API access

Encore exposes a small set of read-mostly endpoints under /api/v1 for scripts, integrations, and one-off data exports. Authentication is bearer-token based; tokens are scoped to a single studio and are managed from your security settings.

Generate a token

1. Go to Settings → Security

2. Find the API tokens section

3. Type a descriptive name (e.g., "Production webhook · Apr 2026")

4. Click Create

5. Copy the token immediately — the plaintext is shown once and never recoverable. If you lose it, revoke and generate a new one.

The token format is encore_<24+ chars>. The encore_ prefix makes leaked tokens easy to grep for.

Authentication

Pass the token in the Authorization header on every request:

```

Authorization: Bearer encore_<your-token>

```

Tokens that have been revoked or expired return 401 Unauthorized with no detail (we deliberately don't surface why — an attacker probing the API should learn nothing).

Endpoints

### GET /api/v1/me

Identity probe. Confirms your token works and tells you which studio it's scoped to. Hit this first when wiring up a new integration.

```

curl https://encore.photo/api/v1/me \

-H "Authorization: Bearer encore_xxxxx"

{

"studio": { "id": "...", "slug": "...", "name": "..." },

"token": { "id": "...", "createdByUserId": "..." }

}

```

### GET /api/v1/galleries

List galleries for the studio. Excludes archived. Ordered by createdAt desc, capped at 200 rows.

```

curl https://encore.photo/api/v1/galleries \

-H "Authorization: Bearer encore_xxxxx"

{

"galleries": [

{

"id": "...",

"slug": "kakos-04-25-26",

"title": "Kakos",

"themeKey": "marquee",

"stage": "full",

"visibility": "private",

"eventDate": "2026-04-25T00:00:00Z",

"createdAt": "2026-04-20T15:00:00Z",

"publishedAt": "2026-04-25T22:30:00Z"

}

],

"count": 1

}

```

### GET /api/v1/audit

The studio's hash-chained audit log as JSON. Same data the receipts UI shows, scoped to your studio. Defaults to 100 most recent rows; ?limit=N caps at 1000.

```

curl "https://encore.photo/api/v1/audit?limit=500" \

-H "Authorization: Bearer encore_xxxxx"

```

For a one-shot full export, use the CSV export instead.

CSV export

The full audit log as CSV (RFC 4180, Excel-compatible) is at /api/audit/export. This endpoint uses your session cookie rather than a bearer token, so just visit it in a browser while logged in:

```

https://encore.photo/api/audit/export

```

The file streams directly into your browser's downloads folder.

Token lifecycle

• Plaintext shown once. No recovery; revoke + regenerate if lost.
• Revocation is immediate. Click Revoke on a token; the next request using it fails 401.
• Expiry is optional. Tokens never expire by default. Short-lived tokens (a one-day import script) can be set to expire via the API; the UI doesn't expose the expiry input yet.
• Last-used timestamp is bumped at most once per minute per token to keep DB writes cheap.

Rate limits

The /api/v1/* endpoints inherit the platform's default per-IP rate limits but no token-specific budget yet. If you're building something that hits the API at high volume, drop us a note — we'd rather hear about it before you saturate something.

What's not in v1

• Write endpoints (POST/PATCH/DELETE) — read-only for now.
• Per-resource scopes — every token has full access to its studio.
• Webhooks — no outbound notifications yet.
• Pagination — gallery list returns up to 200, audit returns up to 1000. Beyond that, use the CSV export.

These all land when there's documented demand. The current scope is "read your studio's state from outside the app," which is the 90% case.

Security

• Tokens are stored as SHA-256 hashes. A leaked DB row does not yield usable tokens.
• Token creation is logged to your account audit trail with an alert email — same security-event pipeline as 2FA toggles.
• Revoke compromised tokens immediately. The token-version mechanism that invalidates user sessions does NOT touch API tokens; revocation is the explicit kill-switch for tokens.