API Reference
All API endpoints require authentication via Bearer token unless marked as public. Tokens are managed through the admin interface.
An auto-generated OpenAPI documentation is available at GET /api/doc. An LLM-friendly context document is available at GET /.well-known/ai-context (public, no auth).
Rate Limits
| Scope | Limit |
|---|---|
| API Write (POST/PUT/PATCH/DELETE) | 1,500/min |
| API Read (GET/HEAD/OPTIONS) | 3,000/min |
| Login | 5/min |
| Registration | 5/hour |
| Password reset | 3/hour |
Rate limit headers are included in responses: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset.