Developers
Growth Pilot API v1
Read and steer your Growth Loops, posts, A/B tests, missions and your AAARRR metrics through a key-authenticated REST API. Every resource is scoped to your organization.
Authentication
Generate a key in Settings β API Keys (OWNER/ADMIN only). The key is shown only once β store it somewhere safe. Pass it in the header:
Authorization: Bearer gp_live_xxxxxxxxxxxxxxxxxxxxxxxxA missing or invalid key returns 401. A resource that belongs to another organization returns 404 (never revealed).
Scopes: keys are readby default. Tick βAllow writeβ on creation to get the write scope (required for POST / PATCH) β otherwise 403.
Base URL
https://growth-pilot.co/api/v1Endpoints
/loopsβ list the organization's Growth Loopscurl https://growth-pilot.co/api/v1/loops \
-H "Authorization: Bearer gp_live_β¦"/loops/{id}β single Growth Loop detailcurl https://growth-pilot.co/api/v1/loops/LOOP_ID \
-H "Authorization: Bearer gp_live_β¦"/metricsβ snapshot of the 6 AAARRR metricscurl https://growth-pilot.co/api/v1/metrics \
-H "Authorization: Bearer gp_live_β¦"
# Response:
{
"data": {
"awareness.users": 202,
"acquisition.newUsers": 184,
"activation.rate": 51,
"retention.stickiness": 38,
"referral.kFactor": 0.84,
"revenue.mrr": 4280
},
"meta": { "isMock": { "revenue.mrr": false } }
}/loopsβ create a loop from a template (write scope)curl -X POST https://growth-pilot.co/api/v1/loops \
-H "Authorization: Bearer gp_live_β¦" \
-H "Content-Type: application/json" \
-d '{ "name": "My loop", "type": "VIRAL" }'
# type β VIRAL | PAID | CONTENT | PRODUCT/loops/{id}β update name and/or status (write scope)curl -X PATCH https://growth-pilot.co/api/v1/loops/LOOP_ID \
-H "Authorization: Bearer gp_live_β¦" \
-H "Content-Type: application/json" \
-d '{ "name": "Renamed", "status": "ACTIVE" }'
# status β DRAFT | ACTIVE | PAUSED | ARCHIVED/postsβ list CMS posts/postsβ create a draft post β { title, content } (write scope)/testsβ list A/B tests/testsβ create a test + variants β { name, hypothesis, variants[] } (write scope)/missionsβ list missions (agile projects)/missionsβ create a mission β { name, description? } (write scope)Every resource (loops, posts, tests, missions) also exposes GET /:id (detail) and PATCH /:id (update, write scope).
Outbound webhooks
Configure endpoints in Settings β Webhooks. On each subscribed event, Growth Pilot POSTs an HMAC-SHA256 signed payload. Events: alert.triggered, checkout.completed, loop.created, loop.published, post.published.
POST https://ton-endpoint
X-GrowthPilot-Event: checkout.completed
X-GrowthPilot-Signature: sha256=<hmac_hex>
{
"type": "checkout.completed",
"createdAt": "2026-05-31T09:00:00.000Z",
"data": { "plan": "PRO" }
}Verify authenticity by recomputing the HMAC of the raw body with the endpoint secret:
import crypto from "node:crypto";
const expected =
"sha256=" +
crypto.createHmac("sha256", WEBHOOK_SECRET).update(rawBody).digest("hex");
// compare `expected` to the X-GrowthPilot-Signature header
// (ideally with crypto.timingSafeEqual)OpenAPI spec
Machine-readable specification (for client SDK generation): /api/v1/openapi
API v1 read and write (loops, posts, tests, missions) + AAARRR metrics + signed outbound webhooks + MCP server (see the mcp-server/ folder) to pilot Growth Pilot from your agent.