This document provides comprehensive documentation for the Media Vault REST API, including endpoints, request/response formats, authentication, and usage examples.
Current version: v1
All API endpoints are relative to the base URL:
https://api.yourdomain.com/v1
For local development:
http://localhost:8080/api/v1
All API requests require authentication using JWT (JSON Web Tokens). Include the token in the Authorization header:
Authorization: Bearer your-jwt-tokenInclude these headers with all requests:
Content-Type: application/jsonAccept: application/jsonAuthorization: Bearer <token>
- Authentication
- Base URL
- Response Format
- Error Handling
- Endpoints
- Webhooks
- Rate Limiting
- Pagination
- WebSocket API
All API endpoints require authentication using JWT (JSON Web Tokens).
POST /api/v1/auth/login
Content-Type: application/json
{
"username": "user@example.com",
"password": "yourpassword"
}Response:
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 3600,
"token_type": "Bearer"
}Include the token in the Authorization header:
Authorization: Bearer your.jwt.token.here
All API endpoints are relative to the base URL:
https://api.your-mediavault-instance.com/api/v1
All successful API responses follow this format:
{
"success": true,
"data": {
/* response data */
},
"meta": {
"timestamp": "2023-05-30T10:00:00Z",
"version": "1.0.0"
}
}Error responses include an error code and message:
HTTP/1.1 400 Bad Request
Content-Type: application/json
{
"success": false,
"error": {
"code": "validation_error",
"message": "Invalid input data",
"details": [
{
"field": "email",
"message": "Must be a valid email address"
}
]
},
"meta": {
"timestamp": "2023-05-30T10:00:00Z",
"request_id": "req_1234567890"
}
}| Code | HTTP Status | Description |
|---|---|---|
unauthorized |
401 | Invalid or missing authentication |
forbidden |
403 | Insufficient permissions |
not_found |
404 | Resource not found |
validation_error |
400 | Invalid input data |
rate_limited |
429 | Too many requests |
internal_error |
500 | Server error |
POST /auth/loginPOST /auth/refreshPOST /auth/logoutGET /users/mePATCH /users/mePOST /media/upload
Content-Type: multipart/form-dataGET /media/{id}GET /mediaPOST /collectionsPOST /collections/{id}/mediaMedia Vault can send webhook notifications for various events:
media.uploadedmedia.deleteduser.registeredcollection.created
{
"event": "media.uploaded",
"data": {
"id": "media_123",
"type": "image",
"user_id": "user_123"
},
"timestamp": "2023-05-30T10:00:00Z"
}- Anonymous: 60 requests per minute
- Authenticated: 1000 requests per minute
- API Key: 5000 requests per minute
Headers:
X-RateLimit-Limit: Request limit per time windowX-RateLimit-Remaining: Remaining requestsX-RateLimit-Reset: Timestamp when the limit resets
List endpoints support pagination:
GET /media?page=2&per_page=20Response includes pagination metadata:
{
"data": [],
"meta": {
"pagination": {
"total": 150,
"count": 20,
"per_page": 20,
"current_page": 2,
"total_pages": 8,
"links": {
"next": "/media?page=3",
"prev": "/media?page=1"
}
}
}
}Real-time updates are available via WebSocket:
const socket = new WebSocket('wss://api.your-mediavault-instance.com/realtime');
// Authenticate
socket.send(JSON.stringify({
type: 'auth',
token: 'your.jwt.token'
}));
// Subscribe to events
socket.send(JSON.stringify({
type: 'subscribe',
channel: 'media_updates',
resource_id: 'media_123'
}));
// Handle messages
socket.onmessage = (event) => {
console.log('Update:', JSON.parse(event.data));
};Official SDKs are available for popular languages:
- JavaScript/TypeScript:
npm install @mediavault/sdk - Python:
pip install mediavault-sdk - Go:
go get github.com/wronai/mediavault-go
The API is versioned in the URL path (e.g., /api/v1/...). Breaking changes will result in a new version number.
- All endpoints require HTTPS
- JWT tokens expire after 1 hour
- Password hashing with Argon2id
- Rate limiting to prevent abuse
- CORS restricted to trusted domains
For API support, please contact api-support@wron.ai or open an issue on GitHub.