Intry

API overview

Admin API vs Core routes, auth, environments, and response shapes.

Overview

Intry’s HTTP surface splits into:

  1. /api/admin/* — CRM-style operations (tenants, properties, units, users, calls, devices, analytics). Used by the admin dashboard, Unkey API keys, and tools like intry-mcp.
  2. Core mobile / Twilio routes/twilio/*, /access/*, /devices/*, /registration/* for apps and telephony webhooks.

This reference focuses on the admin contract because it is stable, filterable, and documented in OpenAPI.

OpenAPI spec

Import the bundled spec from the monorepo:

docs/openapi/admin.yaml

Use it with Postman, Insomnia, or OpenAPI code generators. When the spec and code disagree, trust the running service and file a docs bug.

Multi-environment admin proxy

When calling admin routes through intry-admin (or any proxy that mirrors it), send:

X-Admin-Env: PROD

Accepted values include DEV, TEST, STAGING, PROD. The proxy selects the matching Railway (or configured) Core base URL.

Authentication

ClientMethod
Human (dashboard)WorkOS SSO session via admin UI
Automation / agentsUnkey API key in Authorization (see Authentication)

Core mobile routes use their own JWT/session flows — not covered by Unkey.

List & pagination patterns

Admin list endpoints return paginated collections:

{
  "properties": [/* ... */],
  "total": 42,
  "limit": 20,
  "offset": 0
}

Single-resource responses wrap the entity:

{ "property": { "id": "…", "name": "…" } }

Quick start (admin automation)

Create or obtain an Unkey key with the scopes your integration needs (see internal runbook docs/AGENT_UNKEY_KEYS.md).

Choose target environment and set X-Admin-Env on every request if you route through the admin proxy.

GET /api/admin/stats HTTP/1.1
Host: <your-proxy-host>
Authorization: Bearer <unkey_root_key_or_bearer_token>
X-Admin-Env: STAGING

Errors

Expect standard HTTP status codes (401 / 403 for auth, 404 for missing IDs, 422 for validation). Error bodies may include a message string; always log correlation IDs when provided by your gateway.

Environments

Use non-production Core + proxy hosts. Validate destructive scripts against disposable tenants only.

Require TLS, tight Unkey scopes, and change management for migrations or bulk updates.

Authentication

WorkOS SSO, Unkey API keys, and resident auth on Intry.

On this page

OverviewOpenAPI specMulti-environment admin proxyAuthenticationList & pagination patternsQuick start (admin automation)ErrorsEnvironments