General

This document describes conventions used in the API

ANY /api/*

These conventions apply to all URLs under /api/

Status Codes:

• 400 Bad Request – the request is malformed
• 401 Unauthorized – the user is required to authenticate, or the token is invalid
• 403 Forbidden – the authenticated user is not allowed to access the resource
• 500 Internal Server Error – there is a bug in the server, consider reporting it

OPTIONS /api/*

Use OPTIONS to query permissions for a certain resource.

This also set the Access-Control-Allow-Origin: * header to allow cross site AJAX.

Implemented by all URLs under /api/.

Request JSON Object:  

• permission – array of strings

Example:

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Length: 44
Content-Type: application/json; charset=UTF-8

{"permissions": ["comment", "read", "vote"]}