# Timbrix Docs ## Docs - [Claude Code setup](https://docs.timbrix.mx/ai-tools/claude-code.md): Configure Claude Code for your documentation workflow - [Cursor setup](https://docs.timbrix.mx/ai-tools/cursor.md): Configure Cursor for your documentation workflow - [Windsurf setup](https://docs.timbrix.mx/ai-tools/windsurf.md): Configure Windsurf for your documentation workflow - [Create API Key](https://docs.timbrix.mx/api-reference/api-keys/create.md): Create a new API key for an organization. Plain key is returned only once! - [Delete API Key](https://docs.timbrix.mx/api-reference/api-keys/delete.md): Permanently delete an API key - [Get API Key](https://docs.timbrix.mx/api-reference/api-keys/get.md): Retrieve details of a specific API key - [List API Keys](https://docs.timbrix.mx/api-reference/api-keys/list.md): List all API keys for an organization (requires authentication) - [Get API Key Statistics](https://docs.timbrix.mx/api-reference/api-keys/stats.md): Get usage statistics for all API keys in an organization - [Update API Key](https://docs.timbrix.mx/api-reference/api-keys/update.md): Update API key settings (name, scopes, rate limits, etc.) - [Validate API Key](https://docs.timbrix.mx/api-reference/api-keys/validate.md): Test endpoint to validate API key authentication and scopes. Use X-API-Key header. - [Login](https://docs.timbrix.mx/api-reference/auth/login.md) - [Logout](https://docs.timbrix.mx/api-reference/auth/logout.md) - [Create Customer](https://docs.timbrix.mx/api-reference/customers/create.md) - [Delete Customer](https://docs.timbrix.mx/api-reference/customers/delete.md) - [Get Customer](https://docs.timbrix.mx/api-reference/customers/get.md) - [List Customers](https://docs.timbrix.mx/api-reference/customers/list.md) - [Update Customer](https://docs.timbrix.mx/api-reference/customers/update.md) - [API Reference](https://docs.timbrix.mx/api-reference/introduction.md): REST API with OAuth2 server for managing organizations, members, and webhooks - [Cancel Invite](https://docs.timbrix.mx/api-reference/invites/cancel.md): ⚠️ SECURITY: Only OWNERS and ADMINS can cancel pending invitations. - [List Invites](https://docs.timbrix.mx/api-reference/invites/list.md): Lists all pending invitations for the organization. User must be a member to view. - [Invite Member](https://docs.timbrix.mx/api-reference/members/invite.md): ⚠️ SECURITY: Only organization OWNERS and ADMINS can invite new members. Members cannot invite others. - [List Members](https://docs.timbrix.mx/api-reference/members/list.md): Lists all members of the organization with their roles. User must be a member to view. - [Remove Member](https://docs.timbrix.mx/api-reference/members/remove.md): ⚠️ SECURITY: Only OWNERS and ADMINS can remove members. The organization OWNER cannot be removed. - [Update Member Role](https://docs.timbrix.mx/api-reference/members/update-role.md): ⚠️ SECURITY: Only OWNERS and ADMINS can change member roles. The OWNER role cannot be changed or transferred. - [Authorization Endpoint](https://docs.timbrix.mx/api-reference/oauth/authorize.md): 🔓 PUBLIC ENDPOINT: Standard OAuth2 authorization endpoint. Validates request parameters and redirects to the consent screen. Supports PKCE for enhanced security. This is the entry point for Authorization Code Flow - compatible with standard OAuth2 clients. - [Create OAuth Application](https://docs.timbrix.mx/api-reference/oauth/create-app.md): ⚠️ SECURITY: Creates an OAuth2 application. Only OWNERS and ADMINS can create OAuth apps. Returns client secret ONCE - store it securely! - [Delete OAuth Application](https://docs.timbrix.mx/api-reference/oauth/delete-app.md): ⚠️ SECURITY: Only OWNERS and ADMINS can delete OAuth applications. This action is PERMANENT. All tokens associated with this application will be revoked. - [Exchange Authorization Code](https://docs.timbrix.mx/api-reference/oauth/exchange.md): 🔓 PUBLIC ENDPOINT: Exchanges an authorization code for access and refresh tokens (Authorization Code Flow). Requires valid code, client_id, client_secret, and redirect_uri. Rate limit: 15 requests per minute. - [Get OAuth Application](https://docs.timbrix.mx/api-reference/oauth/get-app.md): ⚠️ SECURITY: Only OWNERS and ADMINS can view OAuth application details. Returns application configuration without exposing the client secret. - [List OAuth Applications](https://docs.timbrix.mx/api-reference/oauth/list-apps.md): ⚠️ SECURITY: Only OWNERS and ADMINS can list OAuth applications. Returns all OAuth apps created for the organization. - [List OAuth Tokens](https://docs.timbrix.mx/api-reference/oauth/list-tokens.md): ⚠️ SECURITY: Lists all active tokens for an OAuth application. Only OWNERS and ADMINS can view tokens. Useful for auditing and token management. - [Refresh OAuth Token](https://docs.timbrix.mx/api-reference/oauth/refresh.md): 🔓 PUBLIC ENDPOINT: Exchanges a refresh token for a new access token and refresh token pair. The old refresh token is automatically revoked. Rate limit: 20 requests per minute. - [Revoke OAuth Token](https://docs.timbrix.mx/api-reference/oauth/revoke.md): ⚠️ SECURITY: Revokes an OAuth access token. Requires OAuth authentication with scope "write:oauth-apps". Revoked tokens cannot be used for API access. - [Generate OAuth Access Token](https://docs.timbrix.mx/api-reference/oauth/token.md): 🔓 PUBLIC ENDPOINT: Generates an OAuth2 access token using client credentials flow. Requires valid client_id and client_secret. Token scopes are validated against application configuration. Rate limit: 10 requests per minute. - [Update OAuth Application](https://docs.timbrix.mx/api-reference/oauth/update-app.md): ⚠️ SECURITY: Only OWNERS and ADMINS can update OAuth applications. Allows updating name, scopes, redirect URIs, and status. Client ID and secret cannot be changed. - [Create Organization](https://docs.timbrix.mx/api-reference/organizations/create.md): Creates a new organization with the authenticated user as the owner. All authenticated users can create organizations. - [Delete Organization](https://docs.timbrix.mx/api-reference/organizations/delete.md): ⚠️ SECURITY: Only the organization OWNER can delete the organization. This action is PERMANENT and cannot be undone. All members, invites, and data will be deleted. - [Delete Certificates](https://docs.timbrix.mx/api-reference/organizations/delete-certificates.md): Delete CSD certificate and private key from an organization - [Get Organization](https://docs.timbrix.mx/api-reference/organizations/get.md): Retrieves organization details with normalized structure. User must be a member (owner, admin, or member) to access. - [Update Organization](https://docs.timbrix.mx/api-reference/organizations/update.md): ⚠️ SECURITY: Only the organization OWNER can update organization details. Admins and members cannot perform this action. - [Update Legal Data](https://docs.timbrix.mx/api-reference/organizations/update-legal-data.md): Update the legal and fiscal information of an organization - [Upload Certificates](https://docs.timbrix.mx/api-reference/organizations/upload-certificates.md): Upload CSD certificate and private key for invoice signing - [Create Product](https://docs.timbrix.mx/api-reference/products/create.md) - [Delete Product](https://docs.timbrix.mx/api-reference/products/delete.md) - [Get Product](https://docs.timbrix.mx/api-reference/products/get.md) - [List Products](https://docs.timbrix.mx/api-reference/products/list.md) - [Update Product](https://docs.timbrix.mx/api-reference/products/update.md) - [SAT Catalogs](https://docs.timbrix.mx/api-reference/sat-catalogs.md): Public endpoints to query SAT CFDI 4.0 catalog data — tax systems (regímenes fiscales) and CFDI uses (usos CFDI) - [Get User by ID](https://docs.timbrix.mx/api-reference/users/get.md): ⚠️ SECURITY: Retrieves user profile by ID. Requires authentication with scope "read:user". Supports both OAuth tokens and API keys. - [Get User by Email](https://docs.timbrix.mx/api-reference/users/get-by-email.md): ⚠️ SECURITY: Retrieves user profile by email address. Requires authentication with scope "read:user". Supports both OAuth tokens and API keys. Useful for user lookups and invitations. - [Get Current User](https://docs.timbrix.mx/api-reference/users/me.md): Returns the profile information of the currently authenticated user. Requires Supabase authentication token. - [Get User Organizations](https://docs.timbrix.mx/api-reference/users/organizations.md): ⚠️ SECURITY: Lists all organizations a user belongs to. Requires authentication with scope "read:organization". Supports both OAuth tokens and API keys. Returns organizations with membership details. - [Create Webhook](https://docs.timbrix.mx/api-reference/webhooks/create.md): Creates a webhook endpoint for receiving events. Only OWNERS and ADMINS can create webhooks. - [Delete Webhook](https://docs.timbrix.mx/api-reference/webhooks/delete.md): Deletes a webhook endpoint. This action is PERMANENT. The webhook will stop receiving events immediately. - [Get Webhook Delivery History](https://docs.timbrix.mx/api-reference/webhooks/deliveries.md): Retrieves delivery history for a webhook. Returns up to 100 recent deliveries with status, response codes, and retry info. - [Get Webhook by ID](https://docs.timbrix.mx/api-reference/webhooks/get.md): Retrieves webhook configuration. Returns webhook details including URL, events, and status. - [List Organization Webhooks](https://docs.timbrix.mx/api-reference/webhooks/list.md): Lists all webhooks for an organization. Only OWNERS and ADMINS can view webhooks. - [Send Test Webhook](https://docs.timbrix.mx/api-reference/webhooks/test.md): Sends a test webhook event to verify configuration. Useful for testing webhook endpoint and HMAC signature verification. - [Update Webhook](https://docs.timbrix.mx/api-reference/webhooks/update.md): Updates webhook configuration. Allows updating URL, events, and active status. - [Development](https://docs.timbrix.mx/development.md): Preview changes locally to update your docs - [Code blocks](https://docs.timbrix.mx/essentials/code.md): Display inline code and code blocks - [Images and embeds](https://docs.timbrix.mx/essentials/images.md): Add image, video, and other HTML elements - [Markdown syntax](https://docs.timbrix.mx/essentials/markdown.md): Text, title, and styling in standard markdown - [Navigation](https://docs.timbrix.mx/essentials/navigation.md): The navigation field in docs.json defines the pages that go in the navigation menu - [Global Settings](https://docs.timbrix.mx/essentials/settings.md): Mintlify gives you complete control over the look and feel of your documentation using the docs.json file - [Introduction](https://docs.timbrix.mx/index.md): Welcome to the new home for your documentation - [Quickstart](https://docs.timbrix.mx/quickstart.md): Start building awesome documentation in minutes ## OpenAPI Specs - [openapi](https://docs.timbrix.mx/api-reference/openapi.json) ## Optional - [Documentation](https://docs.timbrix.com) - [API documentation](https://docs.timbrix.com) - [Blog](https://blog.timbrix.com)