Developer Documentation

Authentication

Protected endpoints expect a user Bearer token from Supabase auth in the Authorization header.

Public Config Endpoints

• GET /.netlify/functions/supabase-config
• GET /.netlify/functions/stripe-config
• GET /.netlify/functions/public-settings

Billing Endpoints

• POST /.netlify/functions/create-billing-portal-session
• POST /.netlify/functions/cancel-subscription
• POST /.netlify/functions/stripe-webhook (Stripe-only caller)

Admin Endpoints

• GET /.netlify/functions/admin-console?action=dashboard
• POST /.netlify/functions/admin-console with actions: update_settings, update_user_plan, sync_subscription, cancel_subscription, refund_latest_payment
• GET /.netlify/functions/admin-status

Protocol & Usage Endpoints

• POST /.netlify/functions/usage-gate
• POST /.netlify/functions/openadr-ven
• POST /.netlify/functions/openadr-ven-30
• POST /.netlify/functions/openadr-vtn

Account Creation Without Checkout

When a user signs up directly from auth, GridMango creates a profile with a default non-paid tier and no Stripe customer/subscription IDs. Paid access is granted only after successful Stripe checkout + webhook synchronization.