How to Create API Endpoints for Your Custom App
How API Endpoints Work
An API endpoint is a URL that external systems can send data to. When your website submits a contact form, when a payment processor sends a notification, or when a mobile app requests data, they are all calling API endpoints. Your custom app's endpoints run through the platform's main API router, which handles authentication, rate limiting, and request validation before passing the data to your app's function.
Each endpoint is defined as a command in your app's configuration. The platform validates the incoming request (checking the API key, verifying the account is active, confirming credit balance), then calls your app's function with the full request data. Your function processes the data, performs whatever database operations or actions are needed, and returns a response.
What Endpoints Can Do
- Accept form submissions from your website (contact forms, application forms, feedback forms, order forms)
- Receive webhook notifications from external services (payment confirmations, shipping updates, calendar events)
- Return data to your website or mobile app (product listings, user profiles, content records)
- Trigger actions from external systems (send a notification, create a record, update a status)
- Process incoming data with AI (classify a message, generate a response, analyze submitted text)
Creating an Endpoint
Tell the AI what the endpoint should accept and what it should do: "Create an endpoint called submitLead that accepts name, email, phone, and interest. It should create a new lead record, send me an SMS notification, and return a success message with the lead ID." The AI writes the function and adds it to your app's command configuration.
To call your endpoint, you need your account ID and API key, both available in your admin settings. Every API request includes these credentials for authentication. You can also configure an IP allowlist if you want to restrict which servers can call your endpoints.
Send a POST request to the platform's API URL with your app name, command name, and the data fields. The platform routes the request to your custom app's function, which processes it and returns the response. You can call endpoints from JavaScript on a website, from server-side code, from a mobile app, or from any system that can make HTTP POST requests.
Security
API endpoints are protected by multiple layers of security. Every request must include a valid API key. The platform verifies the key belongs to an active account and checks the IP allowlist if one is configured. Your app's function receives only validated requests, so you can focus on business logic without worrying about authentication.
For endpoints that receive webhooks from services like Stripe or PayPal, you can also set up mode handlers that accept requests at a public URL without API key authentication. These use the webhook's own signature verification instead. See How Custom Apps Integrate With Other Platform Features for details on webhook handlers.
Common API Patterns
Website Form Submission
Your website's contact form sends name, email, and message to your app's endpoint. The app saves the record, sends you a notification, and returns a success message that the website displays to the visitor.
Data Retrieval
Your website sends a request to get all published products or articles. The app queries the database and returns the records as JSON, which your website renders into pages.
Action Trigger
An external service calls your endpoint with data that triggers an action, like sending a confirmation SMS, updating an inventory count, or starting a workflow.
Give your custom app a real API. Accept data from any website, app, or service.
Start Building Free