App Profile
The App and its profile is your entry point to The Bridge. This is your unique set of settings to tailor the experience. You can have several different apps, e.g. one for production and one for testing.
Get App Profile
Section titled “Get App Profile”Gets the complete App model of your app. Use this response data to alter your model and push back.
HTTP Request
Section titled “HTTP Request”GET https://api.thebridge.dev/account/app
Headers
Section titled “Headers”| Parameter | Type | Required | Description |
|---|---|---|---|
x-api-key | string | Required | Your app API key |
Response
Section titled “Response”HTTP 200 — Your App Profile model.
Request example
curl --request GET 'https://api.thebridge.dev/account/app' \
--header 'x-api-key: YOUR_APP_API_KEY'Response example:
{ "id": "624c14cc0c01e70033356282", "name": "My app", "domain": "MY_APP", "apiUrl": "http://localhost:3000", "uiUrl": "http://localhost:8100", "emailSenderName": "My App", "emailSenderEmail": "noreply@myapp.com", "webhookUrl": "http://api.example.com/webhook", "stripeEnabled": false, "paymentsAutoRedirect": true, "passkeysEnabled": true, "magicLinkEnabled": true, "mfaEnabled": true, "azureMarketplaceEnabled": false, "googleSsoEnabled": false, "azureAdSsoEnabled": true, "linkedinSsoEnabled": true, "githubSsoEnabled": true, "facebookSsoEnabled": true, "onboardingFlow": "B2B", "tenantSelfSignup": true, "cloudViews": true, "redirectUris": ["http://localhost:8080/auth/oauth-callback"], "defaultCallbackUri": "http://localhost:8080/auth/oauth-callback", "logo": "https://public.nblocks.dev/assets/logos/nblocks-logo-black.svg", "websiteUrl": "http://localhost", "privacyPolicyUrl": "", "termsOfServiceUrl": "", "accessTokenTTL": 3600, "refreshTokenTTL": 604800}GET Try it out
GET
https://api.thebridge.dev/account/app Stored in session memory only. Never persisted.
Update App Profile
Section titled “Update App Profile”You can update the app with the same JSON you got from Get App Profile, or just provide the fields you want to update.
HTTP Request
Section titled “HTTP Request”PUT https://api.thebridge.dev/account/app
Body Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Optional | Name of the app |
apiUrl | string | Optional | URL to your API (to receive webhooks etc) |
uiUrl | string | Optional | URL to your frontend app (for onboarding redirects etc) |
webhookUrl | string | Optional | Enable webhook events to be sent to this URL |
logo | string | Optional | URL to your logo |
websiteUrl | string | Optional | URL to your website or landing page |
privacyPolicyUrl | string | Optional | URL to your privacy policy page |
termsOfServiceUrl | string | Optional | URL to your terms of service page |
emailSenderName | string | Optional | Sender name for emails sent from The Bridge |
emailSenderEmail | string | Optional | Sender email for emails (must be verified) |
onboardingFlow | OnboardingFlow | Optional | Configure how users will be onboarded |
cloudViews | boolean | Optional | Use UI provided by The Bridge instead of your own |
tenantSelfSignup | boolean | Optional | Allow users to signup for new workspaces |
redirectUris | string[] | Optional | Allowed redirect URIs |
defaultCallbackUri | string | Optional | Default handover/callback URI |
stripeEnabled | boolean | Optional | Enable Stripe payments |
paymentsAutoRedirect | boolean | Optional | Auto-redirect to plan selection after signup or trial end |
passkeysEnabled | boolean | Optional | Allow passkey login |
magicLinkEnabled | boolean | Optional | Allow Magic-Link login |
mfaEnabled | boolean | Optional | Allow multi-factor authentication |
googleSsoEnabled | boolean | Optional | Allow Google SSO login |
azureAdSsoEnabled | boolean | Optional | Allow Azure AD SSO login |
linkedinSsoEnabled | boolean | Optional | Allow LinkedIn SSO login |
githubSsoEnabled | boolean | Optional | Allow GitHub SSO login |
facebookSsoEnabled | boolean | Optional | Allow Facebook SSO login |
accessTokenTTL | number | Optional | Access token lifetime in seconds |
refreshTokenTTL | number | Optional | Refresh token lifetime in seconds |
Response
Section titled “Response”HTTP 200 — Returns the updated App Profile model.
Request example
curl --request PUT 'https://api.thebridge.dev/account/app' \
--header 'x-api-key: YOUR_APP_API_KEY' \
--header 'Content-Type: application/json' \
--data-raw '{
"logo": "https://www.example.com/another_logo.png"
}'PUT Try it out
PUT
https://api.thebridge.dev/account/app Stored in session memory only. Never persisted.
Update Credentials
Section titled “Update Credentials”Store sensitive credentials for your app so The Bridge can authorize with 3rd party services on your behalf. These credentials are never outputted back again.
HTTP Request
Section titled “HTTP Request”PUT https://api.thebridge.dev/account/app/credentials
Body Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
stripeSecretKey | string | Optional | Stripe integration secret key |
stripePublicKey | string | Optional | Stripe integration public key |
googleClientId | string | Optional | Google social login client ID |
googleClientSecret | string | Optional | Google social login client secret |
microsoftAzureADClientId | string | Optional | Azure AD SSO client ID |
microsoftAzureADClientSecret | string | Optional | Azure AD SSO client secret |
microsoftAzureADTenantId | string | Optional | Azure AD SSO tenant ID |
Response
Section titled “Response”HTTP 200 — Credentials state object (credentials themselves are never returned).
Request example
curl --request PUT 'https://api.thebridge.dev/account/app/credentials' \
--header 'x-api-key: YOUR_APP_API_KEY' \
--header 'Content-Type: application/json' \
--data-raw '{
"googleClientId": "XXXXXXX",
"googleClientSecret": "XXXXXXX"
}'Response example:
{ "stripeCredentialsAdded": true, "azureMarketplaceCredentialsAdded": true, "azureAdSsoCredentialsAdded": false, "googleSsoCredentialsAdded": true}PUT Try it out
PUT
https://api.thebridge.dev/account/app/credentials Stored in session memory only. Never persisted.
Get Credentials State
Section titled “Get Credentials State”Although the credentials are never displayed again, you can always get their states to confirm they’ve been added.
HTTP Request
Section titled “HTTP Request”GET https://api.thebridge.dev/account/app/credentialsState
Response
Section titled “Response”HTTP 200 — Credentials state object.
Request example
curl --request GET 'https://api.thebridge.dev/account/app/credentialsState' \
--header 'x-api-key: YOUR_APP_API_KEY'Response example:
{ "stripeCredentialsAdded": true, "azureMarketplaceCredentialsAdded": true, "azureAdSsoCredentialsAdded": false, "googleSsoCredentialsAdded": true}GET Try it out
GET
https://api.thebridge.dev/account/app/credentialsState Stored in session memory only. Never persisted.