Racinage
Francais

Operations

APIs and connectors

Last updated 2026-07-05 08:42

Family, Max, and Lifetime plans can expose selected family records through scoped CRUDSSF API keys and signed outgoing webhooks.

Access model

Enable API access from Manage > APIs & Connectors. A family manager chooses the resource scopes, then creates API keys for external tools. Super-admins can view usage, suspend a family API, revoke keys, and test webhooks from admin7839 > APIs & Connectors.

  • Authenticate API requests with Authorization: Bearer YOUR_API_KEY.
  • Keys are hashed at rest and the full key is shown only once.
  • Every request is limited to the key resource scopes, operation scopes, and selected family_long_id.
  • Existing keys stay read/search/sort/filter only. Grant create, update, or delete only to trusted integrations.
  • Lite plans cannot enable API access.

Resources and formats

The first API version is /api/v1. Supported resources are trees, persons, gallery, events, projects, finances, documents, history, and all.

curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://racinage.com/api/v1/persons?format=json"

curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://racinage.com/api/v1/events?format=csv"

curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://racinage.com/api/v1/all?format=pdf"

curl -L -H "Authorization: Bearer YOUR_API_KEY" \
  "https://racinage.com/api/v1/documents/DOCUMENT_ID/file"

curl -X POST -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"first_name":"Ada","last_name":"Lovelace","gender":"F"}' \
  "https://racinage.com/api/v1/persons"

curl -X PATCH -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"last_name":"Byron"}' \
  "https://racinage.com/api/v1/persons/PERSON_ID"

curl -X DELETE -H "Authorization: Bearer YOUR_API_KEY" \
  "https://racinage.com/api/v1/persons/PERSON_ID"

Use format=json for integrations, csv for spreadsheets, html for printable browser views, and pdf for lightweight snapshots. Media is returned as URLs; protected document files are fetched through the bearer-authenticated file endpoint.

Search, sort, and filter are query operations: ?search=Ada, ?sort=created_at&direction=asc, and ?filter[gender]=F. Gallery and document creates accept file_base64, original_name, and optional mime_type.

Continuous updates

Use Server-Sent Events for a low-overhead stream of family changes. The stream sends metadata only; fetch the record again when your integration needs full details.

curl -N -H "Authorization: Bearer YOUR_API_KEY" \
  "https://racinage.com/api/v1/events/stream"

Webhooks

Webhooks send JSON to HTTPS endpoints when enabled resources change. Verify the signature with the webhook secret and the X-Racinage-Timestamp header.

signed_payload = timestamp + "." + raw_body
expected = "sha256=" + hmac_sha256(webhook_secret, signed_payload)

Webhook headers include X-Racinage-Event, X-Racinage-Delivery, X-Racinage-Timestamp, and X-Racinage-Signature.

Developer notes

The implementation lives in includes/api_functions.php, the route is registered in core/router.php, and the production schema is documented in database/2026_07_05_api_connectors.sql. Keep future changes versioned under /api/v2 when response shape or authentication behavior becomes incompatible.