Initial publication
Date: 2026-05-06
The Auradonors public API has been in production for some time — what’s
new is this documentation site. Before today, integrators landed on the
embedded Scalar reference at /reference/ and had to reverse-engineer
authentication, error handling, idempotency, and webhook delivery from
the OpenAPI schema descriptions. This publication closes that gap.
What’s covered
Section titled “What’s covered”- Getting started — provision an API key, send the first request, recognize success vs. failure.
- Authentication —
X-Api-Keyheader model, per-tenant scoping, scope grammar, rotation, revocation, theapi-access:enabledfeature flag, and what gets rejected. - Conventions — pagination shape, error envelope, idempotency contract on order creation, current rate-limit policies.
- Webhooks — outbound delivery mechanics, HMAC-SHA256 signature verification, retry policy, and the full event catalog.
- Resources — the curated public-API surface, with explicit callouts for which endpoint groups in the feed are internal-only.
- Recipes — five end-to-end workflows (import a contact, record a donation, charge a card, run a saved report, listen for events).
What hasn’t changed
Section titled “What hasn’t changed”- The API itself. The OpenAPI feed at
api.auradonors.com/openapi/v1.jsonis unchanged. Every operation was already shipping summaries and descriptions per the prior Phase C documentation sweep; this publication adds the cross-cutting narrative. - The base URLs (
api.auradonors.comfor production,api-dev.auradonors.comfor sandbox). - The authentication model (
X-Api-Keyheader, hashed lookup againsttenant_api_keys). - The webhook delivery contract (signed POST, 5-attempt retry, 10-second timeout).
What’s deliberately deferred
Section titled “What’s deliberately deferred”- Per-operation request/response examples in the embedded reference. The Scalar UI works with the schema-only descriptions today; curated examples land in a follow-up phase once we see which shapes integrators actually want to copy.
- Public/internal endpoint split at the OpenAPI level. The Resources page calls out which endpoint groups are part of the supported public surface, but every endpoint still appears in the feed — formal filtering belongs in a future phase.
- SDK / typed clients. The
curlandHttpClientexamples in this publication are the integration story. - Localization. English only.
What feedback looks like
Section titled “What feedback looks like”If a documented fact doesn’t match what the API actually does, that’s a bug — file an issue. If a recipe you’d want to follow isn’t covered, email [email protected]; recipes are added when integrators ask for them.