REST API
The editor-server REST surface — authentication, files, account, billing, fonts, and image search — generated from the server's OpenAPI specification.
In short the editor-server exposes a REST API for the editor's account, storage, billing, and asset features. The endpoints below are generated from the server's OpenAPI spec (which is itself generated from the server's Zod contracts), so this reference matches the running service.
Authentication is cookie-based (a better-auth session). All routes live under
/api/*; the spec is also served live at the server's /openapi.json.
Paged Editor Server v0.1.0 · OpenAPI 3.0.3 · 74 endpoints · @ b1d62ce9
meta
Health and service metadata
| GET | /healthz | |
| GET | /readyz |
files
User file storage
| GET | /api/v1/files | |
| POST | /api/v1/files | |
| GET | /api/v1/files/usage | |
| GET | /api/v1/files/{id} | |
| DELETE | /api/v1/files/{id} | |
| GET | /api/v1/files/{id}/content | |
| PUT | /api/v1/files/{id}/content |
billing
Subscriptions and invoices
| GET | /api/v1/billing/subscription | |
| GET | /api/v1/billing/invoices |
account
Profile and account management
| GET | /api/v1/account/profile | |
| PATCH | /api/v1/account/profile | |
| POST | /api/v1/account/email | |
| POST | /api/v1/account/password | |
| GET | /api/v1/account/sessions | |
| DELETE | /api/v1/account/sessions | |
| POST | /api/v1/account/sessions/revoke | |
| POST | /api/v1/account/delete | |
| POST | /api/v1/account/export |
fonts
Google Fonts catalog and proxy
| GET | /api/v1/fonts | |
| GET | /api/v1/fonts/{family}/{variant} |
images
Image meta-search (Pexels + Unsplash)
| GET | /api/v1/images/search | |
| POST | /api/v1/images/{provider}/{id}/use |
dev
Development-only helpers
| POST | /api/dev/login-as |
automation
| POST | /api/v1/generate | |
| GET | /api/v1/generate/{jobId} |
Default
| POST | /api/auth/sign-in/social | socialSignIn |
| GET | /api/auth/callback/{id} | |
| POST | /api/auth/callback/{id} | |
| GET | /api/auth/get-session | getSession |
| POST | /api/auth/get-session | getSessionPost |
| POST | /api/auth/sign-out | signOut |
| POST | /api/auth/sign-up/email | signUpWithEmailAndPassword |
| POST | /api/auth/sign-in/email | signInEmail |
| POST | /api/auth/reset-password | resetPassword |
| POST | /api/auth/verify-password | verifyPassword |
| GET | /api/auth/verify-email | |
| POST | /api/auth/send-verification-email | sendVerificationEmail |
| POST | /api/auth/change-email | changeEmail |
| POST | /api/auth/change-password | changePassword |
| POST | /api/auth/update-session | updateSession |
| POST | /api/auth/update-user | updateUser |
| POST | /api/auth/delete-user | deleteUser |
| POST | /api/auth/request-password-reset | requestPasswordReset |
| GET | /api/auth/reset-password/{token} | resetPasswordCallback |
| GET | /api/auth/list-sessions | listUserSessions |
| POST | /api/auth/revoke-session | |
| POST | /api/auth/revoke-sessions | |
| POST | /api/auth/revoke-other-sessions | |
| POST | /api/auth/link-social | linkSocialAccount |
| GET | /api/auth/list-accounts | listUserAccounts |
| GET | /api/auth/delete-user/callback | |
| POST | /api/auth/unlink-account | |
| POST | /api/auth/refresh-token | |
| POST | /api/auth/get-access-token | |
| GET | /api/auth/account-info | |
| GET | /api/auth/ok | |
| GET | /api/auth/error |
Admin
| POST | /api/auth/admin/set-role | setUserRole |
| GET | /api/auth/admin/get-user | getUser |
| POST | /api/auth/admin/create-user | createUser |
| POST | /api/auth/admin/update-user | adminUpdateUser |
| GET | /api/auth/admin/list-users | listUsers |
| POST | /api/auth/admin/list-user-sessions | adminListUserSessions |
| POST | /api/auth/admin/unban-user | unbanUser |
| POST | /api/auth/admin/ban-user | banUser |
| POST | /api/auth/admin/impersonate-user | impersonateUser |
| POST | /api/auth/admin/stop-impersonating | |
| POST | /api/auth/admin/revoke-user-session | revokeUserSession |
| POST | /api/auth/admin/revoke-user-sessions | revokeUserSessions |
| POST | /api/auth/admin/remove-user | removeUser |
| POST | /api/auth/admin/set-user-password | setUserPassword |
| POST | /api/auth/admin/has-permission |
Versioning & compatibility
How the plugin API is versioned — apiVersion ranges and the 0.x caret rule, runtime capability detection with host.supports, the freeze policy for v1, and what plugin authors should pin.
Plugins
The five first-party content plugins that extend paged beyond native IDML — vector drawing, web content, raster images, spreadsheets, and database publishing — all built on the Plugin SDK.