API Documentation
Back to Developer PortalGetting Started
The Pincast Marketplace API allows you to programmatically submit apps and experiences for review and publication on pincast.fm.
Base URL
https://pincast.fm/api/externalAuthentication
All API requests require authentication using an API key. Include your API key in the X-API-Key header.
Important: Never expose your API key in client-side code or public repositories.
Apps API
Create App
/api/external/appsSubmit a new app for review.
{
"title": "My Awesome App",
"description": "A great app for Pincast users",
"link": "https://example.com/app",
"imageUrl": "/uploads/app-icon.png"
}List Apps
/api/external/appsRetrieve all apps for your project.
Get App
/api/external/apps/:idRetrieve a specific app by ID.
Check App Status
/api/external/apps/:id/statusCheck the approval status of an app.
Batch Create Apps
/api/external/apps/batchSubmit multiple apps in a single request (max 50).
{
"apps": [
{
"title": "App 1",
"description": "First app",
"link": "https://example.com/app1",
"imageUrl": "/uploads/app1.png"
},
{
"title": "App 2",
"description": "Second app",
"link": "https://example.com/app2",
"imageUrl": "/uploads/app2.png"
}
]
}Experiences API
The Experiences API works similarly to the Apps API with the same endpoints and structure.
POST /api/external/experiences- Create experienceGET /api/external/experiences- List experiencesGET /api/external/experiences/:id- Get experienceGET /api/external/experiences/:id/status- Check statusPOST /api/external/experiences/batch- Batch create
File Upload
/api/external/uploadUpload images for your apps and experiences.
Requirements
- Max file size: 5MB
- Allowed types: JPEG, PNG, WebP, GIF, SVG
- Content-Type: multipart/form-data
Webhooks
Configure webhooks to receive real-time notifications when your submissions are approved or rejected.
Setup
Add a webhook URL and secret to your API key in the admin panel. We'll send POST requests to your URL with HMAC-SHA256 signatures.
Events
app.published- App approved and publishedapp.rejected- App rejectedexperience.published- Experience approved and publishedexperience.rejected- Experience rejected
Payload Example
{
"event": "app.published",
"timestamp": "2024-01-15T10:30:00.000Z",
"data": {
"id": "abc123",
"title": "My App",
"status": "PUBLISHED",
"publishedAt": "2024-01-15T10:30:00.000Z"
}
}Signature Verification
Verify webhook signatures using the X-Webhook-Signature header:
const crypto = require('crypto');
const signature = req.headers['x-webhook-signature'];
const payload = JSON.stringify(req.body);
const secret = 'your_webhook_secret';
const expected = 'sha256=' + crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
if (signature === expected) {
// Signature valid
}Rate Limits
API requests are rate limited to ensure fair usage and system stability.
Current Limits
- 100 requests per hour per API key
- 50 items maximum per batch request
Rate limit information is included in response headers:
Error Codes
All errors follow a standard format with error codes for easier handling.
{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "Validation failed",
"timestamp": "2024-01-15T10:30:00.000Z"
}
}Common Error Codes
UNAUTHORIZEDInvalid or missing API key
INSUFFICIENT_PERMISSIONSAPI key lacks required permissions
VALIDATION_ERRORRequest data validation failed
RATE_LIMIT_EXCEEDEDToo many requests, retry after reset time
NOT_FOUNDRequested resource not found
INTERNAL_ERRORServer error, contact support if persists