API Reference

All Endpoints

Complete reference of all Technical Debt Radar API endpoints grouped by module.

All API Endpoints

Base URL: https://api.radar.dev/v1

All authenticated endpoints require a Bearer token in the Authorization header:

Authorization: Bearer <access_token>

Rate limits vary by endpoint and are noted in the individual endpoint docs. Default rate limit is 100 requests per minute per API key.

Method	Path	Description	Auth	Rate Limit
`POST`	`/auth/signup`	Register a new account	No	3/min
`POST`	`/auth/login`	Sign in with email and password	No	5/min
`POST`	`/auth/refresh`	Refresh an expired access token	No	10/min
`POST`	`/auth/logout`	Invalidate current access token	Yes	20/min
`POST`	`/auth/forgot-password`	Request a password reset email	No	3/min
`POST`	`/auth/reset-password`	Set a new password using reset token	No	5/min
`GET`	`/auth/github`	Redirect to GitHub OAuth flow	No	--
`GET`	`/auth/github/callback`	GitHub OAuth callback handler	No	--
`GET`	`/auth/google`	Redirect to Google OAuth flow	No	--
`GET`	`/auth/google/callback`	Google OAuth callback handler	No	--
`GET`	`/auth/me`	Get current authenticated user profile	Yes	60/min

Method	Path	Description	Auth	Min Role
`POST`	`/orgs`	Create a new organization	Yes	--
`GET`	`/orgs`	List organizations for current user	Yes	member
`GET`	`/orgs/:id`	Get organization details	Yes	member
`PUT`	`/orgs/:id`	Update organization settings	Yes	admin
`DELETE`	`/orgs/:id`	Delete organization permanently	Yes	owner
`GET`	`/orgs/:id/members`	List organization members	Yes	member
`PUT`	`/orgs/:id/members/:userId`	Update a member's role	Yes	admin
`DELETE`	`/orgs/:id/members/:userId`	Remove a member	Yes	admin
`POST`	`/orgs/:id/invitations`	Invite a new member by email	Yes	admin
`GET`	`/orgs/:id/invitations`	List pending invitations	Yes	admin
`DELETE`	`/orgs/:id/invitations/:invitationId`	Cancel a pending invitation	Yes	admin
`POST`	`/orgs/invitations/:token/accept`	Accept an invitation	Yes	--
`POST`	`/orgs/:id/transfer-ownership`	Transfer org ownership	Yes	owner
`POST`	`/orgs/:id/leave`	Leave an organization	Yes	member

Method	Path	Description	Auth	Plan
`POST`	`/billing/checkout`	Create a Stripe checkout session	Yes	Any
`POST`	`/billing/paypal/checkout`	Create a PayPal checkout session	Yes	Any
`POST`	`/billing/portal`	Open Stripe customer portal	Yes	Paid
`GET`	`/billing/subscription/:orgId`	Get current subscription details	Yes	Any
`POST`	`/billing/cancel`	Cancel subscription at period end	Yes	Paid
`POST`	`/billing/reactivate`	Reactivate a cancelled subscription	Yes	Paid
`POST`	`/billing/change-plan`	Change to a different plan	Yes	Paid
`POST`	`/billing/preview-change`	Preview proration for plan change	Yes	Paid
`GET`	`/billing/invoices/:orgId`	List invoices for organization	Yes	Paid
`POST`	`/billing/webhook/stripe`	Stripe webhook receiver	No	--
`POST`	`/billing/webhook/paypal`	PayPal webhook receiver	No	--

Method	Path	Description	Auth	Plan
`GET`	`/plans`	List all available plans	No	--
`GET`	`/plans/:planId`	Get plan details	No	--
`GET`	`/plans/org/:orgId/usage`	Get org plan usage stats	Yes	Any
`GET`	`/plans/org/:orgId/can-use/:feature`	Check if org can use a feature	Yes	Any
`GET`	`/plans/org/:orgId/enforcement`	Get enforcement summary	Yes	Any

Method	Path	Description	Auth	Plan
`GET`	`/credits/org/:orgId`	Get current credit balance	Yes	Any
`GET`	`/credits/org/:orgId/transactions`	List credit transactions	Yes	Any
`GET`	`/credits/org/:orgId/usage-by-operation`	Get usage breakdown by AI operation	Yes	Any

Method	Path	Description	Auth	Plan
`GET`	`/api/repos`	List repositories for current user	Yes	Any
`GET`	`/api/repos/:id/overview`	Get repository health overview	Yes	Any
`GET`	`/api/repos/:id/violations`	List violations (filterable, paginated)	Yes	Any
`GET`	`/api/repos/:id/trends`	Get violation/debt trends over time	Yes	Any
`GET`	`/api/repos/:id/hotspots`	Get complexity hotspot files	Yes	Any
`GET`	`/api/repos/:id/prs`	List PR analysis history	Yes	Any
`GET`	`/api/repos/:id/runtime-risks`	Get runtime risk details	Yes	Any
`GET`	`/api/repos/:id/policy`	Get current radar.yml policy	Yes	Any
`PUT`	`/api/repos/:id/policy`	Update policy via visual editor	Yes	Pro+
`POST`	`/api/repos/:id/policy/preview`	Preview policy changes	Yes	Any
`GET`	`/api/repos/:id/architecture-graph`	Get D3 architecture graph data	Yes	Pro+
`GET`	`/api/repos/:id/first-scan`	Get first-scan baseline results	Yes	Any
`POST`	`/api/repos/:id/analyze`	Trigger manual analysis	Yes	Any
`GET`	`/api/packs`	List rule packs (searchable)	Yes	Any
`GET`	`/api/packs/:name`	Get rule pack details	Yes	Any
`POST`	`/api/repos/:id/apply-pack`	Apply a rule pack to repository	Yes	Pro+

Method	Path	Description	Auth	Plan
`POST`	`/webhooks/github`	GitHub App webhook receiver	No	--
`POST`	`/webhooks/gitlab`	GitLab webhook receiver	No	--

Method	Path	Description	Auth	Plan
`GET`	`/badge/:owner/:repo`	SVG badge for repo health	No	Solo+

All endpoints return JSON. Successful responses use HTTP 200 (or 201 for creation, 204 for deletion). Error responses follow a consistent structure:

{
  "statusCode": 401,
  "message": "Unauthorized",
  "error": "Unauthorized"
}

Endpoints that return lists accept page and perPage query parameters:

GET /api/repos/:id/violations?page=2&perPage=50

Paginated responses include metadata:

{
  "data": [...],
  "total": 247,
  "page": 2,
  "perPage": 50,
  "totalPages": 5
}

Technical Debt Radar Documentation