API reference
Technical reference for license validation and platform flows.
The public API surface is intentionally small. The Sarghy backend validates licenses, supports checkout and webhook automation, and keeps article generation inside the customer’s WordPress installation.
Public plugin endpoint
Used by the WordPress plugin to validate a license key and activate or verify an allowed WordPress domain.
POST /api/v1/validate
Request body
{
"license_key": "SRG-XXXX-XXXX",
"domain_url": "example.com"
}Typical response
{
"valid": true,
"message": "License valid."
}What the API does
- Validates license keys issued after checkout.
- Normalizes and checks the customer WordPress domain.
- Activates a new domain when the plan has available slots.
- Returns a simple allow/deny response to the plugin.
- Stores validation logs for operational diagnostics.
What the API does not do
- It does not receive or store the customer’s OpenAI API key.
- It does not generate, rewrite, or publish articles on the website server.
- It is not a public content-generation API.
- It should not be used directly by third-party apps without written approval.
Security model
- License validation is server-side and uses Supabase admin access internally.
- The plugin sends only the license key and WordPress domain for validation.
- Stripe checkout and webhook routes are internal commerce flows, not customer-facing API endpoints.
- Future versions may add signed requests, stronger rate limiting, and nonce/timestamp checks.
Internal platform flows
- Checkout API creates the Stripe session for a selected price.
- Stripe webhook provisions subscriptions, licenses, and customer access.
- Dashboard reads customer license data after authentication.
- Support form stores structured support requests in Supabase when configured.
Developer note
If you need a partner integration or direct API access, it should be handled as a separate agreement and documented with authentication, rate limits, scopes, and audit logging.