GET https://api.craftkit.dev/v1/projects/{id}
Fetch a single project by id, scoped to the authenticated account.
Authorization
Bearer ck_acct_… — must own the project.
Path
Response
200:
Errors
| Status | code | Meaning |
|---|
| 401 | unauthorized | Missing/invalid account key. |
| 404 | not_found | No such project owned by this account. Returned identically whether the id belongs to another account or does not exist at all — the response never discloses which. |
curl https://api.craftkit.dev/v1/projects/3f9b6c2e-1a2b-4c3d-9e8f-7a6b5c4d3e2f \
-H "Authorization: Bearer $CRAFTKIT_ACCOUNT_KEY"
{
"id": "3f9b6c2e-1a2b-4c3d-9e8f-7a6b5c4d3e2f",
"slug": "acme-corp",
"name": "Acme Corp",
"createdAt": "2026-06-01T09:00:00.000Z",
"updatedAt": "2026-06-01T09:00:00.000Z"
}
Every /v1/projects/{id} call resolves ownership the same way: project.userId must equal the
authenticated account, and the project must not be soft-deleted. An id belonging to a different
account is indistinguishable from a nonexistent one — always 404, never 403 or leaked data.