API Routes

This section documents all API endpoints available in CraftJS.

Overview

CraftJS provides RESTful API endpoints for all major features:

Authentication

All API routes (except webhooks and public endpoints) require authentication. Include the session cookie or use the auth header.

Session Cookie

Authentication is automatic when using cookies (default browser behavior).

API Key (Coming Soon)

For programmatic access:

curl -X POST https://yourapp.com/api/chat \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"messages": [...]}'

Rate Limiting

API endpoints are rate limited per user:

Rate limit headers are included in responses:

X-RateLimit-Remaining: 9
X-RateLimit-Reset: 1699999999999

Error Responses

All errors follow a consistent format:

{
  "error": "Error message",
  "code": "ERROR_CODE",
  "details": {}
}

Common Error Codes

CORS

CORS is configured to allow requests from:

• Your production domain
• localhost in development

To customize, update next.config.ts:

async headers() {
  return [
    {
      source: "/api/:path*",
      headers: [
        { key: "Access-Control-Allow-Origin", value: "https://yourdomain.com" },
        { key: "Access-Control-Allow-Methods", value: "GET,POST,DELETE" },
        { key: "Access-Control-Allow-Headers", value: "Content-Type, Authorization" },
      ],
    },
  ]
}

API Sections