Docs/Public API
Public API

SparkGlim Public Embed API

Public and unauthenticated routes for approved public SparkGlim data, payment starts, ticket verification, blog content, and campaign summaries.

API context

Base path

/api/public

Audience

Public websites, apps, and embeds that need safe public SparkGlim data.

Authentication

Unauthenticated public routes with validation, forwarding, caching, and gateway protections where implemented. Do not place secret keys in browser embeds.

Overview

Overview

Use these routes for public SparkGlim content and embeddable experiences.

Public responses are intentionally smaller than private API responses.

Embedding

Current embed integrations should use public route data and redirect users to SparkGlim-hosted participation flows for protected actions.

Validate campaign visibility and avoid exposing internal IDs beyond what public routes already return.

Security

Public clients must not include admin, creator, reseller, or white-label secrets.

Use cache-friendly reads and handle 404/unavailable campaign responses cleanly.

Implementation audit

These docs are tied to the current backend implementation.

Mounted at /api/public in server/src/api/router.ts after global rate limiting.
Routes are implemented in server/src/api/routes/public.ts.
Only public-safe routes are listed; private creator, admin, transaction internals, KYC, and provider secrets are excluded.

Payments

POST
Payments
server/src/api/routes/public.ts:564

Initialize public vote

Initializes a public vote payment through the existing public payment flow.

POST /api/public/vote

Authentication

Unauthenticated public route with server-side validation and forwarding

Permissions

None documented for this route

No request fields documented beyond route-level validation.

Ticketing

POST
Ticketing
server/src/api/routes/public.ts:572

Initialize public ticket purchase

Initializes a public ticket purchase.

POST /api/public/tickets/purchase

Authentication

Unauthenticated public route with server-side validation and forwarding

Permissions

None documented for this route

No request fields documented beyond route-level validation.

Verification

GET
Verification
server/src/api/routes/public.ts:874

Public ticket verification

Verifies publicly verifiable ticket codes through the existing public verification flow.

GET /api/public/tickets/public-verify

Authentication

Unauthenticated public verification route

Permissions

None documented for this route

NameLocationTypeRequiredDescription
codequerystringYesTicket code.

Content

GET
Content
server/src/api/routes/public.ts:886

List public blog posts

Lists published public blog posts with search, category, featured, limit, and offset filters.

GET /api/public/blog

Authentication

Unauthenticated public route

Permissions

None documented for this route

NameLocationTypeRequiredDescription
categoryquerystringNoCategory slug.
searchquerystringNoSearch text.
limitquerynumberNo1 to 30.
offsetquerynumberNoOffset.

Fundraising

GET
Fundraising
server/src/api/routes/public.ts:1361

Get public donation summary

Returns public fundraising summary data for a campaign.

GET /api/public/donation-summary/:campaignId

Authentication

Unauthenticated public route with short cache

Permissions

None documented for this route

NameLocationTypeRequiredDescription
campaignIdpathstringYesCampaign ID.

Voting

GET
Voting
server/src/api/routes/public.ts:1392

Get public vote counts

Returns public vote counts for a campaign.

GET /api/public/vote-counts/:campaignId

Authentication

Unauthenticated public route

Permissions

None documented for this route

NameLocationTypeRequiredDescription
campaignIdpathstringYesCampaign ID.