GET /health— no auth required, no rate limit. Used by uptime monitors and load balancers to verify the API is alive and the database responds.GET /me— bearer required (any scope, including the empty set). Used by Make / Zapier connectors as the “Test connection” step to surface the org name and the bearer’s permissions to end users.
GET /health
Public liveness + readiness probe. No Authorization header needed, no scope, no rate limit. Verifies the Next.js process is alive and that the database pool can round-trip a SELECT 1.
Designed for Uptime Kuma, Pingdom, Better Stack, AWS ELB target groups, and similar external monitoring. Intentionally minimal: no version info, no environment leak, nothing an attacker could fingerprint.
Request
Response 200
Response 503
Returned when the database is unreachable from the API tier.Monitoring tips
- Use a keyword check on
"ok":truerather than just status200. That way a misconfigured edge cache that serves a stale{"ok":false}body doesn’t accidentally show as healthy. - Don’t poll faster than every 60 seconds. It’s a DB ping; don’t turn it into a load test.
- It’s not authenticated. Don’t include any sensitive headers when probing it.
GET /me
Confirms a bearer is valid and returns the organization it is bound to. No scope required — useful as the “Test connection” step in Make / Zapier connectors.
Request
Response 200
Fields
| Field | Description |
|---|---|
organization.id | Internal organization identifier. |
organization.name | Display name. |
organization.slug | URL-safe slug (may be null for older orgs). |
auth.type | api_key or oauth. |
auth.scopes | Array of scopes attached to this bearer. |
auth.clientId | OAuth client ID. Present only for auth.type: "oauth". |
auth.userId | The authenticating user. Present only for auth.type: "oauth". |
Errors
The standard auth errors apply (401, 403). See Authentication.