Developer platform

API access starts with the workflow contract, not a list of endpoints

Build on Thorbis with honest production boundaries. The Mobile Field API ships today for official app workflows; broader partner REST, OAuth, and outbound webhooks stay behind review until contracts are stable.

auth

Supabase JWT

scope

company + role

access

partner review

API contract Available today

Mobile Field API

17 authenticated REST endpoints

Estimates, invoices, signatures, payments, price book search, SMS, and field AI assist for official app workflows.

/estimates mobile field
/invoices mobile field
/payments mobile field
/webhooks roadmap
Integration workflow

Start with scope, then contracts

Thorbis API access is intentionally explicit. Teams should identify the workflow, tenant boundary, and availability state before building against a contract.

Scope access first

Start with the company, user role, and tenant boundary before discussing endpoints or sandbox access.

Separate inbound and outbound

Inbound provider webhooks are live for platform operations; customer-facing outbound subscriptions are still roadmap work.

Request specs by use case

For the Mobile Field API, explain whether you need estimates, invoices, payments, messaging, price book, or AI assist flows.

Keep production contracts honest

The page only documents what is available today and routes early partner needs through direct contact.

Developer platform

What's available now

Available today

Mobile Field API

Seventeen authenticated REST endpoints power the Thorbis field app: estimates, invoices, signatures, payments, price book search, SMS, and field AI assist.

Partner roadmap

Partner developer platform

OAuth-scoped REST APIs, OpenAPI specs, and SDKs for CRMs and internal tools are in design. Join the partner waitlist for sandbox access.

Platform operations

Platform webhooks (inbound)

Thorbis receives signed webhooks from payment, communications, and email providers. Outbound event subscriptions for your stack are on the roadmap.

Available today

Mobile Field API capabilities

Bearer JWT · REST
  • Draft estimates and invoices with signatures, SMS, and email send from the field.
  • Collect cash or check payments and generate customer payment links.
  • Search the price book, register push tokens, and run on-device AI assist actions.
  • Authenticated with Supabase JWT; tenant-scoped via company membership and RLS.
Use cases

The conversations this page should start

Developer pages should not imply public access that does not exist yet. These are the current integration lanes to route to partnerships.

  • Mobile app workflow extensions for field estimates, invoices, signatures, and payments.
  • Partner CRM or internal-tool integrations that need future OAuth-scoped REST access.
  • Roadmap conversations for outbound event subscriptions such as jobs, invoices, and payments.
Access model

What partners should clarify before building

The useful developer conversation is not “which endpoint exists?” first. It is identity, tenant scope, write safety, and the workflow the integration is meant to support.

Tenant boundary companyId + RLS

Every API conversation starts with the company membership model and what the calling user may access.

Auth model Supabase JWT

Mobile Field API requests use access tokens; broader OAuth partner access remains roadmap work.

Write safety workflow scoped

Mutations are discussed by business workflow, not by broad table access or direct database writes.

Support path partners inbox

Early integration requests route through partnerships until public docs and sandbox access are available.

Request shape

A good API request starts with the business workflow.

Until public partner APIs are generally available, partnerships can move faster when the request explains what needs to happen, not just which endpoint is desired.

Workflow

Describe the field, office, payment, messaging, or reporting process the integration should support.

Direction

Clarify whether data should enter Thorbis, leave Thorbis, or stay inside the mobile field workflow.

Risk

Name the records, permissions, customer data, and write operations that would need extra review.

Docs roadmap

API documentation should publish only stable contracts.

Today

Mobile Field API details can be requested for official app workflows and partner review.

Next

Partner REST, OpenAPI specs, OAuth scopes, and sandbox access are routed through the partner waitlist.

Later

Outbound event subscriptions will publish stable workflow events once contracts are ready.

FAQ

Frequently asked questions

Is there a public REST API for third-party integrations?

Not yet. Today, Thorbis ships a Mobile Field API (Bearer JWT) used by the official Thorbis field app for estimates, invoices, payments, and field workflows. A broader partner developer platform is on the roadmap, contact partners@thorbis.com for early access.

How does the field app authenticate?

The Mobile Field API uses Supabase access tokens in the Authorization header. Every request includes a companyId and is scoped by Row Level Security plus company membership checks.

Does Thorbis expose outbound webhooks to my systems?

Customer-facing outbound webhooks (for example job.created or invoice.paid) are planned but not generally available yet. Inbound provider webhooks (Stripe, Telnyx, Resend, and others) are live for platform operations.

Support boundaries

Route requests to the right conversation.

Clear boundaries keep partners from building against the wrong expectation.

App API

Mobile Field API details are available for official app workflows and partner review.

Partner API

OAuth-scoped partner REST access is still routed through the partner roadmap.

Webhooks

Inbound provider webhooks are live internally; customer outbound events are not generally available yet.

Risk controls

Integration design should protect operational records.

Field-service APIs touch invoices, payment links, messages, and customer records. The safest integrations are explicit about identity, writes, and recovery.

Identity

Confirm how the calling user, company membership, and role will be verified before any workflow action runs.

Mutation scope

Separate read paths from writes such as estimates, invoices, payments, messages, and status changes.

Rollback

Define how failed syncs, duplicate attempts, and partial provider responses should recover without corrupting customer records.

Partner launch sequence

A practical path from request to production.

01

Use-case intake

Partnerships reviews the target workflow and whether current Mobile Field API coverage applies.

02

Contract review

Available endpoints, authentication, tenant scope, and unsupported assumptions are documented before build work.

03

Production handoff

Support paths, rate expectations, rollback behavior, and release ownership are named before launch.

Built for operators

A shared operating layer behind every page

Whether a buyer starts on an industry, feature, migration, or tool page, Thorbis routes the conversation back to the same product system: jobs, money, customers, and team work in one place.

01

One workspace

CRM, dispatch, estimates, invoices, payments, and reporting stay connected.

02

Unlimited users

Bring owners, office staff, dispatchers, techs, and managers into the same system.

03

Guided switch

Migration planning, validation, and cutover support are built into the buying path.