// Reference for all onepixel API endpoints, their HTTP methods, paths, auth requirements, and behavior.
| name | api-endpoints |
| description | Reference for all onepixel API endpoints, their HTTP methods, paths, auth requirements, and behavior. |
Use this skill when adding, modifying, or debugging API routes, middleware, or authentication logic.
Four auth middleware are defined in src/security/middlewares.go:
X-API-Key header matching config.AdminApiKey. Sets admin=true in Fiber locals.Authorization: Bearer <token>. Stores decoded *models.User in Fiber locals./api/v1/users)Source: src/routes/api/users.go
| Method | Path | Auth | Description |
|---|---|---|---|
POST | /users | X-API-Key (required) | Register a new user. Returns JWT token. 409 if email exists. |
POST | /users/login | None | Login with email/password. Returns JWT token. 401 if invalid. |
GET | /users/{userid} | JWT (required) | Get user info (currently returns placeholder). |
PATCH | /users/{userid} | JWT (required) | Update user password. Returns updated user and new JWT token. |
/api/v1/urls)Source: src/routes/api/urls.go
| Method | Path | Auth | Description |
|---|---|---|---|
GET | /urls | JWT (optional) + X-API-Key (optional) | Get all URLs. Admin can filter by ?userid=. Returns 401 if neither auth. |
GET | /urls/groups | JWT (required) | Get URL groups created by the authenticated user. |
POST | /urls/groups | X-API-Key (required) | Create a URL group. Requires short_path and creator_id. |
POST | /urls/groups/{group}/shorten | JWT (required) | Create a random short URL inside a group the user owns. |
POST | /urls/groups/{group}/shorten/{shortcode} | JWT (required) | Create a specific short URL inside a group the user owns. |
GET | /urls/groups/{group}/{shortcode} | None | Get URL info (long URL + hit count) for a grouped short URL. |
POST | /urls | JWT (required) | Create a random short URL for the authenticated user. |
PUT | /urls/{shortcode} | JWT (required) | Create a short URL with a specific shortcode. 409 if exists, 403 if forbidden. |
GET | /urls/{shortcode} | None | Get URL info (long URL + hit count). 404 if not found. |
/api/v1/stats)Source: src/routes/api/stats.go
| Method | Path | Auth | Description |
|---|---|---|---|
GET | /stats | JWT (optional) | Get redirect statistics for the authenticated user. |
GET | /stats/{shortcode} | None | Get stats for a specific short URL (currently returns placeholder). |
MAIN_SITE_HOST)Source: src/routes/redirect/redirect.go, src/server/server.go
| Method | Path | Auth | Description |
|---|---|---|---|
GET | /{group}/{shortcode} | None | Redirect to the long URL via group + shortcode. Logs event async. |
GET | /{shortcode} | None | Redirect to the long URL via shortcode. Logs event async. |
GET | / | None | Redirect to admin host. Logs event async. |
Source: src/server/server.go
| Method | Path | Auth | Description |
|---|---|---|---|
GET | /docs/* | None | Swagger UI for OpenAPI documentation. |
GET | / | None | Static files from ./public_html (gzip, 1-hour cache). |
Only these endpoints require or accept the X-API-Key header:
POST /api/v1/users – required (admin-only user registration)POST /api/v1/urls/groups – required (admin-only group creation)GET /api/v1/urls – optional (admin access to query any user's URLs)Understand onepixel database topology by environment, data ownership across app/events stores, and initialization/migration behavior.
Understand onepixel runtime architecture, host-based app dispatch, and redirect analytics flow before changing behavior across routes/controllers/db.
Build and run onepixel binaries, generate Swagger docs when needed, and produce cross-platform release artifacts.
Apply onepixel repository conventions for env loading, DB backend selection, auth locals, error payloads, and shortcode semantics.
Run onepixel unit and e2e tests with correct env setup, coverage artifacts, and troubleshooting guidance for GeoIP/network-related failures.