Reference
GoBrief API
JSON REST API for partners, deliveries, collections, and partner links. The full UI runs on the same endpoints. If you can do it in the product, you can do it through the API.
Overview
Base URL: https://gobrief.co/api
All requests and responses are JSON unless noted (file uploads aremultipart/form-data). Timestamps are Unix seconds (integer) or ISO-8601 strings where documented. All responses include a Content-Type: application/json; charset=utf-8 header.
Authentication
Two authentication modes are supported:
- Session cookie: set by NextAuth on sign-in via Google OAuth or Resend magic link. Used by the product UI.
- Bearer API key:
Authorization: Bearer gb_.... Generated in Settings → Integrations (or Settings → Figma for the plugin-scoped variant). Keys are scoped to one user in one workspace, and can be revoked at any time.
Cookie-authenticated requests must include a CSRF token for write operations (POST, PATCH, DELETE). The UI handles this automatically; external integrations should use Bearer keys.
Rate limits
Per-IP + per-API-key limits apply to public endpoints. Default: 30 req/min for authenticated API calls, 10 req/min for unauthenticated public tools like brand extraction. Over-limit responses return 429 Too Many Requests with a Retry-After header.
Business + Scale customers can request elevated limits by emailing hello@gobrief.co.
Errors
Errors return non-2xx HTTP status codes plus a JSON body:
{
"error": "Workspace not found",
"code": "not_found",
"requiredPlan": "pro" // present only on plan-gate 402s
}402 Payment Required returns when a request would exceed your plan's quota. The requiredPlan field tells you the minimum tier that unlocks the action.
Workspaces
/api/auth/sessionReturn the current session (user + active org, or null).
/api/collectionsList collections visible to the current user in the active workspace.
/api/workspaces/switchSwitch the active workspace cookie. Body: { orgId }.
/api/orgUpdate workspace brand settings, voice, glossary, industry.
Partners (Contacts)
/api/recipient-dataList all partner contacts in the workspace.
/api/recipientsCreate a new partner contact.
/api/recipients/importBulk import from CSV.
Projects + placements
/api/projectsList projects in the workspace.
/api/projectsCreate a project.
/api/placementsCreate a placement on a project.
Requests
/api/requestsCreate a request. Accepts `payloadKind: files | spec_request | review`.
/api/requests/sendFan out magic-link emails for a request.
/api/uploadRecipient-side upload (multipart). Magic-link authenticated.
/api/assignments/confirmReverse approval: partner confirms or rejects pending changes.
Deliveries
/api/deliveriesCreate a delivery. Accepts `payload_kind: files | preview | spec_sheet`.
/api/deliveries/sendSend a delivery to recipients.
/api/figma/intakeReceive an exported frame from the Figma plugin as a preview delivery.
Collections (Library ACL)
/api/collectionsList collections visible to the current user.
/api/collectionsCreate a collection. Owners + admins only.
/api/collections/[id]/assetsAdd an asset to a collection.
/api/collections/[id]/assetsRemove an asset from a collection.
Webhooks
First-class webhooks are on the roadmap. Today, the API fires outbound events through two mechanisms:
- Stripe webhooks at
/api/stripe/webhook, signed by Stripe, used for subscription lifecycle. - Figma intake webhook at
/api/figma/intake, inbound from the plugin, authenticated by API key.
Custom outbound webhooks (request.submitted, submission.approved, delivery.downloaded, etc.) ship in v1, available on Business + Scale. Email hello@gobrief.co if you need webhook access now.
Need early API access?
Formal v1 lands with public webhooks + stability guarantees. Want to build against the beta today?
Email hello@gobrief.co