Skip to main content

System API

System-level endpoints for health checks, configuration, and schema introspection.

Schema

GET /api/schema

Returns table metadata (field definitions). Access rules are not included in the response.

Access is controlled by the api.schemaEndpoint config option:

ValueBehavior
false (default)Returns 404
truePublic access
'authenticated'Requires JWT or Service Key

Config

GET /api/config

Returns public configuration needed for client SDK initialization (e.g., Turnstile CAPTCHA site key).

No authentication required. Only exposes non-sensitive configuration values.

Health

GET /api/health

Health check endpoint. Returns server status.

{ "status": "ok" }

No authentication required.

Error Format

All API errors follow a consistent format:

{
  "code": 400,
  "message": "Validation failed.",
  "data": {
    "title": { "code": "required", "message": "Field is required." }
  }
}

HTTP Status Codes

StatusMeaning
400Bad request / validation failed
401Authentication required (missing or expired token)
403Access denied (access rule violation)
404Resource not found
405Method not allowed
409Conflict (e.g., duplicate email)
413Request entity too large
415Unsupported media type
429Rate limit exceeded
500Internal server error

Error Response Fields

FieldTypeDescription
codenumberHTTP status code
messagestringHuman-readable error description
dataobjectOptional field-level validation details

Common Authentication Errors

ScenarioStatusMessage
No token provided401Authentication required
Expired access token401Token expired
Invalid token signature401Invalid token
Access rule denied403Access denied
Service Key invalid401Invalid service key