Skip to main content

Introduction

The ZeroStarter API is built with Hono, a lightweight, ultrafast web framework for the edge. It provides a modern REST API with full TypeScript support and automatic OpenAPI documentation generation.

Base URL

The API is available at: 
https://your-domain.com/api
For local development: 
http://localhost:3001/api

Type-Safe RPC Client

ZeroStarter leverages Hono’s RPC client for end-to-end type safety between your API and frontend. The client is automatically typed based on your API routes, providing full IntelliSense and compile-time error checking.

Client Setup

The API client is pre-configured in your Next.js application:
web/next/src/lib/api/client.ts
import type { AppType } from "@api/hono"
import { hc } from "hono/client"
import { config } from "@/lib/config"

const url = config.api.internalUrl ? config.api.internalUrl : config.api.url

const honoClient = hc<AppType>(url, {
  init: {
    credentials: "include",
  },
})

export const apiClient = honoClient.api

Usage Example

import { apiClient } from "@/lib/api/client"

// Get health status
const response = await apiClient.health.$get()
const { data } = await response.json()

// Get current user (authenticated)
const userResponse = await apiClient.v1.user.$get()
const { data: user } = await userResponse.json()

Interactive API Documentation

ZeroStarter includes interactive API documentation powered by Scalar:

API Documentation

Access the interactive API documentation at /api/docs
The documentation is automatically generated from your route definitions and includes:
  • All available endpoints
  • Request/response schemas
  • Type-safe code examples using hono/client
  • Interactive request testing

OpenAPI Specification

The OpenAPI specification is available at: 
GET /api/openapi.json
This JSON document follows the OpenAPI 3.0 specification and can be imported into tools like Postman, Insomnia, or used to generate client SDKs.

API Structure

The API is organized into the following sections:

System

Health check and system status endpoints

Authentication

Better Auth endpoints for authentication flows

Session

Retrieve current session information

User

Get current authenticated user data

Response Format

All API responses follow a consistent format:

Success Response

{
  "data": {
    // Response data here
  }
}

Error Response

{
  "error": {
    "code": "ERROR_CODE",
    "message": "Human-readable error message"
  }
}

CORS Configuration

The API includes CORS middleware with the following configuration:
  • Allowed Origins: Configured via HONO_TRUSTED_ORIGINS environment variable
  • Allowed Headers: content-type, authorization
  • Allowed Methods: GET, OPTIONS, POST, PUT
  • Credentials: Enabled for cookie-based authentication
  • Max Age: 600 seconds

Rate Limiting

All API endpoints are protected by rate limiting middleware to prevent abuse. Rate limits are applied per IP address.

Authentication

Protected endpoints (under /api/v1/*) require authentication. ZeroStarter uses Better Auth for authentication, which handles:
  • Session management
  • Social OAuth (GitHub, Google)
  • Email/password authentication
  • Organization and team management
Authentication is cookie-based. Include credentials in your requests: 
fetch('/api/v1/user', {
  credentials: 'include'
})
The Hono RPC client is pre-configured with credentials: "include" for automatic cookie handling.

Next Steps

Health Check

Learn about the health endpoint

Authentication

Explore authentication endpoints

Session API

Get session information

User API

Access user data

Build docs developers (and LLMs) love

Get started for freeTalk to us