2.7 KiB
2.7 KiB
| summary | read_when | ||
|---|---|---|---|
| Public REST API (v1) overview and conventions. |
|
API v1
Base: https://clawhub.ai
OpenAPI: /api/v1/openapi.json
Auth
- Public read: no token required.
- Write + account:
Authorization: Bearer clh_....
Rate limits
Auth-aware enforcement:
-
Anonymous requests: per IP.
-
Authenticated requests (valid Bearer token): per user bucket.
-
Missing/invalid token falls back to IP enforcement.
-
Read: 180/min per IP, 900/min per key
-
Write: 45/min per IP, 180/min per key
Headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset, Retry-After (on 429).
Semantics:
X-RateLimit-Reset: Unix epoch seconds (absolute reset time)RateLimit-Reset: delay seconds until resetRetry-After: delay seconds to wait on429
Example 429:
HTTP/2 429
x-ratelimit-limit: 20
x-ratelimit-remaining: 0
x-ratelimit-reset: 1771404540
ratelimit-limit: 20
ratelimit-remaining: 0
ratelimit-reset: 34
retry-after: 34
Client handling:
- Prefer
Retry-Afterwhen present. - Otherwise use
RateLimit-Resetor derive delay fromX-RateLimit-Reset. - Add jitter to retries.
Endpoints
Public read:
GET /api/v1/search?q=...- Optional filters:
highlightedOnly=true,nonSuspiciousOnly=true - Legacy alias:
nonSuspicious=true
- Optional filters:
GET /api/v1/skills?limit=&cursor=&sort=sort:updated(default),downloads,stars(rating),installsCurrent(installs),installsAllTime,trendingcursorapplies to non-trendingsorts- Optional filter:
nonSuspiciousOnly=true - Legacy alias:
nonSuspicious=true - With
nonSuspiciousOnly=true, cursor-based pages may contain fewer thanlimititems; usenextCursorto continue.
GET /api/v1/skills/{slug}GET /api/v1/skills/{slug}/moderationGET /api/v1/skills/{slug}/versions?limit=&cursor=GET /api/v1/skills/{slug}/versions/{version}GET /api/v1/skills/{slug}/scan?version=&tag=GET /api/v1/skills/{slug}/file?path=&version=&tag=GET /api/v1/resolve?slug=&hash=GET /api/v1/download?slug=&version=&tag=
Auth required:
POST /api/v1/skills(publish, multipart preferred)DELETE /api/v1/skills/{slug}POST /api/v1/skills/{slug}/undeletePOST /api/v1/skills/{slug}/renamePOST /api/v1/skills/{slug}/mergePOST /api/v1/skills/{slug}/transferPOST /api/v1/skills/{slug}/transfer/acceptPOST /api/v1/skills/{slug}/transfer/rejectPOST /api/v1/skills/{slug}/transfer/cancelGET /api/v1/transfers/incomingGET /api/v1/transfers/outgoingGET /api/v1/whoami
Legacy
Legacy /api/* and /api/cli/* still available. See DEPRECATIONS.md.