Skip to main content
Every tRPC procedure is available as a plain HTTP endpoint at <app-url>/api/.

Discovery

GET <app-url>/api
Returns the full API manifest including OAuth configuration and all available procedures. Each procedure includes its path, description, HTTP method, input/output schemas, and required scopes: 
{
  "auth": {
    "type": "oauth2",
    "authorizationEndpoint": "/oauth/authorize",
    "tokenEndpoint": "/oauth/token",
    "revocationEndpoint": "/oauth/revoke",
    "discoveryEndpoint": "/.well-known/openid-configuration",
    "grantTypes": ["authorization_code", "refresh_token"],
    "codeChallengeMethod": "S256"
  },
  "procedures": [
    {
      "name": "/api/tasks/getMyTasks",
      "description": "Get all tasks for the current user",
      "method": "GET",
      "inputSchema": null,
      "outputSchema": null,
      "requiredScopes": null
    },
    {
      "name": "/api/tasks/createTask",
      "description": "Create a new task",
      "method": "POST",
      "inputSchema": {
        "title": { "type": "string", "required": true },
        "priority": { "type": "string", "required": false }
      },
      "outputSchema": null,
      "requiredScopes": ["tasks:write"]
    }
  ]
}
This discovery response contains everything an AI agent needs to build a Synthetiq service for the app’s API.

Queries (GET)

GET <app-url>/api/tasks/getMyTasks

Mutations (POST)

curl -X POST <app-url>/api/tasks/createTask \
  -H "Authorization: Bearer <jwt>" \
  -H "Content-Type: application/json" \
  -d '{"title": "New task"}'

Authentication

Protected procedures require a valid access token in the Authorization: Bearer <token> header. Tokens are obtained through the app’s built-in OAuth 2.0 provider. Public procedures (publicProcedure) can be called without authentication. Responses are plain JSON without the tRPC envelope.