> ## Documentation Index
> Fetch the complete documentation index at: https://docs.browsary.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Browsary overview

> Understand the surface area of the Browsary HTTP API before diving into individual endpoints.

Browsary pairs a managed headless browser fleet with project-scoped AI pipelines and automation tooling. Every feature exposed in the app is also available under the `/api` namespace so you can onboard users programmatically, automate browser sessions, or run and evolve pipelines from CI.

## Platform pillars

* **Identity & security** – cookie-backed sessions for humans, API keys for services, hard requirements for email verification and TOTP-based two-factor auth.
* **Projects & resources** – every project slug unlocks a dedicated `/[project]/api/...` surface for pipelines, functions, MCP servers, proxies, and browser sessions.
* **Execution fabric** – coordinate browser containers, capture logs, and stream pipeline outputs over SSE without leaving the API.
* **Billing controls** – check balances, start subscriptions, issue one-off top-ups, and receive Stripe webhooks to mirror the ledgers in your systems.
* **Integration hooks** – external session bootstrap endpoints and a low-level coordinator API make it easy to plug Browsary into existing infrastructure.

## Base URLs

| Environment       | Base URL                    | Notes                                                                                                                         |
| ----------------- | --------------------------- | ----------------------------------------------------------------------------------------------------------------------------- |
| Production        | `https://<your-app-domain>` | All documented endpoints live under this host with a `/api` prefix for global calls or `/:project/api` for project resources. |
| Local development | `http://localhost:3000`     | When running `npm run dev` you still hit the same relative paths, e.g. `http://localhost:3000/api/projects`.                  |

> Tip: `GET /api` always returns the deployed API version plus a `subject` payload so you can validate that authentication worked before issuing sensitive calls.

## Auth choices at a glance

* **Session cookies** – created by the `POST /api/auth/login` flow and automatically refreshed by verification, reset, and 2FA endpoints. Cookies are required for dashboard access.
* **API keys** – mint scoped keys under `/api/api-keys` and send them as `x-api-key` or `Authorization: ApiKey <value>`. Keys inherit the owner’s permissions but can be locked to specific projects or permission strings.
* **External tokens** – some integration endpoints (`/api/external-session` and `/api/coordinator/<token>/*`) expect shared secrets provided through environment variables.

## Resource map

| Area               | When to use it                                                                                           |
| ------------------ | -------------------------------------------------------------------------------------------------------- |
| **Core reference** | `/api` root discovery, authentication flows, API key management, user/project CRUD.                      |
| **Billing**        | Subscribe to plans, surface topline usage, or start customer-hosted billing portal sessions.             |
| **Project APIs**   | Everything that depends on a project slug: pipelines, functions, browser sessions, MCP servers, proxies. |
| **Integrations**   | Coordinator commands, external session bootstrap, and Stripe webhook ingestion.                          |

Use the sidebar to jump into the relevant reference page once you know which category you need.
