> ## Documentation Index
> Fetch the complete documentation index at: https://docs.scrubbe.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Customer Portal: Register, Log In, and Track Incidents

> Set up customer access to Scrubbe's portal, authenticate users, and let customers create and track their own incident reports via the public API.

The customer portal gives your end-users a self-service view into incidents that affect them. Customers can register, log in, open incident reports, and track the status of existing ones — all through a dedicated set of public API endpoints that sit outside your internal, token-protected infrastructure. This guide covers onboarding a customer company, registering a user, authenticating, and using the protected endpoints to manage incidents on behalf of that customer.

## How the customer portal API works

The portal API has two layers:

* **Public endpoints** — no authentication required. Used for company lookup, registration, and login.
* **Protected endpoints** — require the customer JWT returned at login. Used for creating and viewing incidents.

This separation means customers never need access to your internal API key.

***

## Look up available companies

Before registering, a customer selects which company (tenant) they belong to. Fetch the list of available companies to populate a sign-up form or onboarding flow.

```bash theme={null}
curl https://api.scrubbe.io/api/v1/customer/companies
```

The response returns company IDs and display names. You will need the `companyId` for the registration step.

***

## Register a customer

Create a new customer account under the appropriate company.

```bash theme={null}
curl -X POST https://api.scrubbe.io/api/v1/customer/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@acme.com",
    "password": "securepassword",
    "name": "Alex Johnson",
    "companyId": "<companyId>"
  }'
```

<Note>This endpoint is unauthenticated. Apply rate limiting and CAPTCHA at your edge layer if you expose this directly to a public sign-up form.</Note>

***

## Log in and obtain a token

Authenticate a registered customer. The response includes a JWT that must be sent as `Authorization: Bearer <token>` on all subsequent protected requests.

```bash theme={null}
curl -X POST https://api.scrubbe.io/api/v1/customer/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@acme.com",
    "password": "securepassword"
  }'
```

Store the returned token securely. It is scoped to the customer's company and does not grant access to internal Scrubbe endpoints.

<Warning>Customer JWTs must not be used in server-side code alongside your internal API key. Keep the two credential types separate to avoid unintentionally exposing internal data to customers.</Warning>

***

## Create an incident (customer)

An authenticated customer can open an incident report. This creates a ticket within their company's scope and notifies your internal team.

```bash theme={null}
curl -X POST https://api.scrubbe.io/api/v1/customer/create-incident \
  -H "Authorization: Bearer <customerToken>" \
  -H "Content-Type: application/json" \
  -d '{
    "summary": "Unable to complete checkout",
    "description": "Getting a 500 error when clicking Pay Now. Started approximately 30 minutes ago.",
    "priority": "HIGH"
  }'
```

The response includes an incident `id` that the customer can use to check status.

***

## Retrieve a customer incident

Let customers track the status and updates on a specific incident they have reported.

```bash theme={null}
curl https://api.scrubbe.io/api/v1/customer/get-incident/<id> \
  -H "Authorization: Bearer <customerToken>"
```

The response exposes the customer-facing fields of the incident — status, summary, and any public updates — without leaking internal `techDescription` or responder notes.

***

## List all incidents for a customer

Return all incidents the authenticated customer has reported. Useful for building a customer-facing status dashboard or support history view.

```bash theme={null}
curl https://api.scrubbe.io/api/v1/customer/get-incidents \
  -H "Authorization: Bearer <customerToken>"
```

***

## Suggested integration pattern

<Steps>
  <Step title="Fetch companies on load">
    Call `GET /api/v1/customer/companies` when the user opens your sign-up page and populate a company selector.
  </Step>

  <Step title="Register the user">
    POST to `POST /api/v1/customer/register` with the selected `companyId` and the user's credentials.
  </Step>

  <Step title="Authenticate and store the token">
    POST to `POST /api/v1/customer/login` and store the returned JWT in your client's secure storage (e.g., an `httpOnly` cookie).
  </Step>

  <Step title="Build the incident dashboard">
    On load, call `GET /api/v1/customer/get-incidents` to show the customer's incident history. Poll or use webhooks to keep status current.
  </Step>

  <Step title="Surface the incident form">
    When a customer reports a new problem, POST to `POST /api/v1/customer/create-incident` and return the incident ID so they can track progress.
  </Step>
</Steps>

<CardGroup cols={2}>
  <Card title="Manage Incidents" icon="triangle-exclamation" href="/guides/manage-incidents">
    Internal incident lifecycle — create, update, and resolve tickets from your team's side.
  </Card>

  <Card title="AI Ezra" icon="brain" href="/guides/ai-ezra">
    Trigger AI analysis on incidents created through the customer portal.
  </Card>
</CardGroup>
