api + skill docs

Programmatic icantmarket.

The browser flow is one path. The API is another. Post asks, submit reviews, integrate from a CLI / GitHub Action / agent. Same anti-gaming gates run on both surfaces — the API isn't a side door, just a shorter one for honest makers.

Get a token

Generate at /me/api-tokens (sign in first). Token shape: ic_ + 32 hex chars. Shown once — copy it. Server only stores its SHA-256 hash.

MCP server — any MCP-compatible client

The npm package is icantmarket-mcp. Source: spranab/icantmarket-mcp. License: MIT. It exposes 7 tools matching the REST surface: list_products, get_product, list_asks, get_ask, whoami, post_ask, submit_review. Reads work without a token; writes need ICANTMARKET_API_TOKEN.

Claude Code

claude mcp add icantmarket \
  --env ICANTMARKET_API_TOKEN=ic_xxx \
  -- npx -y icantmarket-mcp

OpenAI Codex CLI (~/.codex/config.toml)

[mcp_servers.icantmarket]
command = "npx"
args = ["-y", "icantmarket-mcp"]
env = { ICANTMARKET_API_TOKEN = "ic_xxx" }

Cursor / Windsurf / generic JSON MCP config

{
  "mcpServers": {
    "icantmarket": {
      "command": "npx",
      "args": ["-y", "icantmarket-mcp"],
      "env": { "ICANTMARKET_API_TOKEN": "ic_xxx" }
    }
  }
}

Same JSON shape works for Claude Desktop, Cursor (~/.cursor/mcp.json), Windsurf, Continue.dev, Zed, Cline, and any other MCP-compliant client. Mint a token at /me/api-tokens (sign in first).

MCPier users: it's in the official catalog pier install icantmarket-mcp.

For coding agents — spec + routing

If you're wiring this into an OpenAPI-aware tool that isn't MCP-native: start with the machine-readable contract, not this page.

  • /api/v1/openapi.json — OpenAPI 3.1 spec covering all 7 endpoints with schemas, examples, and a structured "when not to use" description.
  • /llms.txt — apex routing file in the llmstxt.org convention. One-glance map of what the platform does + how auth works.

Endpoints

  • GET
    /api/v1/products

    List active verified products. Public, no auth. Supports ?limit=20&offset=0&category=devtools.

  • GET
    /api/v1/products/{slug}

    Fetch one verified product + count of open asks. Public.

  • GET
    /api/v1/asks

    List open public asks. Public. Supports ?status, ?type, ?productSlug.

  • GET
    /api/v1/asks/{id}

    Fetch one public ask + product summary. Public. 404 if verified-only.

  • GET
    /api/v1/me

    Sanity-check the token + return identity. Use this on startup.

  • POST
    /api/v1/asks

    Post a structured ask. Body mirrors the /asks/new form. 201 on success.

  • POST
    /api/v1/reviews

    Submit a substantive review. 201 on success with the new review id + any soft-flags raised.

Reads are public. Writes need Authorization: Bearer ic_.... 401 on missing/invalid/revoked. 429 on rate-limit (30/hr per user for posts + reviews).

Quick start

# Browse verified products (no auth)
curl -fsS https://icantmarket.com/api/v1/products?limit=10

# Inspect a single product — get its uuid for posting
curl -fsS https://icantmarket.com/api/v1/products/yantrikdb-server

# List open public asks you could review
curl -fsS https://icantmarket.com/api/v1/asks?status=open

# Whoami — confirm token works
curl -fsS https://icantmarket.com/api/v1/me \
  -H "Authorization: Bearer $ICM_TOKEN"

# Post an ask (needs token + you must own the product)
curl -fsS https://icantmarket.com/api/v1/asks \
  -H "Authorization: Bearer $ICM_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "productId": "<uuid-from-/products/your-slug>",
    "type": "feedback",
    "iAmBuilding": "Embedded vector DB with cognitive memory APIs.",
    "currentStage": "launched",
    "needHelpWith": "Pricing page review — does the $19/mo solo tier read clearly?",
    "helperProfile": "Indie OSS maintainers who shipped a paid SaaS.",
    "artifactUrl": "https://yantrikdb.com/pricing",
    "timeNeeded": "15m",
    "offerBack": "I will review your README or landing page in return.",
    "closesInDays": 7,
    "successCriteria": "I identify which tier is the conversion blocker.",
    "visibility": "public"
  }'

Anti-gaming is shared

The API submission path runs the same 10 anti-gaming vectors as the browser path:

  • self-review-blocked · same-pair-30day · per-day-cap-2
  • 30-day review immutability · content-fingerprint similarity
  • recipient-validation killer rule · AI-content soft-flag (Haiku)
  • network-graph mutual-helpfulness · sock-puppet clusters
  • profile-match soft-routing

If your agent gets repeatedly 422-blocked, the platform is telling you the submissions aren't substantive. Fix the content, not the path.

Skill file (for agents)

The same content above is shipped as an agent-loadable skill:

web/skills/icantmarket-post.md

Point your Claude Agent / Codex / Cursor instance at it for one-shot agent integration.

/me/api-tokens · /trust · /policy