Skip to content

Starbase API Binary Responsibilities

The API binary handles all synchronous, request-response interactions:

  • Dashboard API — Project CRUD, service CRUD, deployment history, billing dashboard, user settings, team management
  • Shuttle endpoints — Serves desired state, receives snapshots, receives capacity reports (see Shuttle API Contract §25)
  • Git webhooks — Receives push events from GitHub/GitLab/Bitbucket, validates signatures, enqueues build jobs
  • Stripe webhooks — Receives payment events (invoice paid, payment failed, subscription cancelled), updates billing state
  • Auth / sessions — OAuth flow for SSO providers, session management, JWT issuance for dashboard

Does NOT do

Long-running operations. If a request would take more than a few seconds (build, cluster provisioning, DB provisioning), the API enqueues a job and returns immediately — the Worker binary §14 picks it up.

RBAC is enforced here, but defined elsewhere

Permission middleware in the API binary enforces the two-tier permission model on every dashboard request. The model itself — roles, the environment protection flag, the three database tables — lives in Foundations: RBAC model → §15.

Cross-references

The async counterpart → §14 · the Shuttle endpoints' payloads → §25.1 · Git webhook security, dedup, and debounce → Starforge §16.11 · the desired-state contract the Shuttle endpoint serves → §32.