Developers
API & integrations
Breya's primary surface today is the authenticated web app for teachers and students. District-facing APIs are rolled out gradually-this page documents what exists now and what's on deck.
Current integration points
- Stripe Checkout & Billing Portal - invoked from authenticated teacher billing flows (no public REST surface).
- Supabase-backed auth - OAuth/email flows issued by our identity provider; tokens are HTTP-only cookies scoped to breya domains.
- Contact form webhook - `/api/contact` accepts structured inquiries from the marketing site (rate-limited server-side).
Partner API roadmap
We're designing read-only exports for SIS partners (rosters, section metadata) and scoped keys for LMS LTI-style launches. Nothing here is guaranteed GA yet-when preview credentials exist, they'll ship behind a signed data-processing addendum.
| Capability | Status |
|---|---|
| Read roster & enrolment snapshots | Design / pilot |
| Assignment + submission export for archival | Exploring |
| SCIM user provisioning | Backlog |
Authentication model (future REST)
Preview APIs will likely use short-lived bearer tokens minted server-side after OAuth exchange-never embed long-lived secrets in browser bundles. Requests will require explicit school_id scoping headers so district tenants stay isolated.
Rate limits & reliability
When APIs graduate to beta, expect conservative per-tenant quotas (e.g., hundreds of read requests per minute) with structured 429 responses and Retry-After hints.
Need integration paperwork?
Send your security questionnaire + desired scopes-we'll route it to engineering and legal together.
Start a technical thread →