET, POST, PUT, PATCH, DELETEapps/tattoo-api/api-implementation/pages/api/v1/designs/[id].ts
/api/v1/designs/{id}/favoritePOSTapps/tattoo-api/api-implementation/pages/api/v1/designs/[id]/favorite.ts
/api/v1/docsGETapps/tattoo-api/api-implementation/pages/api/v1/docs.ts
/api/v1/healthGET, OPTIONSapps/tattoo-api/api-implementation/pages/api/v1/health.ts
/api/v1/integrations/calendarGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/integrations/calendar.ts
/api/v1/integrations/socialGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/integrations/social.ts
/api/v1/integrations/webhooksGET, POST, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/integrations/webhooks.ts
/api/v1/inventoryGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/inventory/index.ts
/api/v1/inventory/{id}GET, PUT, PATCH, DELETEapps/tattoo-api/api-implementation/pages/api/v1/inventory/[id].ts
/api/v1/inventory/itemsGET, POST, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/inventory/items.ts
/api/v1/inventory/low-stockGETapps/tattoo-api/api-implementation/pages/api/v1/inventory/low-stock.ts
/api/v1/inventory/reportsGETapps/tattoo-api/api-implementation/pages/api/v1/inventory/reports.ts
/api/v1/inventory/suppliersGET, POST, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/inventory/suppliers.ts
/api/v1/marketplace/categoriesGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/marketplace/categories.ts
/api/v1/marketplace/categories/{id}GET, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/marketplace/categories/[id].ts
/api/v1/marketplace/featuredGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/marketplace/featured.ts
/api/v1/marketplace/featured/{id}GET, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/marketplace/featured/[id].ts
/api/v1/marketplace/purchaseGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/marketplace/purchase.ts
/api/v1/me/designsGET, POST, PUT, PATCH, DELETEapps/tattoo-api/api-implementation/pages/api/v1/me/designs/index.ts
/api/v1/me/designs/{id}GET, POST, PUT, PATCH, DELETEapps/tattoo-api/api-implementation/pages/api/v1/me/designs/[id].ts
/api/v1/me/portfolio-assetsGET, POST, PUT, PATCH, DELETEapps/tattoo-api/api-implementation/pages/api/v1/me/portfolio-assets/index.ts
/api/v1/me/portfolio-assets/{id}GET, POST, PUT, PATCH, DELETEapps/tattoo-api/api-implementation/pages/api/v1/me/portfolio-assets/[id].ts
/api/v1/micro-transactions/purchasePOSTapps/tattoo-api/api-implementation/pages/api/v1/micro-transactions/purchase.ts
/api/v1/mobile/configGET, POST, PUTapps/tattoo-api/api-implementation/pages/api/v1/mobile/config.ts
/api/v1/mobile/feedbackGET, POST, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/mobile/feedback.ts
/api/v1/mobile/push-tokensGET, POST, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/mobile/push-tokens.ts
/api/v1/mobile/uploadGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/mobile/upload.ts
/api/v1/notificationsGET, POST, PUTapps/tattoo-api/api-implementation/pages/api/v1/notifications/index.ts
/api/v1/notifications/{id}GET, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/notifications/[id]/index.ts
/api/v1/paymentsGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/payments/index.ts
/api/v1/payments/{id}GET, POSTapps/tattoo-api/api-implementation/pages/api/v1/payments/[id].ts
/api/v1/portfoliosGET, POST, PUT, PATCH, DELETEapps/tattoo-api/api-implementation/pages/api/v1/portfolios/index.ts
/api/v1/portfolios/{id}GET, POST, PUT, PATCH, DELETEapps/tattoo-api/api-implementation/pages/api/v1/portfolios/[id].ts
/api/v1/reports/bookingsGETapps/tattoo-api/api-implementation/pages/api/v1/reports/bookings.ts
/api/v1/reports/customGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/reports/custom.ts
/api/v1/reports/custom/{id}GET, POST, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/reports/custom/[id].ts
/api/v1/reports/performanceGETapps/tattoo-api/api-implementation/pages/api/v1/reports/performance.ts
/api/v1/reports/revenueGETapps/tattoo-api/api-implementation/pages/api/v1/reports/revenue.ts
/api/v1/reviewsGET, POSTapps/tattoo-api/api-implementation/pages/api/v1/reviews/index.ts
/api/v1/reviews/{id}GET, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/reviews/[id].ts
/api/v1/reviews/{id}/helpfulPOSTapps/tattoo-api/api-implementation/pages/api/v1/reviews/[id]/helpful.ts
/api/v1/searchGETapps/tattoo-api/api-implementation/pages/api/v1/search/index.ts
/api/v1/search/autocompleteGETapps/tattoo-api/api-implementation/pages/api/v1/search/autocomplete.ts
/api/v1/studiosGET, POST, OPTIONSapps/tattoo-api/api-implementation/pages/api/v1/studios/index.ts
/api/v1/studios/{id}GET, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/studios/[id]/index.ts
/api/v1/usersGETapps/tattoo-api/api-implementation/pages/api/v1/users/index.ts
/api/v1/users/{id}/deleteDELETEapps/tattoo-api/api-implementation/pages/api/v1/users/[id]/delete.ts
/api/v1/users/preferencesGET, POST, PUT, DELETEapps/tattoo-api/api-implementation/pages/api/v1/users/preferences.ts
/api/v1/webhooks/stripePOSTapps/tattoo-api/api-implementation/pages/api/v1/webhooks/stripe.ts

How To Build Against This

  • Use public no-auth reads for public studio discovery and uptime checks.
  • Use WorkOS-authenticated internal beta routes for team and SDK experiments.
  • Use owner routes only when the caller maps to the owning studio or artist.
  • Treat source-pack, MCP, Mastra, and Convex surfaces as internal infrastructure.
  • Do not build product UX that assumes public writes, public compliance claims, public GraphQL, or public SEO pages are live.
See API Access Model for projection and ownership rules.