Base URL
All API requests should be made to:Versioning
The API is versioned via URL path prefix. The current version is v1.Content Type
All requests and responses use JSON. Set the following header on every request:Authentication
Most endpoints require a Bearer token obtained via the Login or Register endpoints. Include the token in theAuthorization header:
X-API-Key header:
Rate Limits
API requests are rate-limited to protect the platform from abuse.| Tier | Limit | Window |
|---|---|---|
| Default | 100 requests | 1 minute |
| Auth | 20 requests | 1 minute |
| Checkout | 50 requests | 1 minute |
429 Too Many Requests response with the following headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed in the window |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
Error Format
All errors follow a consistent structure:Common Error Codes
| HTTP Status | Code | Description |
|---|---|---|
| 400 | VALIDATION_ERROR | Request body or params are invalid |
| 401 | UNAUTHORIZED | Missing or expired token |
| 403 | FORBIDDEN | Insufficient permissions |
| 404 | NOT_FOUND | Resource does not exist |
| 409 | CONFLICT | Resource already exists |
| 429 | RATE_LIMITED | Too many requests |
| 500 | INTERNAL_ERROR | Unexpected server error |
Pagination
List endpoints support cursor-based pagination with the following query parameters:| Parameter | Type | Default | Description |
|---|---|---|---|
page | integer | 1 | Page number |
limit | integer | 20 | Items per page (max 100) |