Documentation
Documentation
Introduction

Getting Started

Getting started
Getting StartedInstallationQuick StartProject Structure

Configuration

Configuration
ConfigurationEnvironment ConfigurationEdge ConfigDatabaseAuth SecretStripeFirebaseStorageGoogle Maps And Cloud Service AccountOAuth ProvidersEmail DeliverySentryFeature Flags

Architecture

Architecture
Architecture OverviewTech StackoRPC MiddlewareDesign Principles

Patterns

Patterns
Code Patterns & ConventionsFeature ModulesError HandlingType Safety

Database

Database
DatabaseSetupSchema DefinitionDatabase OperationsMigrationsCaching
Data Tables

API

oRPCProceduresRoutersoRPC Proxy Setup
APIsOpenAPIREST Endpoints

Auth & Access

AuthenticationConfigurationOAuth ProvidersRolesSession Management
AuthorizationUser RolesPermissions

Routing & i18n

RoutingDeclarative RoutingNavigation
InternationalizationTranslationsLocale Routing

Components & UI

ComponentsButtonsFormsNavigationDialogs
StylesTailwind CSSThemingTypography

Storage

Storage
StorageConfigurationUsageBuckets
Stripe Billing

Extra

Caching

Templates

Templates
Template GuidesCreate New FeatureCreate New PageCreate Database TableCreate oRPC RouterAdd Translations

Development

Development
DevelopmentCommandsAI AgentsBest Practices
Pulling Updates

REST Endpoints

Calling OpenAPI-exposed oRPC procedures

Endpoint Format

Procedures exposed via .route({ path }) are reachable at:

/api/<path>

Example:

  • .route({ method: "GET", path: "/todos/list" })
  • endpoint: GET /api/todos/list

Authentication

API key auth

If the procedure has .meta({ acceptApiKey: true }), call it with:

curl -X GET "https://your-app.com/api/todos/list?organizationId=<org-uuid>" \
  -H "x-api-key: YOUR_API_KEY"

Session auth

Browser or cookie-based clients can call protected endpoints using session cookies.

Request Examples

GET

curl -X GET "https://your-app.com/api/todos/list?organizationId=<org-uuid>" \
  -H "x-api-key: YOUR_API_KEY"

POST

curl -X POST "https://your-app.com/api/my-feature/upsert" \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"My item"}'

JavaScript Example

const response = await fetch("https://your-app.com/api/todos/list?organizationId=<org-uuid>", {
  headers: {
    "x-api-key": process.env.API_KEY!,
  },
});

const json = await response.json();

Python Example

import requests

response = requests.get(
    "https://your-app.com/api/todos/list",
    params={"organizationId": "<org-uuid>"},
    headers={"x-api-key": "YOUR_API_KEY"}
)

print(response.json())

OpenAPI Schema

  • OpenAPI JSON: GET /api/openapi.json
  • Swagger UI: /api/docs/swagger
  • Scalar UI: /api/docs/scalar

Next Steps

OpenAPI Configuration

oRPC Procedures

API Overview

On this page

Endpoint Format
Authentication
API key auth
Session auth
Request Examples
GET
POST
JavaScript Example
Python Example
OpenAPI Schema
Next Steps