The EziBreezy public API is a versioned REST surface at /v1. Eleven controllers, 150 endpoints, every route scoped to a workspace. Authenticate with a 64-character ezb_live_ key, send JSON, get a structured envelope back. The same NestJS app, the same Postgres, the same audit log. If the web UI can do it, an integration can too.
Routes are versioned and consistent. /v1/workspaces/:workspaceId/content for the publishing lifecycle. /media for upload via signed URLs. /inbox for replies and moderation. /analytics for summaries, demographics, and post-level performance. /grid-planner, /workbench, /boost, /hashtags, /taxonomy, /integrations. Throttling lives per route, so the rate budget you have is published in the same OpenAPI doc you read the schemas from.
The spec is generated from the source, not authored alongside it. JSON at /docs/openapi.json. Interactive Scalar reference at /docs. The @ezibreezy/cli is generated from it. The MCP server wraps a curated subset of it. Point your own codegen at the same URL and you get a typed client in any language. Pair it with the scheduler for the human side of the same data.
The API is not a service that mirrors the web app. It is the same service. Controllers live next to the ones the UI calls. Plan tier and workspace role checks run in the same guards. Audit rows are written in the same transaction. Parity is the default.
If you want a UI on top of these endpoints, the scheduler is one. Point Claude or Cursor at the same data and the MCP server exposes a curated subset as agent tools. Drive it from a shell with the CLI.
11 controllers
content (41), workbench (32), media (27), inbox (11), boost (11), grid-planner (9), analytics (8), hashtags (4), integrations (3), taxonomy (3), workspaces (1).
SHA-256 hashed at rest
64 characters, prefix shown in settings, full secret returned exactly once. Pass as Authorization: Bearer $EZB_API_KEY. Scoped to an organization, can reach any workspace inside.
Scalar reference at /docs
Generated from the NestJS controllers so it cannot drift. JSON spec at /docs/openapi.json. Same source the CLI is generated from. Point your SDK generator at it.
120 reads, 30 writes, 15 publishes
Per minute, per route, per workspace. Reads default to 120/min. Writes drop to 30/min. Publish, retry, bulk-delete sit at 15/min. 429 with Retry-After when you cross.
Server-side, every call
Workspace admin, editor, viewer enforced server-side. Plan tier enforced server-side. Agency-only routes return 401 on Creator without leaking schema details.
Same table as the web app
Actor, organization, workspace, route, status, duration, outcome. Web, CLI, MCP, and direct REST all land in one log so debugging works without extra instrumentation.
Drafts, scheduling, reschedule, publish, archive, restore, retry, delete, history. Plus comments, activity reactions, and the full client-review and approval workflow on the Agency plan.
Spreadsheet-style planning rows: pages, sections, items, ordering, bulk schedule. Same data the Workbench view in the Content Planner reads.
Init upload, complete upload, signed view URLs, folder CRUD, tag CRUD, search, bulk archive, bulk move, bulk tag, bulk delete. Up to 50 MB images and 512 MB videos.
Threads, messages, stats, reply, note, moderate, retry, delete-failed, read, unread, read-all. Covers Instagram, Facebook, and Threads message and comment streams.
Create, pause, resume, status, list, report on Meta ad boosts attached to scheduled or published posts. Same workflow as the Boost composer in the UI.
List, create, update, delete, reorder, replace media, set cover, remove cover, promote. Promote turns a planned tile into a scheduled post.
Summary, aggregate, posts, posts-aggregate, demographics, integration health, single-post detail, and the Agency-plan PDF report. The data behind every dashboard tile.
Hashtag groups: list, create, update, delete. Taxonomy: tags, pillars, formats. Tag posts and your strategy reporting in the Planning Room rolls them up by pillar.
List connected accounts, fetch capability matrices for safe publishing metadata (Pinterest boards, YouTube categories), enumerate workspaces. Read-mostly orientation surface.
Issue from workspace settings, see only the prefix afterwards, rotate without affecting other keys. Org-scoped: one key reaches every workspace in the org, role-checks still apply.
Generated from controllers via @nestjs/swagger. Interactive Scalar UI at /docs. Plug into openapi-typescript, openapi-generator, or the SDK generator your stack already prefers.
Per-workspace rate limits applied per route. JSON envelope with data and meta on success, structured error with code and request ID on failure. Inbound webhook delivery is idempotent on event ID.
Facebook, Instagram, and Threads comment and message events land in dedicated webhook controllers and reconcile into inbox threads. Outbound content-lifecycle webhooks are on the roadmap; poll /content with a since timestamp until they ship.
@ezibreezy/cli wraps the public API as colon-namespaced commands. Best surface for shell scripts, cron, and CI jobs. Generated from the same OpenAPI spec.
Claude, Codex, and Cursor talk to a curated subset of the API as OAuth-scoped tools. Best surface for agent automation.
A printable monthly grid that pairs cleanly with the content endpoints. Build a CSV, POST it through the API.
Free monthly report you can populate from analytics:summary output. JSON in, recap doc out.
Define pillars and cadence first so taxonomy endpoints have a backbone to map onto.
Audit existing accounts before pointing scripts at them. Feed the wins back into the workspace pillars.
Every endpoint reads or writes the same data the web app uses. A POST to /content from your service shows up in the calendar a second later. A retry through the API runs the same recovery path as the Retry button in the UI. Build the integration once and the other surfaces inherit it.
A versioned REST API at /v1. Eleven controllers, 150 endpoints. Routes are organization-scoped to a workspace, so every path looks like /v1/workspaces/:workspaceId/content, /media, /inbox, and so on. Same NestJS app the web UI talks to. Same Postgres. Same role checks. Same audit log.
Bearer token in an Authorization header. Issue a key in workspace settings, get back a 64-character secret prefixed with ezb_live_ once. We hash with SHA-256 and store the hash plus the first 16 characters as the prefix you see in the UI. Keys belong to an organization and can reach any workspace inside it. Lose a key, revoke it, mint another.
Yes. NestJS Swagger generates it from the controllers, so it cannot drift from the source. JSON spec at /docs/openapi.json on the API host, interactive Scalar reference at /docs. The @ezibreezy/cli is generated from it. Point any standard SDK generator at the same URL and you have a typed client in your language of choice.
Per workspace, per minute. Reads sit at 120/min on most controllers. Writes drop to 30/min. The expensive ones (publish, retry, send-review, bulk-delete) drop to 15/min. Crossing a limit returns 429 with a Retry-After header. Throttle metadata lives next to every route, so the OpenAPI doc shows it inline.
Not yet. Inbound webhooks exist for Facebook, Instagram, and Threads platform events (comments, messages, reactions) and are reconciled into your inbox. Outbound webhooks for your own scheduled-post lifecycle are on the roadmap. Until they ship, GET /v1/workspaces/:id/content with a since timestamp is the supported way to poll, or run an MCP listener.
A viewer-scoped key can read but cannot mutate. An editor-scoped key can draft and update but cannot manage workspace members. Plan tier matters too: client-reviews and approval-history endpoints require the Agency plan and 401 with a clear reason on lower tiers. The server enforces both. The client never has to know the rule.
JSON body in, JSON envelope out. The shape is { data, meta } where meta carries pagination (limit/offset/total/hasMore for offset routes, nextCursor/hasMore for cursor routes). Errors return a structured envelope on 4xx/5xx with code, message, and a request ID you can quote in support. Idempotency on inbox webhook delivery; not yet on POST writes.
Same backend, three skins. The REST API is the surface you build integrations against. The @ezibreezy/cli is generated from the spec for shell scripts and CI. The MCP server wraps a curated subset for AI agents. A draft created over REST shows up in the calendar. A retry from cron lands in the same audit row as a retry from the UI. Mix freely.
Creator and up. Most endpoints work on Creator. Agency-only routes are flagged in the spec: anything under client-reviews, content:approval-history, and the PDF analytics report. Free trials run for 7 days with full API access.
Every authenticated call writes a row: actor (user or API key prefix), organization, workspace, route, status, duration, and outcome. The web app, the CLI, the MCP server, and direct REST callers all land in the same table. Failures are recorded too, so a flaky integration is debuggable without flipping on extra logging.