Skip to content
AM

studio-api (GraphQL + GitHub webhook)

Studio owns sites, site settings, forms, email templates, assets, API keys, presence, experiments, storefront editing/building, and site AI-search controls. It manages delivery configuration; it does not serve the Commerce storefront REST API.

Runtime

PropertyCurrent contract
Production API originhttps://api.studio.inblack.app
GraphQLPOST /graphql
GitHub provider callback/api/v1/webhooks/github
GraphQL operations84: 37 queries, 46 mutations, 1 subscription
HTTP registrations8 total; GraphQL, health, playground, and GitHub callback are externally classified

studio.inblack.app is the Studio SPA origin, not the API origin.

Example

Terminal window
curl https://api.studio.inblack.app/graphql \
-H "Authorization: Bearer <token>" \
-H "X-Tenant-ID: <tenant-id>" \
-H "Content-Type: application/json" \
-d '{"query":"{ studioSites(limit: 5) { id domain status framework } }"}'

The GraphQL mount is wrapped by Portal authorization for the Studio product. Individual operations can add feature, role, and permission requirements. See the GraphQL operation reference.

Key boundaries

  • Studio administrative credentials are not storefront SDK keys.
  • Internal Connect handlers for forms, API keys, and email templates use service-token auth and are excluded from public documentation.
  • /api/v1/webhooks/github is an inbound provider callback, not a general-purpose customer endpoint.
  • Studio API-key rotation and revocation require MCP approval when performed through the agent surface, even though those tools are cataloged as T2.