Base URL
Authentication
All/v2/* endpoints require authentication via one of:
JWT tokens are issued by Supabase and validated using HS256 (shared secret) or ES256 (JWKS). The
aud claim must be authenticated.
On authentication failure, the server returns HTTP 401:
Response Format
All v2 endpoints return JSON in a standard envelope. Success (HTTP 200):Common Headers
Optional headers that some endpoints use for localization:Endpoints
Health Check
Error Codes
Languages
x-lang header value. Supports both GET and POST.
Request headers:
Response:
Cache-Control: public, max-age=86400, stale-while-revalidate=3600Vary: x-lang, Accept-Encoding
x-lang value. First request per locale hits origin; subsequent requests are served from edge cache.
Languages (Mobile)
listening_text, ready_text).
Response:
Device Registration
Response:
Device Deactivation
Twilio Video Token
- 404 (code 2102): Room not found or not in-progress
- 500 (code 2100): Token creation failure
Twilio Video Room
- Type: group
- Max participants: 2
- Max participant duration: 3600 seconds
- Unused room timeout: 1 minute
Account: Opt In
Account: Opt Out
Account: Check Opted Out
Account: Query
Account: Update Privacy Agreed
Account: Update Onboarding
Account: Delete
- Supabase auth user deletion
- PostHog person cleanup (best-effort)
- S3 file cleanup (best-effort)
- 404 (code 2204): User not found in Supabase auth
- 500 (code 2203): Deletion failure
Service Configuration
The API service is configured via environment variables. Seeservices/api/AGENTS.md for the complete list.
Key variables:
SUPABASE_URL,SUPABASE_JWT_SECRET,SUPABASE_SERVICE_ROLE_KEYfor Supabase integrationTWILIO_ACCOUNT_SID,TWILIO_API_KEY,TWILIO_API_SECRETfor Twilio videoGATEWAY_API_KEYSfor API key authenticationLANGUAGES_CONFIG_PATHfor language list configuration