moqapi.dev_
/docs
Home

Teams & Billing — Plans, Sharing & Access Control

moqapi.dev supports Free Mode (all features unlocked) and optional paid tiers via Stripe. Teams let you collaborate on projects with invite-based membership and granular project visibility.

// Project Visibility

Every project has a visibility setting that controls who can invoke its APIs and functions via the invoke URL.

🔒 Private (default)

Only the project owner, team members, or callers with a valid X-API-Key header can invoke the project's APIs.

🌐 Public

Anyone with the invoke URL can call the project's APIs — no authentication required. Ideal for demo APIs, public mock endpoints, or open testing environments.

👥 MoqAPI Users

Any logged-in moqapi.dev user can invoke the project's APIs. Useful for shared community endpoints or internal organization-wide access.

Note: Visibility only affects the /api/invoke/... endpoint. Dashboard access to manage the project is always restricted to the owner and team members.

// Endpoint-Level Visibility

Each Mock API can override the project's visibility with its own setting:

🔗 Inherit (default)

Uses the project's visibility setting. Most endpoints use this.

🌐 Public

This specific endpoint is public, even if the project is private. Useful for exposing a single mock API while keeping others locked down.

🔒 Private

This endpoint is private, even if the project is public. Requires authentication (session, Bearer token, or API key).

Set endpoint visibility in the Mock API Editor header using the Inherit / Public / Private selector.

// API Key Authentication

Every project has an API key for authenticating external requests (e.g. from Postman, cURL, or frontend apps). Pass it as the X-API-Key HTTP header.

Using API Key with cURLbash
curl https://moqapi.dev/api/invoke/{projectId}/my-api/users \
  -H "X-API-Key: moqapi_abc123def456..."
JavaScript / TypeScripttypescript
const res = await fetch('https://moqapi.dev/api/invoke/{projectId}/my-api/users', {
  headers: {
    'X-API-Key': 'moqapi_abc123def456...',
  },
});
const data = await res.json();

Finding your API key: Go to your project page → Access Control section → click "Show" to reveal the key.

Regenerating: Click "Regenerate" to create a new key. The old key immediately stops working.

Auth methods supported: X-API-Key header, Authorization: Bearer <jwt> header, or session cookie. Any one of these is sufficient for private projects/endpoints.

// Invoke URL

Every project gets a unique invoke URL based on its project ID. This is the base URL for all API calls, mock APIs, and function invocations:

Invoke URL Patternbash
# API Gateway routes
https://moqapi.dev/api/invoke/{projectId}/{basePath}/{route}

# Mock API endpoints
https://moqapi.dev/api/invoke/{projectId}/{basePath}/{resource}

# Direct function invocation
https://moqapi.dev/api/invoke/{projectId}/fn/{functionName}

The projectId is a UUID automatically assigned when you create a project. You can find it on the project detail page.

// Teams

Teams let you share projects with other moqapi.dev users. In Free Mode, everyone can create teams. When billing is enabled, the Team plan ($29/mo) is required.

Creating a Team

  1. Navigate to /teams in the sidebar
  2. Click "Create Team"
  3. Enter a team name and optionally invite members by email
  4. You become the owner automatically

Team Roles

👑 Owner

The team creator. Can add/remove members, assign/unassign projects, rename/delete the team, and send invites. Each team has exactly one owner.

👤 Member

Can view the team, see all team projects in their project list, and access (invoke) those projects' APIs/functions. Can also remove themselves from the team.

Inviting Members

moqapi uses an email-based invite system:

  1. Go to the team detail page and click "Invite Member"
  2. Enter the member's email address
  3. If they already have an account, they're added directly
  4. If not, they receive an email invitation to sign up and join the team
  5. Pending invites are shown on the team page and can be cancelled
Tip: During team creation, you can add invite emails directly in the setup wizard. Members are invited automatically after the team is created.

// Project Sharing (via Teams)

Projects can optionally be assigned to a team. When assigned, all team members gain access to the project.

Two Ways to Share

1. At Creation Time

When creating a new project, select a team from the "Team" dropdown. The project will be created under your ownership but shared with the team.

2. After Creation

Go to the team detail page and click "Share Project". Select an existing project to assign it to the team. You can also unassign it later.

What Team Members See

  • Team projects appear in the Projects page alongside personal projects
  • Team projects show a team name badge for identification
  • Members can view, invoke, and interact with all resources (functions, APIs, mock APIs) within team projects
  • Only the project owner can delete or reassign the project

// Access Control Flow

Here's how moqapi.dev determines whether an API invocation request is allowed:

Access Control Logictypescript
// When someone calls /api/invoke/{projectId}/...

if (project.visibility === 'public') {
  // Allow — no auth needed
  return proceed()
}

if (project.visibility === 'moqapi_users') {
  // Check if caller has a valid session
  if (authenticatedUser) return proceed()
  else return 401 // Unauthorized
}

if (project.visibility === 'private') {
  // Must be the owner OR a team member
  if (user.id === project.user_id)       return proceed()
  if (user is member of project.team_id) return proceed()
  else return 403 // Forbidden
}

// Managing Your Subscription

This section applies only when billing is enabled (NEXT_PUBLIC_BILLING_ENABLED=true). In Free Mode, the settings page shows "Free Mode — All features unlocked" and no upgrade options.

  1. Go to /settings and scroll to the Billing & Plan section
  2. See your current plan, usage bars (projects, requests/day, functions, etc.), and limits
  3. Click "Upgrade" on a higher plan card to start a Stripe checkout session
  4. Click "Manage Subscription" to access the Stripe customer portal (change plan, update payment method, cancel)
Tip: Plan changes take effect immediately. Usage limits are enforced in real-time — if you hit a limit, the API returns a 429 response with details about which limit was exceeded.

// API Reference

EndpointMethodDescription
/api/teamsGETList your teams
/api/teamsPOSTCreate a team
/api/teams/:idGETTeam details
/api/teams/:idPUTRename team (owner)
/api/teams/:idDELETEDelete team (owner, no projects)
/api/teams/:id/membersGETList members
/api/teams/:id/membersPOSTAdd member by email (owner)
/api/teams/:id/membersDELETERemove member (owner or self)
/api/teams/:id/invitesGETList pending invites
/api/teams/:id/invitesPOSTSend invite email (owner)
/api/teams/:id/invitesDELETECancel pending invite (owner)
/api/teams/:id/projectsGETList team's projects
/api/billingGETCurrent plan & usage
/api/billingPOSTCreate Stripe checkout (billing enabled only)
/api/billingPUTOpen Stripe portal (billing enabled only)