Documentation

Client API

Base path /api/1.x. Called from your app to authenticate its users against a license. Every call except init needs the app-session token as Authorization: Bearer <token>.

POST/api/1.x/init
Auth: none (handshake)

Resolves the app by name + ownerid, enforces the version, and mints the app-session token.

curl
curl -X POST function(){throw Error("Attempted to call BASE() from the server but BASE is on the client. It's not possible to invoke a client function from the server, it can only be rendered as a Component or passed to props of a Client Component.")}/api/1.x/init \
  -H "Content-Type: application/json" \
  -d '{"name":"My app","ownerid":"your-ownerid","version":"1.0"}'
200
{ "success": true, "session": "<app-session-token>", "app": "My app", "version": "1.0" }

426 if the version is outdated · 404 if the app isn't found.

POST/api/1.x/register
Auth: Bearer app-session

Redeems a license key and creates a user. Body: email, password, license, hwid?.

curl
curl -X POST function(){throw Error("Attempted to call BASE() from the server but BASE is on the client. It's not possible to invoke a client function from the server, it can only be rendered as a Component or passed to props of a Client Component.")}/api/1.x/register \
  -H "Authorization: Bearer <app-session>" \
  -H "Content-Type: application/json" \
  -d '{"email":"user@x.com","password":"secret123","license":"LUMEN-XXXXX-XXXXX-XXXXX-XXXXX","hwid":"DEVICE-ID"}'
201
{ "success": true, "token": "<jwt>", "session": "<user-session-id>",
  "user": { "id": "...", "email": "user@x.com", "level": 1, "expiresAt": "..." } }
POST/api/1.x/login
Auth: Bearer app-session

Email + password login with HWID lock. Body: email, password, hwid?.

curl
curl -X POST function(){throw Error("Attempted to call BASE() from the server but BASE is on the client. It's not possible to invoke a client function from the server, it can only be rendered as a Component or passed to props of a Client Component.")}/api/1.x/login \
  -H "Authorization: Bearer <app-session>" \
  -H "Content-Type: application/json" \
  -d '{"email":"user@x.com","password":"secret123","hwid":"DEVICE-ID"}'
POST/api/1.x/license
Auth: Bearer app-session

Login with just a license key (no email/password). Body: license, hwid?.

curl
curl -X POST function(){throw Error("Attempted to call BASE() from the server but BASE is on the client. It's not possible to invoke a client function from the server, it can only be rendered as a Component or passed to props of a Client Component.")}/api/1.x/license \
  -H "Authorization: Bearer <app-session>" \
  -H "Content-Type: application/json" \
  -d '{"license":"LUMEN-XXXXX-XXXXX-XXXXX-XXXXX","hwid":"DEVICE-ID"}'
POST/api/1.x/check
Auth: Bearer app-session

Confirm a user session is still valid (not expired, banned or blacklisted). Body: session.

curl
curl -X POST function(){throw Error("Attempted to call BASE() from the server but BASE is on the client. It's not possible to invoke a client function from the server, it can only be rendered as a Component or passed to props of a Client Component.")}/api/1.x/check \
  -H "Authorization: Bearer <app-session>" \
  -H "Content-Type: application/json" \
  -d '{"session":"<user-session-id>"}'
POST/api/1.x/var
Auth: Bearer app-session

Read a server-side variable. Gated by the user's subscription level. Body: session, name.

curl
curl -X POST function(){throw Error("Attempted to call BASE() from the server but BASE is on the client. It's not possible to invoke a client function from the server, it can only be rendered as a Component or passed to props of a Client Component.")}/api/1.x/var \
  -H "Authorization: Bearer <app-session>" \
  -H "Content-Type: application/json" \
  -d '{"session":"<user-session-id>","name":"webhook_url"}'
200
{ "success": true, "name": "webhook_url", "value": "https://…" }
POST/api/1.x/file
Auth: Bearer app-session

Download a license-gated file. Returns the raw bytes on success (or JSON on error). Body: session, fileId.

curl
curl -X POST function(){throw Error("Attempted to call BASE() from the server but BASE is on the client. It's not possible to invoke a client function from the server, it can only be rendered as a Component or passed to props of a Client Component.")}/api/1.x/file \
  -H "Authorization: Bearer <app-session>" \
  -H "Content-Type: application/json" \
  -d '{"session":"<user-session-id>","fileId":"<file-uuid>"}' \
  --output payload.bin