Security enhancements to IP Vault and new Gemini 3.1 Flash Live STS model for Convo mode
API Documentation
Runtime API
- GETInitiate SSO login
- POSTSSO callback
- POSTGitHub Marketplace webhook receiver
- GETStart the Google Services (per-user) OAuth consent flow
- GETGoogle Services OAuth callback
- GETValidate the caller's stored Google Services token
- DELRevoke the caller's stored Google Services token
- GETStart the Google OAuth flow for an institution-level token
- GETValidate an institution's stored Google token
- DELRevoke an institution's stored Google token
- GETComplete the Canvas LMS API authorization handoff
Administrator API
- GETInitiate SSO login
- POSTSSO callback
- POSTGitHub Marketplace webhook receiver
- GETStart the Google Services (per-user) OAuth consent flow
- GETGoogle Services OAuth callback
- GETValidate the caller's stored Google Services token
- DELRevoke the caller's stored Google Services token
- GETStart the Google OAuth flow for an institution-level token
- GETValidate an institution's stored Google token
- DELRevoke an institution's stored Google token
- GETComplete the Canvas LMS API authorization handoff
curl --request POST \
--url https://pria.praxislxp.com/api/auth/github/webhook \
--header 'Content-Type: application/json' \
--header 'X-Hub-Signature-256: <x-hub-signature-256>' \
--data '
{
"action": "purchased",
"effective_date": "2023-11-07T05:31:56Z",
"sender": {
"login": "<string>",
"id": 123,
"type": "<string>",
"email": "<string>",
"avatar_url": "<string>"
},
"marketplace_purchase": {
"account": {},
"plan": {},
"billing_cycle": "<string>",
"unit_count": 123,
"on_free_trial": true,
"free_trial_ends_on": "<string>",
"next_billing_date": "<string>"
}
}
'{
"received": true,
"error": "<string>"
}GitHub Marketplace webhook receiver
Receives marketplace_purchase events from GitHub when an org or user
purchases, upgrades, downgrades, or cancels the Pria Marketplace listing.
The endpoint validates the request via the X-Hub-Signature-256 HMAC header
(computed by GitHub with GITHUB_WEBHOOK_SECRET), then dispatches by action
(purchased, changed, cancelled, pending_change, pending_change_cancelled).
On a new purchase the handler auto-creates the Pria user (via autosignup),
generates a one-time login link (?otp=<base64> in the URL since the link is
delivered by email — see docs/index/oauth-otp.md), and emails it to the
purchaser.
Authentication: none in the traditional sense — request authenticity is
proven by the X-Hub-Signature-256 HMAC, compared with crypto.timingSafeEqual.
Requests with a missing or wrong signature are rejected with 401. Application
errors that occur after signature validation still return 200 so GitHub does
not retry; the failure is surfaced via internal email instead.
curl --request POST \
--url https://pria.praxislxp.com/api/auth/github/webhook \
--header 'Content-Type: application/json' \
--header 'X-Hub-Signature-256: <x-hub-signature-256>' \
--data '
{
"action": "purchased",
"effective_date": "2023-11-07T05:31:56Z",
"sender": {
"login": "<string>",
"id": 123,
"type": "<string>",
"email": "<string>",
"avatar_url": "<string>"
},
"marketplace_purchase": {
"account": {},
"plan": {},
"billing_cycle": "<string>",
"unit_count": 123,
"on_free_trial": true,
"free_trial_ends_on": "<string>",
"next_billing_date": "<string>"
}
}
'{
"received": true,
"error": "<string>"
}Documentation Index
Fetch the complete documentation index at: https://docs.praxis-ai.com/llms.txt
Use this file to discover all available pages before exploring further.
Headers
HMAC-SHA256 of the raw request body, prefixed with sha256=.
GitHub event type. Only marketplace_purchase is acted on; everything else is logged and acknowledged.
Per-delivery UUID assigned by GitHub (for log correlation).
Body
Raw GitHub Marketplace payload. The handler reads req.body as a Buffer and
JSON-parses after signature verification. See GitHub's marketplace_purchase
documentation for the full shape.
Was this page helpful?