API β
GCM doesn't ship a custom REST API. Instead we expose two well-documented surfaces that cover every integration we've needed in production:
- Supabase REST + Realtime β direct database access, row-level security enforced, generated from the schema. Use this for read/write of members, donations, attendance, and any other table you have permission to touch.
- Edge Functions β operations that need server-side credentials (payment gateways, message dispatching, third-party webhooks). Each function is a thin HTTPS endpoint at
https://fzdacujgoluefgfbmren.supabase.co/functions/v1/<name>.
Single-tenant isolation
Every read and write is org-scoped by current_org_id() SQL function on the database side. The function reads from your JWT, which is signed by Supabase Auth and includes organization_id as a claim β so you literally cannot access another org's data, even if you try.
What you'll find here β
- Authentication β how to get a token, what's in it, how to refresh.
- Webhooks β incoming webhooks from payment gateways and WhatsApp, plus outbound Zapier triggers.
Common integration patterns β
| You want to⦠| Approach |
|---|---|
| Pull all members into another system | GET /rest/v1/members with your JWT β paginate via Range header |
| Push attendance from a Zapier zap | Edge function record-attendance-zapier with HMAC-signed payload |
| Receive a webhook on every new donation | Configure outbound webhooks in Settings β Integrations |
| Sync your existing CRM nightly | Use the Supabase JS client + a service-role token for unattended jobs |
SDKs β
We don't ship language-specific SDKs. The Supabase client libraries (@supabase/supabase-js, supabase-py, etc.) work directly β point them at https://fzdacujgoluefgfbmren.supabase.co with your church's anon key + a user-signed-in token.
Rate limits β
- REST β 1000 requests / minute per JWT.
- Edge functions β varies by function. Most are 60/min, payment-related ones are 30/min.
- Cron-fired edge functions (sending reminders, charging recurring donations) don't count against your quota.
If you're building anything that needs more, email us and we'll set up a service-role partner account.