Developer Documentation
API reference for institutional integrations and custom workflows.
Authentication
Bearer Token Authentication
All API requests are authenticated using a Supabase JWT obtained through the standard authentication flow. Include the token in the Authorization header of every request.
Base URL
https://gwmpdgjvcjzndbloctla.supabase.co/functions/v1/org-admin
Protocol
- All requests use POST method with a JSON body
- The action field in the request body determines which operation to execute
- Most actions require an org_id field identifying the target organization
Required Headers
Authorization: Bearer <access_token>
Content-Type: application/json
Example Request
POST /functions/v1/org-admin
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
Content-Type: application/json
{
"action": "get_overview",
"org_id": "your-org-uuid"
}
Error Responses
All errors return a JSON object with an error field. Authentication failures return HTTP 403. Validation errors return HTTP 400.
// 403 Forbidden
{ "error": "Unauthorized" }
// 400 Bad Request
{ "error": "Missing org_id" }
Role-Based Access Control
API access is governed by the caller's role within the organization. There are three role levels:
- admin — Full access to all read and write operations, including user management, settings, and batch operations
- staff — Read access scoped to assigned caseload; can view activity and generate individual reports for assigned users only
- any authenticated — Limited actions that do not require org membership (e.g., redeeming an invite link)
API Endpoints
POST
get_overview
admin staffReturns aggregate dashboard statistics for the organization, including total users, 7-day active count, generation and application totals, and a 30-day daily activity series for charting.
Request Body
| Parameter | Type | Description |
|---|---|---|
action | string | required — "get_overview" |
org_id | string | required — Organization UUID |
Response
{
"total_users": 47,
"active_7d": 23,
"total_generations": 312,
"total_applications": 89,
"daily_activity": [
{ "date": "2026-03-01", "count": 14 },
{ "date": "2026-03-02", "count": 22 }
]
}
POST
list_users
admin staffReturns a paginated list of organization members with email, name, role, join date, generation count, and last active timestamp. Staff users see only their assigned caseload.
Request Body
| Parameter | Type | Description |
|---|---|---|
action | string | required — "list_users" |
org_id | string | required — Organization UUID |
search | string | optional — Filter by email or name (case-insensitive substring match) |
page | integer | optional — Page number (default: 1) |
per_page | integer | optional — Results per page (default: 50) |
Response
{
"users": [
{
"user_id": "uuid",
"email": "participant@example.com",
"name": "Jane Smith",
"role": "participant",
"joined_at": "2026-01-15T10:00:00Z",
"last_generation": "2026-03-10T14:30:00Z",
"generation_count": 8,
"last_active": "2026-03-14T09:15:00Z"
}
],
"total": 47,
"page": 1,
"per_page": 50
}
POST
get_user_activity
admin staffReturns detailed activity data for a specific user, including recent resume generations, job application history with status counts, learning progress with mastery levels, briefing consumption count, and last active timestamp. Staff access is restricted to assigned caseload users.
Request Body
| Parameter | Type | Description |
|---|---|---|
action | string | required — "get_user_activity" |
org_id | string | required — Organization UUID |
user_id | string | required — Target user UUID |
Response
{
"recent_generations": [
{
"id": "uuid",
"target_company": "Acme Corp",
"match_score": 87,
"interview_meta": null,
"created_at": "2026-03-10T14:30:00Z"
}
],
"applications": {
"recent": [ ... ],
"status_counts": { "applied": 5, "interview": 2, "offer": 1 }
},
"learning_progress": [
{
"path_id": "uuid",
"mastery_level": 3,
"mastery_percent": 60,
"updated_at": "2026-03-12T08:00:00Z"
}
],
"briefing_count": 12,
"last_active": "2026-03-14T09:15:00Z"
}
POST
add_users
adminBulk-add users to the organization by email address. Users must have an existing TailorMeSwiftly account. Previously deactivated members are reactivated. Returns lists of successfully added and skipped emails.
Request Body
| Parameter | Type | Description |
|---|---|---|
action | string | required — "add_users" |
org_id | string | required — Organization UUID |
emails | string[] | required — Array of email addresses |
role | string | required — "participant" or "staff" |
Response
{
"added": ["user1@example.com", "user2@example.com"],
"skipped": ["unknown@example.com"]
}
POST
deactivate_user
adminDeactivates a user's organization membership. The user retains their TailorMeSwiftly account but loses access to org resources. Can be reversed with reactivate_user.
Request Body
| Parameter | Type | Description |
|---|---|---|
action | string | required — "deactivate_user" |
org_id | string | required — Organization UUID |
user_id | string | required — Target user UUID |
Response
{ "ok": true }
POST
reactivate_user
adminRestores a previously deactivated user's membership in the organization.
Request Body
| Parameter | Type | Description |
|---|---|---|
action | string | required — "reactivate_user" |
org_id | string | required — Organization UUID |
user_id | string | required — Target user UUID |
Response
{ "ok": true }
POST
update_settings
adminUpdates organization configuration. Only provided fields are modified; omitted fields remain unchanged.
Request Body
| Parameter | Type | Description |
|---|---|---|
action | string | required — "update_settings" |
org_id | string | required — Organization UUID |
name | string | optional — Organization display name |
logo_url | string | optional — URL to organization logo |
primary_color | string | optional — Hex color code for branding |
welcome_message | string | optional — Message displayed to new members |
enabled_engines | string[] | optional — Array of enabled platform engines |
Response
{ "ok": true }
POST
create_invite_link
adminGenerates a shareable invite code that allows users to join the organization. Supports optional expiration and usage limits. Invited users are automatically granted premium access.
Request Body
| Parameter | Type | Description |
|---|---|---|
action | string | required — "create_invite_link" |
org_id | string | required — Organization UUID |
role | string | required — "participant" or "staff" |
max_uses | integer | optional — Maximum number of redemptions |
expires_days | integer | optional — Days until link expiration |
Response
{
"code": "a1b2c3d4",
"url": "https://tailormeswiftly.com/join?code=a1b2c3d4"
}
POST
redeem_invite
any authenticatedRedeems an invite code to join an organization. Does not require existing org membership. Validates expiration and usage limits. Grants premium plan access upon successful redemption.
Request Body
| Parameter | Type | Description |
|---|---|---|
action | string | required — "redeem_invite" |
code | string | required — Invite code (8-character string) |
Response
{
"org_id": "uuid",
"org_name": "Workforce Development Center",
"role": "participant"
}
POST
calculate_readiness
admin staffComputes a composite career readiness score for a specific user based on five weighted dimensions: resume quality (25%), interview practice (25%), skill mastery (20%), job search activity (15%), and industry awareness (15%). Stores a timestamped snapshot for trend analysis.
Request Body
| Parameter | Type | Description |
|---|---|---|
action | string | required — "calculate_readiness" |
org_id | string | required — Organization UUID |
user_id | string | required — Target user UUID |
Response
{
"score": 72,
"components": {
"resume": 85,
"interview": 60,
"skills": 70,
"activity": 80,
"awareness": 55
}
}
POST
batch_readiness
adminComputes career readiness scores for all active members in the organization in a single batch operation. Uses bulk data fetching for efficiency. Stores individual snapshots for each member.
Request Body
| Parameter | Type | Description |
|---|---|---|
action | string | required — "batch_readiness" |
org_id | string | required — Organization UUID |
Response
{
"scores": {
"user-uuid-1": 72,
"user-uuid-2": 58,
"user-uuid-3": 91
}
}
POST
generate_report
admin staffGenerates structured reports for compliance, impact analysis, and individual progress tracking. Three report types are available. Staff users can only generate individual_progress reports for their assigned caseload.
Request Body
| Parameter | Type | Description |
|---|---|---|
action | string | required — "generate_report" |
org_id | string | required — Organization UUID |
report_type | string | required — "wioa_quarterly", "impact_summary", or "individual_progress" |
params.date_from | string | optional — ISO 8601 start date filter |
params.date_to | string | optional — ISO 8601 end date filter |
params.user_id | string | optional — Required for individual_progress |
WIOA Quarterly Report Response
{
"report_type": "wioa_quarterly",
"date_range": { "from": "2026-01-01", "to": "2026-03-31" },
"enrollment_count": 47,
"active_count": 38,
"users_with_generations": 35,
"completion_rate": 74,
"skill_gains": {
"users_with_measurable_gain": 28,
"rate": 60
},
"employment_indicators": {
"total_applications": 89,
"offers_received": 12,
"users_with_offers": 9
}
}
Impact Summary Report Response
{
"report_type": "impact_summary",
"readiness": {
"current_avg": 68,
"baseline_avg": 34,
"improvement": 34,
"users_assessed": 42
},
"engagement": {
"total_events": 4520,
"unique_users": 38,
"top_tools": [
{ "tool": "resume_generation", "count": 1240 }
]
}
}
Individual Progress Report Response
{
"report_type": "individual_progress",
"user_id": "uuid",
"generations": [ ... ],
"applications": [ ... ],
"learning_progress": [
{ "path_id": "uuid", "mastery_level": 3, "mastery_percent": 60 }
],
"readiness_trend": [
{ "date": "2026-02-01T...", "score": 45, "components": { ... } },
{ "date": "2026-03-01T...", "score": 68, "components": { ... } }
],
"activity_timeline": [
{ "type": "generation", "date": "2026-03-10T...", "detail": "Acme Corp" }
]
}
Webhooks
Planned for Future Release
Real-Time Event Webhooks
TailorMeSwiftly will provide real-time event webhooks for LMS integration and external system synchronization. Organizations will be able to configure HTTP endpoints to receive push notifications when key events occur, enabling automated workflows with your existing infrastructure.
Planned Webhook Events
| Event | Trigger | Payload |
|---|---|---|
user.joined | A user redeems an invite link or is added to the organization | User ID, email, role, org ID |
readiness.updated | A career readiness score is calculated or recalculated | User ID, score, components, delta from previous |
report.generated | A WIOA, impact, or individual report is generated | Report type, org ID, date range, summary metrics |
Planned Capabilities
- HMAC-SHA256 Signing — All webhook payloads will be signed for verification, allowing your server to confirm the request originated from TailorMeSwiftly
- Automatic Retry — Failed deliveries will be retried with exponential backoff to ensure reliable event propagation
- Webhook Management API — Register, update, and deactivate webhook endpoints programmatically via the REST API
- Event Filtering — Subscribe to specific event types per endpoint, so each integration only receives the events it needs
- Delivery Logs — View recent delivery attempts, response codes, and payloads in the admin dashboard for debugging
Organizations interested in early access to webhooks when available should contact partnerships@tailormeswiftly.com.
LMS Integration Roadmap
Q3 2026
LTI 1.3 Integration
TailorMeSwiftly is building native LTI 1.3 (Learning Tools Interoperability) support, enabling seamless embedding within institutional learning management systems including Canvas, Blackboard, Moodle, and D2L Brightspace.
Architecture
TailorMeSwiftly operates as an LTI Tool Provider, registered with the institution's LMS as the LTI Platform. Authentication uses the LTI 1.3 security model (OIDC-based launch flow with signed JWTs), eliminating the need for separate user credentials.
LMS Platform (Canvas, Blackboard, Moodle, D2L)
|
| LTI 1.3 Launch (OIDC + signed JWT)
v
TailorMeSwiftly Tool Provider
|
|--- Deep Linking Service
| Returns career readiness modules as LTI links
|
|--- Assignment & Grade Service (AGS)
| Passes readiness scores back as LMS grades
|
|--- Names & Roles Provisioning Service (NRPS)
| Syncs LMS roster with org memberships
|
+--- Career Readiness Modules
Apply Engine | Learn Engine | Stay Informed
Planned LTI Capabilities
- Deep Linking — Instructors select specific TailorMeSwiftly modules (resume builder, skill assessment, briefings) to embed directly in course content
- Grade Passback (AGS) — Career readiness scores are automatically reported to the LMS gradebook as assignment grades, providing instructors with visibility into student progress
- Roster Sync (NRPS) — Course enrollments in the LMS automatically provision org memberships in TailorMeSwiftly, eliminating manual user management
- Single Sign-On — Users launch TailorMeSwiftly from within their LMS without creating a separate account
Timeline
LTI 1.3 integration is planned for Q3 2026. Institutions interested in early access or pilot participation should contact partnerships@tailormeswiftly.com.
Data Export & Compliance
FERPA Readiness
TailorMeSwiftly is designed to support institutional FERPA obligations when deployed under an institutional license with a signed Data Processing Agreement. The platform's data architecture enforces the following protections:
- Row-Level Security (RLS) — All database queries are scoped by authenticated user and organization membership. Users cannot access data belonging to other organizations or non-assigned participants.
- Role-Based Access Control — Staff users are restricted to their assigned caseload. Org-level aggregate data is accessible only to admin users.
- Minimum Necessary Principle — API responses return only the data required for the requested operation. Personally identifiable information (PII) is limited to email and name fields necessary for user identification.
- Audit Trail — All administrative actions (user additions, deactivations, report generation) are logged with timestamps and actor identification.
- No Third-Party Data Sharing — User data is not sold, shared with advertisers, or transmitted to third parties beyond the infrastructure providers (Supabase, Google Cloud) required for platform operation.
CSV Export
All report data returned by the generate_report endpoint is structured for straightforward conversion to CSV format. Integrating systems can transform JSON responses into tabular exports for institutional reporting pipelines.
Supported export targets:
- WIOA quarterly performance reports with enrollment, activity, skill gain, and employment indicator columns
- Individual progress reports with per-user generation history, application tracking, and readiness trends
- Aggregate impact summaries with readiness score distributions and engagement metrics
WIOA Quarterly Report Format
The wioa_quarterly report type is structured to align with Workforce Innovation and Opportunity Act (WIOA) performance reporting requirements. Output fields map to the following WIOA performance indicators:
| WIOA Indicator | API Field | Description |
|---|---|---|
| Program Enrollment | enrollment_count | Total active organization members during the reporting period |
| Service Utilization | active_count | Members who logged at least one activity event during the period |
| Completion Rate | completion_rate | Percentage of enrolled members who completed at least one resume generation |
| Measurable Skill Gains | skill_gains.rate | Percentage of members achieving mastery level 3+ in at least one learning path |
| Employment Outcomes | employment_indicators | Application volume, offers received, and unique users with employment offers |
Data Retention
TailorMeSwiftly maintains the following data retention policies for institutional deployments:
- Active member data — Retained for the duration of the organization's subscription plus 90 days after expiration
- Deactivated member data — PII is removed 90 days after deactivation; anonymized usage statistics are retained for aggregate reporting
- Career readiness snapshots — Retained indefinitely for trend analysis and longitudinal outcome tracking
- Analytics events — Rolling 12-month retention for detailed event logs; aggregated statistics retained indefinitely
- Generated reports — Reports are computed on demand and not stored server-side; institutions should archive exported reports per their own retention policies
Institutions may request complete data deletion for their organization and all associated member records by contacting privacy@tailormeswiftly.com.