{"generatedAt":"2026-06-02T07:15:35.863Z","apiVersion":"1","services":[{"slug":"sso-oidc","name":"InfloSSO (OIDC)","summary":"OpenID Connect issuer for end-user sign-in (authorization_code, id_token, userinfo). Issuer host is sso.infloapp.com, NOT the API host.","status":"ga","baseUrl":"https://sso.infloapp.com","authMethods":["oauth2_authorization_code"],"endpoints":[{"method":"GET","path":"/.well-known/openid-configuration","summary":"Discovery document"},{"method":"GET","path":"/.well-known/jwks.json","summary":"Public signing keys"},{"method":"GET","path":"/oauth/authorize","summary":"Authorization endpoint"},{"method":"POST","path":"/oauth/token","summary":"Token endpoint"},{"method":"GET","path":"/oauth/userinfo","summary":"Userinfo endpoint"},{"method":"GET","path":"/oauth/logout","summary":"End-session endpoint"}],"docsPath":"/app/developer/sso"},{"slug":"personal-access-tokens","name":"Personal Access Tokens (PATs)","summary":"Long-lived bearer tokens (infpat_...) for headless agent / CLI operations against developer-portal resources you own.","status":"ga","baseUrl":"https://api.infloapp.com","authMethods":["session_cookie","pat"],"scopes":["apps:read","apps:create","apps:manage"],"endpoints":[{"method":"GET","path":"/api/personal-access-tokens/whoami","summary":"Verify a PAT"},{"method":"POST","path":"/api/personal-access-tokens","summary":"Create a PAT (session-only)"},{"method":"POST","path":"/api/personal-access-tokens/mint-agent","summary":"One-click mint for MCP/agent use"}],"docsPath":"/app/developer/api/agents","mcpTools":["whoami"]},{"slug":"developer-apps","name":"Developer Apps (Inflo Share OIDC apps)","summary":"Register and manage SSO/OIDC applications under your developer account. Supports both proprietary (POST /api/clp/register-app) and RFC 7591 (POST /oidc/register) registration.","status":"ga","baseUrl":"https://api.infloapp.com","authMethods":["pat","session_cookie"],"scopes":["apps:read","apps:create","apps:manage"],"endpoints":[{"method":"POST","path":"/api/clp/register-app","summary":"Register a new app","scopes":["apps:create"]},{"method":"POST","path":"/oidc/register","summary":"RFC 7591 dynamic client registration","scopes":["apps:create"]},{"method":"GET","path":"/api/clp/my-apps","summary":"List your apps","scopes":["apps:read"]},{"method":"GET","path":"/api/clp/my-apps/{appId}/credentials","summary":"View credentials","scopes":["apps:manage"]},{"method":"PATCH","path":"/api/clp/my-apps/{appId}","summary":"Update app metadata","scopes":["apps:manage"]},{"method":"DELETE","path":"/api/clp/my-apps/{appId}","summary":"Delete an app","scopes":["apps:manage"]},{"method":"GET","path":"/api/clp/my-apps/{appId}/auth-settings","summary":"Read redirect URIs","scopes":["apps:read"]},{"method":"PUT","path":"/api/clp/my-apps/{appId}/auth-settings","summary":"Update redirect URIs","scopes":["apps:manage"]}],"docsPath":"/app/developer/api/rest","mcpTools":["register_app","list_apps","get_app","rotate_secret","manage_redirect_uris","manage_aliases"]},{"slug":"third-party-users","name":"User Search & Public Profiles","summary":"Search discoverable Inflo users and fetch their public profiles. Honours per-user discovery opt-in. Email addresses are never returned.","status":"ga","baseUrl":"https://api.infloapp.com","authMethods":["oauth2_client_credentials"],"scopes":["users:search"],"endpoints":[{"method":"GET","path":"/api/v1/users/search","summary":"Search users by name/username"},{"method":"GET","path":"/api/v1/users/{sub}","summary":"Get a user's public profile"}],"docsPath":"/app/developer/api/users"},{"slug":"notifications","name":"Notifications API","summary":"Send in-app and email notifications to Inflo users. Returns 202 (queued) when the recipient has opted out, to avoid leaking opt-out state.","status":"ga","baseUrl":"https://api.infloapp.com","authMethods":["oauth2_client_credentials"],"scopes":["notifications:write"],"endpoints":[{"method":"POST","path":"/api/v1/notifications","summary":"Send a notification"}],"docsPath":"/app/developer/api/notifications"},{"slug":"identifier-resolve","name":"Identifier Resolve","summary":"Look up whether a user exists by email or phone — used by InfloSSO's login page to detect existing accounts. Returns verified identities only.","status":"ga","baseUrl":"https://api.infloapp.com","authMethods":["oauth2_client_credentials"],"scopes":["identifiers:read"],"endpoints":[{"method":"GET","path":"/api/v1/identifiers/resolve","summary":"Resolve an email or phone"}],"docsPath":"/app/developer/api/identifier-resolve"},{"slug":"user-provisioning","name":"User Provisioning","summary":"Create new Inflo user accounts on behalf of InfloSSO during sign-up. Auto-generates the Inflo system email and sends a verification mail.","status":"ga","baseUrl":"https://api.infloapp.com","authMethods":["client_id_secret_headers"],"endpoints":[{"method":"POST","path":"/api/v1/users/provision","summary":"Provision a new Inflo user"}],"docsPath":"/app/developer/api/user-provisioning"},{"slug":"picker-embed","name":"Picker Embed (iframe)","summary":"Embeddable user-picker iframe at /embed/picker. Uses the visitor's Inflo session — your app never sees the search query or result set.","status":"ga","baseUrl":"https://api.infloapp.com","authMethods":["none"],"endpoints":[{"method":"GET","path":"/embed/picker","summary":"Render the user-picker iframe"}],"docsPath":"/app/developer/api/picker-embed"},{"slug":"mobile-auth","name":"Mobile Auth","summary":"OAuth code-exchange and refresh-token endpoints for native mobile apps. JWT access tokens (15min) + rotating refresh tokens (30d).","status":"ga","baseUrl":"https://api.infloapp.com","authMethods":["mobile_jwt"],"endpoints":[{"method":"POST","path":"/api/auth/mobile/sso-callback","summary":"Exchange SSO code for tokens"},{"method":"POST","path":"/api/auth/mobile/refresh","summary":"Refresh an access token"},{"method":"POST","path":"/api/auth/mobile/logout","summary":"Revoke a refresh token (or all)"}],"docsPath":"/app/developer/api/mobile-auth"},{"slug":"webhooks","name":"Outbound Webhooks","summary":"HMAC-signed event delivery to URLs you register against your app. Retries with backoff for ~24h; replayable from the developer portal.","status":"ga","baseUrl":"https://api.infloapp.com","authMethods":["pat","session_cookie"],"endpoints":[{"method":"GET","path":"/api/clp/webhooks","summary":"List webhooks"},{"method":"POST","path":"/api/clp/webhooks","summary":"Register a webhook"},{"method":"PATCH","path":"/api/clp/webhooks/{id}","summary":"Update a webhook"},{"method":"DELETE","path":"/api/clp/webhooks/{id}","summary":"Delete a webhook"},{"method":"POST","path":"/api/clp/webhook-deliveries/{id}/replay","summary":"Replay a delivery"}],"docsPath":"/app/developer/api/webhooks"},{"slug":"smartview-external","name":"SmartView External API","summary":"Programmatic read/share of SmartViews from third-party apps using short-lived access tokens. Surface in flight; manifest entry exists so agents can discover it now.","status":"coming-soon","baseUrl":"https://api.infloapp.com","authMethods":["pat","oauth2_client_credentials"],"endpoints":[],"docsPath":"/app/developer/api/shares"},{"slug":"agents-mcp","name":"MCP server (@inflo/mcp-developer)","summary":"Official Model Context Protocol server. Run via `npx -y @inflo/mcp-developer` with INFLO_PAT in env. Exposes the developer-app surface as typed tools for Claude Desktop, Cursor, and generic MCP clients.","status":"ga","baseUrl":"https://api.infloapp.com","authMethods":["pat"],"scopes":["apps:read","apps:create","apps:manage"],"endpoints":[],"docsPath":"/app/developer/api/agents","mcpTools":["whoami","register_app","list_apps","get_app","rotate_secret","manage_redirect_uris","manage_aliases"]}],"links":{"llmsTxt":"https://infloapp.com/llms.txt","openapi":"https://infloapp.com/openapi.json","docsSite":"https://infloapp.com/app/developer/api","mcpPackage":"https://www.npmjs.com/package/@inflo/mcp-developer"}}