Steve API

Steve exposes three live HTTP surfaces and one planned integration surface.

Base URL

All HTTP routes are served from the Convex site host:

https://<deployment>.convex.site

If your frontend is configured with a Convex client URL such as https://<deployment>.convex.cloud or wss://<deployment>.convex.cloud, convert it to .convex.site for direct HTTP requests.

What exists today

The live external integration surface currently includes:

• GET /api/v1/companies
• GET /api/v1/jobs/{sessionId}
• POST /api/v1/webhooks/test

The invitation flow is also live:

• GET /api/invitation/validate
• POST /api/invitation/complete

The planned upload-session endpoints described elsewhere in the repository are not mounted in convex/http.ts yet. This docs site keeps those contracts separate and clearly marked as preview material.

Design characteristics

• External routes are versioned under /api/v1.
• Auth, rate limiting, and error handling are implemented centrally in convex/lib/apiAuth.ts.
• Asynchronous work is tracked through apiSessions, which is what the job polling endpoint reads.
• Webhook delivery is signed, retried, and tracked per session.
• Invitation and agent routes use a stricter CORS allowlist than the API-key surface.
• Workflow processing also supports a global image moderation pre-step, documented under the Platform section because it is not part of the public HTTP contract.

Recommended reading order

1. Start with Base URLs.
2. Review Authentication.
3. If you need product and system context, read Project Overview, Technical Architecture, and Image Moderation.
4. Read Errors and Rate Limits.
5. Use the OpenAPI-backed pages under API Reference.
6. If you are planning around future ingestion endpoints, read Upload Session API last.