Platform API
MyClaude's internal API architecture — consumed by the CLI and web application. Not a public developer API.
MyClaude's API is a set of internal REST endpoints consumed by the MyClaude CLI and web application. These routes power every marketplace operation — from product search to Stripe checkout.
These are not a public developer API. There are no API keys for third-party applications, no versioned endpoints (/v1/), and no developer SDK. External integrations should use the CLI with --json output or the MCP server — both are the supported interfaces for programmatic access.
A public developer API with API keys, rate limit tiers, and SDKs is planned for a future release.
Architecture
All routes live under https://myclaude.sh/api as Next.js API Route Handlers. They handle authentication, data storage, payments (Stripe), and file storage.
Authentication
Routes that modify data require a JWT bearer token:
Authorization: Bearer <firebase-id-token>The server verifies the token on every authenticated route. Expired or malformed tokens return 401. Banned users receive 403 on all mutation endpoints.
How tokens are obtained:
| Method | How |
|---|---|
| CLI | myclaude login — stores and refreshes automatically |
| Web app | Firebase Client SDK getIdToken() after sign-in |
Endpoint groups
| Group | Description | Auth | Consumer |
|---|---|---|---|
| Products | Upload, scan, download, like, review | Most routes | Web app + CLI |
| Users | Profile updates, follow, account deletion | Required | Web app |
| Payments | Stripe checkout, Connect onboarding, webhooks | Required | Web app + Stripe |
| CLI | Search, create, profile, notifications, Stripe | Varies | CLI only |
| System | Health check | None | Monitoring |
Rate limiting
All endpoints are rate-limited to prevent abuse. MyClaude uses two strategies:
| Strategy | Behavior | Applied to |
|---|---|---|
| Standard | Fail-open (allows request if limiter unavailable) | Read endpoints |
| Strict | Fail-closed (blocks request if limiter unavailable) | All mutations |
When rate-limited, the API returns 429 Too Many Requests with a Retry-After header.
Error format
All errors return consistent JSON:
{
"error": "Human-readable error message"
}| Code | Meaning |
|---|---|
400 | Missing or invalid parameters |
401 | Missing or invalid bearer token |
403 | Insufficient permissions or user banned |
404 | Resource not found |
409 | Duplicate action (already purchased, username taken) |
429 | Rate limit exceeded |
500 | Unexpected server failure |
For contributors
The following pages document internal endpoint behavior for contributors working on the MyClaude codebase:
- Products — upload, search, like, review, content scanning
- Users — profile, follow, account deletion
- Payments — Stripe checkout, Connect, webhooks
- Downloads — signed URL generation, purchase verification
For external integrations
If you are building tools that interact with MyClaude, use the supported interfaces:
| Interface | Best for | Docs |
|---|---|---|
CLI --json | Scripts, CI/CD, automation | CLI Commands |
| MCP server | Claude Code native integration | MCP Integration |
| OpenAPI spec | Understanding the API shape | /specs/openapi.yaml |
Related pages
- CLI Commands — the supported programmatic interface (29 commands, all with
--json) - MCP Integration — 5 MCP tools for Claude Code
- Security Model — authentication and authorization architecture