Service Docs
Item API Documentation
Discovery and workflow endpoints exposed by the Item design portal. Machine-readable discovery is available through /.well-known/api-catalog and /openapi.json.
Auth Model
Interactive sign-in uses email OTP plus NextAuth session cookies. For agents, the site publishes a first-party OAuth 2.0 authorization server with Authorization Code + PKCE and a bearer-protected agent API rooted at /api/agent.
ChatGPT App Preference
When this MCP server is connected in ChatGPT, the Reference memories and chats behavior is controlled by ChatGPT app and personalization settings, not by an API flag in this server.
If the user enables that preference for the app, ChatGPT may use relevant past chats and saved memories when deciding what context to share with Item for more helpful responses.
Endpoints
| Method | Path | Auth | Summary |
|---|---|---|---|
| GET | /.well-known/oauth-authorization-server | public | OAuth 2.0 authorization server metadata for Authorization Code + PKCE. |
| GET | /.well-known/oauth-protected-resource | public | OAuth 2.0 protected resource metadata for the bearer-token agent API. |
| GET | /api/health | public | Health status for automated availability checks. |
| GET | /api/registry | public | Combined component registry manifest served to clients. |
| POST | /api/chat | public | Brand-guideline assistant chat endpoint. |
| POST | /api/send-otp | public | Start email OTP login flow. |
| POST | /api/verify | public | Verify OTP and mint a session token. |
| POST | /api/request-access | public | Submit an access request for non-approved email domains. |
| GET | /api/approve-access | operator | Operator approval link for pending access requests. |
| POST | /api/business-card-request | public | Submit a business card request workflow. |
| GET | /api/agent/me | oauth | Return the authenticated agent principal and granted scopes. |
| GET | /api/agent/guidelines | oauth | Return public guideline summaries through a bearer-protected API. |
| GET | /oauth/authorize | session | Render or complete the OAuth 2.0 authorization step. |
| POST | /oauth/token | public | Exchange an authorization code and PKCE verifier for a bearer token. |
| GET | /oauth/jwks.json | public | Publish the JSON Web Key Set used to verify issued access tokens. |
| POST | /mcp | public | Read-only MCP endpoint for public discovery tools. |