Dr.Gero Docs

Appearance

Workspace admin APIs

These endpoints are primarily used by the signed-in UI. They require a Supabase user session access token, not a Dr.Gero API token.

bash
export SUPABASE_ACCESS_TOKEN="eyJ..."
export API_BASE="https://dr-gero-frontend-99142474693.europe-west1.run.app"

Tokens

List tokens

bash
curl -sS "$API_BASE/api/tokens?business_id=$BUSINESS_ID" \
  -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" | jq

Create token

bash
curl -sS -X POST "$API_BASE/api/tokens" \
  -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "server production",
    "business_id": "BUSINESS_ID",
    "scopes": ["leaderboards:inference", "leaderboards:read"],
    "expires_in": "90d",
    "budget_limit": 25,
    "budget_reset_interval": "monthly"
  }' | jq

The response includes secret once. Store it immediately.

Revoke or delete token

bash
curl -sS -X POST "$API_BASE/api/tokens/$TOKEN_ID/revoke" \
  -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" | jq

curl -sS -X DELETE "$API_BASE/api/tokens/$TOKEN_ID" \
  -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" | jq

Integration validation

bash
curl -sS -X POST "$API_BASE/api/integrations/validate" \
  -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"provider":"openrouter","token":"sk-or-..."}' | jq

curl -sS -X POST "$API_BASE/api/integrations/validate" \
  -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"provider":"huggingface","token":"hf_..."}' | jq

The UI saves valid integrations to the workspace after validation.

Workspace invitations

List members and invites

bash
curl -sS "$API_BASE/api/invite-user?business_id=$BUSINESS_ID" \
  -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" | jq

Invite a user

bash
curl -sS -X POST "$API_BASE/api/invite-user" \
  -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "teammate@example.com",
    "role": "member",
    "business_id": "BUSINESS_ID",
    "redirect_to": "https://dr-gero-frontend-99142474693.europe-west1.run.app/signin"
  }' | jq

role must be member or admin.

Revoke an invite

bash
curl -sS -X DELETE "$API_BASE/api/invite-user" \
  -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"business_id":"BUSINESS_ID","invite_id":"INVITE_ID"}' | jq

Remove a member

bash
curl -sS -X DELETE "$API_BASE/api/invite-user" \
  -H "Authorization: Bearer $SUPABASE_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"business_id":"BUSINESS_ID","user_id":"USER_ID"}' | jq

You cannot remove yourself, and owners cannot be removed through this endpoint.

Dataset URL validation

This endpoint can accept a Supabase user session or a Dr.Gero API token.

bash
curl -sS -X POST "$API_BASE/api/datasets/huggingface/check" \
  -H "Authorization: Bearer $DRGERO_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "dataset_url": "https://huggingface.co/datasets/acme/support-evals/resolve/main/eval.jsonl"
  }' | jq