Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.spacemedia.uk/llms.txt

Use this file to discover all available pages before exploring further.

Getting Started

Use this checklist to move an organization from setup to production without leaking platform-only functionality into customer workflows.

Access model

RoleTypical access
End userOwn artists, releases, tracks, splits, and available upgrade/payment flows.
Organization adminOrganization settings, users, plans, add-ons, payment configuration, API credentials, support/legal pages, and dashboard quality-control queues.
Permissioned team memberOnly the dashboard modules granted by the organization role and Laravel policy checks.
API clientOrganization-scoped automation using API key and secret exchange, then bearer token requests.

Organization launch checklist

  1. Set the organization name, logo, colors, default label name, registration settings, social links, and upgrade CTA behavior.
  2. Configure the branded subdomain or a custom domain and wait until DNS status reports the expected target.
  3. Configure Brevo sender email and DNS TXT records before sending branded email.
  4. Add support email, support phone, contact form URL, and help center URL.
  5. Publish terms of service and privacy policy content for customer-facing legal pages.
  6. Configure Stripe, PayPal, or Airwallex only where the gateway credentials and subscription or Pay-Per-Release settings are complete.
  7. Generate the API key and secret from organization settings and store the secret securely. The secret is returned once.
  8. Test POST /api/v1/token, then call a safe read endpoint such as GET /api/v1/countries.

Demo request pattern

curl --request POST 'https://enterprise.spacemedia.uk/api/v1/token' \
  --header 'X-Api-Key: <YOUR_API_KEY>' \
  --header 'X-Api-Secret: <YOUR_API_SECRET>'
Then pass the returned token as a bearer token: 
curl 'https://enterprise.spacemedia.uk/api/v1/countries' \
  --header 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \
  --header 'Accept: application/json'

Production rules

  • Do not use production secrets in examples, support tickets, screenshots, or shared playground sessions.
  • Do not add organization selectors to public API requests. Organization context is resolved from the API client and authenticated user.
  • Use X-User-Id only when acting for a user in the same organization and only where the dashboard permission model allows it.
  • Treat 403 responses as policy failures, not as missing endpoints.