Base URL
Authentication
The API supports two authentication methods. Most endpoints accept either one.| Method | Header | Notes |
|---|---|---|
| API key | x-api-secret: <secret> | Set via BOT_API_SECRET env var |
| JWT Bearer | Authorization: Bearer <token> | Obtained via Discord OAuth2 |
A small set of community and health endpoints are public and require no authentication. See the Authentication page for the full list.
Authentication
How to obtain and use API keys and JWT tokens.
Rate limits
Rate limit headers, windows, and 429 handling.
Response format
All responses are JSON. Successful responses return the resource directly or a wrapper object documented per endpoint.Success
Error
Errors follow a consistent shape:details array:
Error codes
| Status | Meaning |
|---|---|
400 | Bad request — missing or invalid parameters |
401 | Unauthorized — missing or invalid credentials |
403 | Forbidden — valid credentials but insufficient permissions |
404 | Not found — resource does not exist |
429 | Too many requests — rate limit exceeded |
500 | Internal server error |
503 | Service unavailable — database or external service down |
Pagination
Paginated endpoints acceptpage and limit query parameters and return a wrapper with total and page fields.
| Parameter | Type | Default | Max |
|---|---|---|---|
page | integer | 1 | — |
limit | integer | 25 | 100 |
The member list endpoint uses cursor-based pagination via the
after parameter instead of page/limit.