Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.mareaalcalina.com/llms.txt

Use this file to discover all available pages before exploring further.

Changelog

2026-05-10
Docs site accuracy + DX overhaul
Improved — comprehensive docs audit + Stripe-style cleanup.Following the first public publish, a senior-engineer pass cross-checked every claim in the docs against the cloud-functions Zod contracts as ground truth.
  • API Reference now covers all 13 v1 operations (previously a Phase-1 stub with /v1/me only). openapi.json is script-generated from the cloud-functions Zod schemas via @asteasolutions/zod-to-openapi (zero drift): tags, operationIds, both security schemes (Bearer + X-API-Key), rate-limit response headers, idempotency headers, and full $ref to ApiErrorResponse on every 4xx/5xx.
  • Stripe-style URL slugs. API reference pages now ship at clean URLs like /api/storefronts/create-storefront and /api/identity/get-current-identity (previously they were verbose auto-slugified sentences).
  • Plan limits corrected. plan.limits shape is {storefronts, products, publishable} (not the docs’ previous {maxStorefronts, maxProducts, canPublish} invention). Free plan has two variants (FREE_NEW 1 storefront, FREE_OLD legacy 3 storefronts). Pre-paywall accounts have a 2,000 draft-product cap. Single-product POST returns plan_max_products_reached, not products_over_limit (the latter is the 207-batch path).
  • Scopes corrected. Eight real scopes: developer:bootstrap, developer:read, developer:issueUserKey, catalog:read, catalog:write, storefront:publish, me:verify, me:resendVerification. Earlier docs referenced a non-existent users:bootstrap — now removed everywhere.
  • Error codes: ~40 real error.code values cross-checked against grep ApiError across src/api/. Removed three fabricated codes (validation_failed, product_not_found, rpd_exceeded-as-code) that the docs invented; replaced with the real ones (invalid_request_body, storefront_not_found, rate_limit_exceeded). rpd_exceeded/rpm_exceeded continue to surface inside error.message only.
  • MCP quickstart: install path now uses the mcp-remote bridge (verified package). Tool count corrected to 7 (verify + resend are REST-only by design).
  • Four concept pages that were placeholders are now real content: verification-flow, tos-jurisdiction, arco-procedures, versioning. Each is sourced from cloud-functions handlers, with TTLs, lockouts, cancel reasons, and breaking-change rules from code.
  • Homepage: removed redundant H1 + intro paragraph that duplicated frontmatter title/description (Mintlify renders both automatically). Added a “Webhook surfaces” CardGroup so first-time readers see both surfaces.
  • Receiver helpers: concepts/webhooksconcepts/page-webhooks now both ship full JS + Python verifiers in api/webhooks/*.mdx, with the X-Marea-Source (developer vs merchant) header disambiguating endpoints that serve both surfaces.
19 files changed; Mintlify validate + broken-links both green.
2026-05-09
Page webhooks (PRD-12) — order events for merchant integrations
Added — Page webhooks: real-time order events for merchant POS / Zapier / Make.com / accounting integrations.A new merchant-configured webhook surface, distinct from the developer-configured Agent webhooks. Three event types ship:
  • order.created — fires on checkout completion (when orderStatus transitions to pending and a publicOrderId is assigned). Carries the full order: items, pricing, customer, delivery, payment method.
  • order.status_updated — fires on every order-status transition (e.g. pendinginProgresscompleted, plus any custom-pipeline transitions). Slim payload — previousState → newState only; receivers cache order.created and merge by orderId.
  • order.paid — fires on Stripe Checkout success or PayPal capture success. Finance-focused payload with provider reconciliation IDs (stripeCheckoutSessionId, paypalCaptureId, etc.) and no customer PII.
Where to configure: the merchant’s profile page at /menus/profile?section=integrations. Marea generates a 32-byte HMAC signing secret on first save and reveals it once.Differs from Agent webhooks:
Agent webhooksPage webhooks
Configured byDeveloper (in /developers/webhooks)Merchant (in /menus/profile?section=integrations)
Eventsuser.verified, user.cancelledorder.created, order.status_updated, order.paid
Signing keyHKDF-SHA256 from apiKeys/{keyId}.keyHashRaw 32-byte hex from users/{uid}.webhookSigningSecret
Header to disambiguateX-Marea-Source: developerX-Marea-Source: merchant
If your single endpoint serves both surfaces, branch on X-Marea-Source to pick the right verification path.Same retry semantics as Agent webhooks: 3 attempts (immediate / +30s / +5min); 5-second timeout per attempt; 5-minute replay window on the t= timestamp. Dead-letters surface in the merchant’s recent-deliveries log (last 50 entries, rolling 30-day window).Receiver code: ready-to-paste JS + Python verifier at /api/webhooks/page-webhook-helpers.Concept page: /concepts/page-webhooks.Rollout: default-OFF in production behind a server-side flag; per-merchant overrides during canary. Friendly-merchant cohort onboarding before fleet-wide enable.