Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.scrubbe.com/llms.txt

Use this file to discover all available pages before exploring further.

The customer portal gives your end-users a self-service view into incidents that affect them. Customers can register, log in, open incident reports, and track the status of existing ones — all through a dedicated set of public API endpoints that sit outside your internal, token-protected infrastructure. This guide covers onboarding a customer company, registering a user, authenticating, and using the protected endpoints to manage incidents on behalf of that customer.

How the customer portal API works

The portal API has two layers:
  • Public endpoints — no authentication required. Used for company lookup, registration, and login.
  • Protected endpoints — require the customer JWT returned at login. Used for creating and viewing incidents.
This separation means customers never need access to your internal API key.

Look up available companies

Before registering, a customer selects which company (tenant) they belong to. Fetch the list of available companies to populate a sign-up form or onboarding flow. 
curl https://api.scrubbe.io/api/v1/customer/companies
The response returns company IDs and display names. You will need the companyId for the registration step.

Register a customer

Create a new customer account under the appropriate company. 
curl -X POST https://api.scrubbe.io/api/v1/customer/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@acme.com",
    "password": "securepassword",
    "name": "Alex Johnson",
    "companyId": "<companyId>"
  }'
This endpoint is unauthenticated. Apply rate limiting and CAPTCHA at your edge layer if you expose this directly to a public sign-up form.

Log in and obtain a token

Authenticate a registered customer. The response includes a JWT that must be sent as Authorization: Bearer <token> on all subsequent protected requests. 
curl -X POST https://api.scrubbe.io/api/v1/customer/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@acme.com",
    "password": "securepassword"
  }'
Store the returned token securely. It is scoped to the customer’s company and does not grant access to internal Scrubbe endpoints.
Customer JWTs must not be used in server-side code alongside your internal API key. Keep the two credential types separate to avoid unintentionally exposing internal data to customers.

Create an incident (customer)

An authenticated customer can open an incident report. This creates a ticket within their company’s scope and notifies your internal team. 
curl -X POST https://api.scrubbe.io/api/v1/customer/create-incident \
  -H "Authorization: Bearer <customerToken>" \
  -H "Content-Type: application/json" \
  -d '{
    "summary": "Unable to complete checkout",
    "description": "Getting a 500 error when clicking Pay Now. Started approximately 30 minutes ago.",
    "priority": "HIGH"
  }'
The response includes an incident id that the customer can use to check status.

Retrieve a customer incident

Let customers track the status and updates on a specific incident they have reported. 
curl https://api.scrubbe.io/api/v1/customer/get-incident/<id> \
  -H "Authorization: Bearer <customerToken>"
The response exposes the customer-facing fields of the incident — status, summary, and any public updates — without leaking internal techDescription or responder notes.

List all incidents for a customer

Return all incidents the authenticated customer has reported. Useful for building a customer-facing status dashboard or support history view. 
curl https://api.scrubbe.io/api/v1/customer/get-incidents \
  -H "Authorization: Bearer <customerToken>"

Suggested integration pattern

1

Fetch companies on load

Call GET /api/v1/customer/companies when the user opens your sign-up page and populate a company selector.
2

Register the user

POST to POST /api/v1/customer/register with the selected companyId and the user’s credentials.
3

Authenticate and store the token

POST to POST /api/v1/customer/login and store the returned JWT in your client’s secure storage (e.g., an httpOnly cookie).
4

Build the incident dashboard

On load, call GET /api/v1/customer/get-incidents to show the customer’s incident history. Poll or use webhooks to keep status current.
5

Surface the incident form

When a customer reports a new problem, POST to POST /api/v1/customer/create-incident and return the incident ID so they can track progress.

Manage Incidents

Internal incident lifecycle — create, update, and resolve tickets from your team’s side.

AI Ezra

Trigger AI analysis on incidents created through the customer portal.