Early bird discounts live! Claim your offer
MemberPass Logo
Back to MemberPass

REST API References

The public MemberPass REST API, served at api.memberpass.net. Designed for agentic clients, Zapier / n8n integrations, and first-party tooling.

MemberPass exposes a versioned REST API at https://api.memberpass.net/v1. Every mutation the creator dashboard can perform is also reachable through the API, scoped by Sanctum personal access tokens.

Shape at a glance

  • Base URLhttps://api.memberpass.net/v1
  • AuthenticationAuthorization: Bearer mpt_live_... (Sanctum personal access token, minted at /settings/tokens)
  • Tenant scoping — every token carries a mandatory scope:team:<uuid> ability and optional scope:project:<uuid> entries; the server resolves the team from the token, never from the request body
  • MutationsPOST / PATCH / PUT / DELETE all require an Idempotency-Key header; successful 2xx responses are replayed for 24h under the same key
  • Errors — uniform envelope { "error": { "code", "message", "docs_url", "remediation", "request_id", "fields"?, "context"? } }
  • Rate limiting — 300 requests/min and 10,000 requests/hour per token, plus endpoint-specific buckets
  • Pagination — list endpoints return a data array; most accept a limit query parameter (documented per endpoint). See Pagination.

Who this is for

Agent runtimes

Claude Desktop, Cursor, ChatGPT Desktop, VS Code — connect to the MCP server for natural-language tool use over the same surface.

Automation platforms

Zapier triggers subscribe through webhook endpoints; actions call the REST API so automations drive the same code path as the creator dashboard.

First-party integrations

Build a bespoke dashboard, CLI, or backoffice tool. The entire creator surface is API-driven.

Core concepts

  • Authentication — minting tokens, the bearer header, and scope tuples.
  • Abilities — the 65 ability strings that gate every endpoint.
  • Tenancy and scopes — how scope:team and optional scope:project tuples combine.
  • Idempotency — structuring retries so you never duplicate a mutation.
  • Rate limiting — per-token and per-endpoint buckets + Retry-After semantics.
  • Pagination — how list endpoints return data today.
  • Errors — every error code with HTTP status, remediation, and recovery hints.
  • Versioning and deprecation — the v1 contract and how breaking changes are announced.
  • OpenAPI specification — the auto-generated machine-readable spec.

Agents first

The API contract is designed for LLM-driven clients. Every error carries a docs_url and a remediation string so agents can self-correct without a round-trip to documentation. The same ability catalog backs both the REST API and the MCP server — an ability you grant a token once works across both transports.

Prefer natural language? The MCP server exposes tools against the same resource catalog, with built-in client configurations for Claude Desktop, Cursor, ChatGPT Desktop, and VS Code.

Versioning

Breaking changes are never introduced within a major version. Additive changes (new fields, new endpoints, new error codes) can appear at any time. See the versioning and deprecation policy for the full contract.

How is this guide?

REST API Quickstart

Mint a token, call your first endpoint, receive your first webhook — all in under five minutes.

On this page

Shape at a glance
Who this is for
Core concepts
Agents first
Versioning

MemberPass is a product designed by you — for you.

No boardroom full of executives deciding what we ships next. Our roadmap always shaped by you with your feedback.

Share feedback or a request