All API endpoints require authentication using NextAuth.js. Include the session token in your requests.
API endpoints are rate-limited using Upstash Redis:
- 10 requests per 10 seconds per IP address
- Rate limits are enforced globally for all API routes
- Headers returned with each request:
X-RateLimit-Limit: Maximum requests allowedX-RateLimit-Remaining: Remaining requests in windowX-RateLimit-Reset: Time when the rate limit resets
- Exceeded limits return 429 Too Many Requests
Real-time updates are handled through Pusher Channels:
message:sent- New message createdinterface MessageSent { id: string; content: string; type: 'text' | 'code' | 'image'; userId: string; createdAt: string; }
message:updated- Message content updatedinterface MessageUpdated { id: string; updates: { content?: string; type?: 'text' | 'code' | 'image'; } }
message:deleted- Message removedtype MessageDeleted = string; // messageId
chat:updated- Chat details updatedchat:deleted- Chat removed
- PUT
/api/profile - Updates user's basic profile information
- Request body:
{
"name": "string",
"email": "string"
}- Response:
{
"user": {
"name": "string",
"email": "string",
"updatedAt": "string"
}
}- POST
/api/profile/image - Updates user's profile picture
- Request: multipart/form-data
- Field: "image" (file)
- Restrictions:
- Max size: 5MB
- Allowed types: image/jpeg, image/png, image/gif
- Maximum dimensions: 2048x2048
- Response:
{
"imageUrl": "string",
"updatedAt": "string"
}- GET
/api/settings - Retrieves user's settings
- Response:
{
"settings": {
"model": "string",
"theme": "light" | "dark" | "system",
"context": "string",
"runtime": "string",
"isPremium": boolean,
"responseStyle": "concise" | "detailed",
"alwaysShowCode": boolean,
"updatedAt": "string"
}
}- PUT
/api/settings - Updates user's settings
- Request body:
{
"settings": {
"model": "string",
"theme": "light" | "dark" | "system",
"context": "string",
"runtime": "string",
"responseStyle": "concise" | "detailed",
"alwaysShowCode": boolean
}
}- Response: Same as GET settings
- POST
/api/chats - Creates a new chat
- Request body:
{
"title": "string"
}- Response:
{
"id": "string",
"title": "string",
"createdAt": "string"
}- GET
/api/chats/{chatId}/messages - Retrieves messages for a chat
- Query parameters:
page: number (default: 1)limit: number (default: 50, max: 100)type: "text" | "code" | "image" (optional)search: string (optional)startDate: ISO date string (optional)endDate: ISO date string (optional)
- Response:
{
"messages": [
{
"id": "string",
"content": "string",
"type": "text" | "code" | "image",
"userId": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"total": number,
"page": number,
"limit": number
}- POST
/api/chats/{chatId}/messages - Sends a new message
- Request body:
{
"content": "string",
"type": "text" | "code" | "image"
}- Response:
{
"id": "string",
"content": "string",
"type": "text" | "code" | "image",
"userId": "string",
"createdAt": "string"
}- PUT
/api/chats/{chatId}/messages/{messageId} - Updates an existing message
- Request body:
{
"content": "string",
"type": "text" | "code" | "image"
}- Response:
{
"id": "string",
"content": "string",
"type": "text" | "code" | "image",
"updatedAt": "string"
}- DELETE
/api/chats/{chatId}/messages/{messageId} - Deletes a message
- Response: 204 No Content
All error responses follow this format:
{
"error": {
"message": "string",
"code": "string",
"details": {} // Optional additional information
}
}Common error codes:
unauthorized: Authentication requiredforbidden: Insufficient permissionsnot_found: Resource not foundvalidation_error: Invalid request datarate_limited: Too many requestsinternal_error: Server error