Resource scoping - YALG Developer Docs

Every public API request acts as the owner of the API key. This keeps integrations simple and prevents cross-owner access.

Owner-scoped resources

When you create or list resources, YALG uses the authenticated owner from the key:

anecdotes belong to the key owner
posts belong to the key owner
generation jobs belong to the key owner
scripts, shorts, carousels, b-roll jobs, themes, and analytics are owner scoped

You should not send arbitrary userId or authorId values to public /v1 endpoints.

Cross-owner IDs

If a request references a resource ID that does not belong to the key owner, YALG returns a not-found style response instead of exposing another account’s existence.

Legacy routes

The public API is under /v1. Legacy routes such as /posts and /anecdotes remain for the YALG application and are not the public integration surface.

​Owner-scoped resources

​Cross-owner IDs

​Legacy routes

Owner-scoped resources

Cross-owner IDs

Legacy routes