Developer API

Manage mosque integrations with your PocketMusala account

For mosque owners, admins, and trusted integration teams.

Read quickstart API reference

Use your existing PocketMusala account One account to manage your mosque and API access.

Keys stay scoped to your mosque All API keys are isolated to your mosque context.

Rotate or revoke access anytime You're in control of who can access your data.

Secure, scoped, and built for mosque administrators.

Sign in

Email Password

or sign in with

Read quickstart

Inside the Developer Portal

After you sign in, you can manage API keys, monitor usage, and review access activity.

Read quickstart ›

API Keys

View and manage keys for your developer integrations.

Create API key

Name	Key	Last used	Status
Prayer Times App	pm_••••••••8f2d	2 hours ago	Active
Website Integration	pm_••••••••a7c3	1 day ago	Active

Audit Log

View all

Event	Actor	Details	Time
API key created	Admin	Prayer Times App	May 16, 2025 9:41 AM
API key rotated	Admin	Website Integration	May 15, 2025 4:22 PM
Login	Admin	Successful	May 15, 2025 4:21 PM

Developer API

API keys

Create server API keys, then use this console to monitor, rotate, revoke, and troubleshoot existing credentials.

Selected mosque Choose a mosque

Mosque access

Only mosques you own or administer appear here.

Loading your mosques...

Developer API keys

Review server credentials separately from widget and TV display tokens.

Create API key

Name	Key ID	Permissions	Created	Last used	Status	Actions

Sync health

Review recent server API sync attempts, request ids, failure labels, and recovery guidance for the selected mosque.

Open troubleshooting docs

API key scope Server API key logs only. Widget and TV display health stay separate from write-capable API keys.

Last successful sync - No successful sync retained

Most recent failure - No retained failures

Retention window - Audit retention policy

Recent failures

No failures retained

Request id	Endpoint	Outcome	Error summary	Time	Action

Common failure guide

Admin-safe labels matching Developer API docs

Widget & display tokens

Read-only credentials for public embeds and paired screens. These cannot call Developer API write endpoints.

Create display

TV displays

Usage summary last 7 days

API requests - Awaiting sync logs

Success rate - No request data yet

Active keys 0 of 0 total

Audit log

Event Actor Details Time

Quickstart

Choose the setup path that matches where the credential will run.

Do not put Developer API keys in websites, browser scripts, iframe embeds, TVs, or lobby displays.

Server API sync

Use a Developer API key from a trusted backend job or mosque system.

Credential: API key
Best for profile and prayer-time sync
Keep the key in server-side secrets

Open sync guide

Website widget

Use a read-only widget token and copy the iframe snippet into a mosque website.

Credential: widget token
Starts with prayer times and profile summary
No write-capable API key in the page

Open widget docs

TV display

Use a read-only display token for a smart TV, mini PC, or kiosk browser.

Credential: display token
MVP layout: prayer-times board
Use the setup URL copied at creation

Open display docs

Authentication

Send API keys from your server using the authorization header documented for the Developer API.

Never embed API keys in client apps or public websites.
Keep keys in a managed secret store.
Revoke exposed credentials from this console.

Open auth docs

API reference

Review request and response shapes for the public Developer API endpoints.

Use scoped keys for mosque profile reads and updates.
Check the health endpoint before enabling scheduled syncs.
Track failed attempts in the usage and audit panels above.

Open reference

Webhooks

Webhook delivery is not enabled for developer accounts yet. Keep external systems on scheduled syncs until webhook subscriptions are available.

Current integrations should poll or sync from a trusted backend.
Failed sync attempts will still appear in usage and audit logs.
API key lifecycle controls are available today.

Settings

Review the signed-in account and selected mosque context for this developer session.

Signed in as -

Selected mosque -

API key creation

Create server API key

Name the integration, choose the same API access available on mobile, review the permissions, and copy the raw key once.

Selected mosque Choose a mosque Sign in with the same PocketMusala account used in the app.

Create API key

Server API keys are for trusted backend systems only. Widget and TV display credentials stay in their own read-only flow.

New API key

Copy and store it now. This one-time key is hidden after you copy it or leave this screen.

Open quickstart

1. DetailsName and permission selection

2. ReviewConfirm exact access

3. CopyStore the raw key once

Key name

Safe presets

Choose a preset or tune resource access below. Stored keys receive concrete community scopes, not widget or display scopes.

Advanced resources

Read and write matches the native flow by sending both scopes for that resource. Write access implies read access for API checks.

Never allowed These boundaries match the native API key flow.

Lifecycle checkpoints

Server API keys are different from widget and display tokens.

Copy-once revealRaw keys appear only after creation or rotation, then normal management shows masked prefixes and metadata.

Rotate with copy-once outputIf the backend returns a replacement key, copy it once and update your server secret.

Revoke exposed credentialsHistorical sync status stays visible for troubleshooting.

Presentation tokens

Create widget or display token

Use this screen for read-only website widgets and paired TV displays.

Selected mosque Choose a mosque Sign in with the same PocketMusala account used in the app.

New widget or display token

Copy and store this read-only presentation token now. It cannot call Developer API write endpoints.

Display URL

Website iframe snippet

Generate a read-only token for iframe or script embeds.

Embed name

Widget preset

Theme Size

Included access

Create display token

Generate a read-only token for a TV or lobby display URL.

Display name Layout

Included access

TV setup

Create the prayer-times board token from an owner account.
Copy the display URL immediately and open it in a smart TV, mini PC, or kiosk browser.
Keep the browser session signed into the display URL; create a new token if the setup URL is lost.

API keys

Mosque access

Developer API keys

Sync health

Recent failures

Common failure guide

Widget & display tokens

Website widgets

TV displays

Quickstart

Server API sync

Website widget

TV display

Authentication

API reference

Webhooks

Settings

Create server API key

Create API key

New API key

Safe presets

Advanced resources

Create widget or display token

New widget or display token

Create widget embed

Widget preset

Included access

Create display token

Included access