Using the REST API

Using the REST API

It's possible to use the REST API for interacting with TurboCore, but it's recommended that you use one of the client libraries instead.


Most endpoints require that you pass a JWT in the Authorization header. Endpoints that require authentication will be marked with a 🔒. The JWT should be passed as a Bearer token. Here is an example of how to pass a JWT in a GET request:

curl -X GET \
  https://[DOMAIN]/api/auth/user \
  -H 'Authorization: Bearer <JWT>'

You can get a JWT by making a POST request to /api/auth/login as described in Authentication.

Handling Errors

The REST API will return a 200 OK response for successful requests, and a 400 Bad Request response for requests that fail. Successful requests will return a JSON body with the response data, and failed requests will return a JSON body with an error code and human readable message. Here is an example of a failed authentication request:

    "message": "The email or password is incorrect."

You should always check the HTTP status code of the response to determine how to handle the response.

Admin Endpoints

The REST API has a few endpoints that should only be used on the server side and never on the client. These endpoints are prefixed with /api/admin/. All of these endpoints require an admin token to be passed in the Authorization header.


Warning: Using these endpoints on the client side gives anyone who has access to your client code the ability to perform any action on your TurboCore instance. This includes creating, updating, and deleting any user, and creating, updating, and deleting any data.