Skip to content

API Overview

The Zlikord API is a REST API served over HTTP with WebSocket support for real-time events.

http://<your-tailscale-ip>:8787/api/v1

Most endpoints require a JWT Bearer token in the Authorization header:

Authorization: Bearer <token>

Obtain a token by calling POST /api/v1/auth/login.

GET /health

Returns 200 OK with {"status":"ok"}. No authentication required.

Message endpoints use cursor-based pagination:

  • before — Message ID. Returns messages older than this ID.
  • limit — Number of messages to return (default varies by endpoint).

Example:

GET /api/v1/channels/42/messages?limit=50&before=1000

Message creation endpoints are rate-limited using a token bucket algorithm. Defaults:

  • Burst: 5 messages
  • Refill: 1 token per second

Configurable via MESSAGE_RATE_BURST and MESSAGE_RATE_REFILL_PER_SEC environment variables.

Errors return a JSON object with a message:

{
"error": "description of what went wrong"
}

Common HTTP status codes:

StatusMeaning
400Bad request (invalid input)
401Unauthorized (missing or invalid token)
403Forbidden (insufficient permissions)
404Not found
405Method not allowed
429Rate limited
500Internal server error