Skip to main content

Overview

The FoN API is a RESTful API that allows you to interact with the FoN platform programmatically. All requests should be made to the base URL:
https://fucksornot.com

Authentication

Most endpoints require authentication, using one of three mechanisms depending on the endpoint:

Session Cookie

Cookie: auth-token=<jwt> — used by almost all endpoints (voting, tags, profile, uploads, MFA, password management, etc.)

JWT Bearer Token

Authorization: Bearer <jwt> — used only by the /api/auth/tokens token-management endpoints

API Token

Authorization: Bearer <api_token> — used only by /api/v1/upload
# Using the session cookie (most endpoints)
curl https://fucksornot.com/api/profile \
  -H "Cookie: auth-token=YOUR_JWT_TOKEN"
See the Authentication guide for full details, and each endpoint’s reference page for which mechanism it expects.

Request Format

JSON Requests

For endpoints that accept JSON, set the Content-Type header:
curl -X POST https://fucksornot.com/api/auth \
  -H "Content-Type: application/json" \
  -d '{"action": "login", "email": "...", "password": "..."}'

Form Data

For file uploads, use multipart/form-data:
curl -X POST https://fucksornot.com/api/upload \
  -H "Cookie: auth-token=YOUR_JWT_TOKEN" \
  -F "upload_type=image" \
  -F "description=My upload" \
  -F "file=@image.jpg"

Response Format

All responses are returned as JSON. There is no wrapper envelope — successful responses return the resource or domain object directly. For example, GET /api/uploads returns:
{
  "uploads": [...],
  "page": 1,
  "limit": 10
}

Error Responses

Errors follow the standard Nitro/H3 error shape, with a statusCode, statusMessage, and a descriptive message:
{
  "statusCode": 401,
  "statusMessage": "Unauthorized",
  "message": "Invalid or expired token"
}

HTTP Status Codes

CodeDescription
200Success
304Not Modified (cached)
400Bad Request - Invalid input
401Unauthorized - Authentication required
403Forbidden - Insufficient permissions
404Not Found - Resource doesn’t exist
429Too Many Requests - Rate limited
500Internal Server Error

Rate Limits

The API enforces rate limits to ensure fair usage:
Endpoint CategoryLimitWindow
Authentication10 requests15 minutes
Uploads20 requests1 hour
Voting30 requests1 minute
Anonymous voting10 requests1 minute
General100 requests1 minute
When rate limited, you’ll receive a 429 response with a Retry-After header.

Pagination

List endpoints support pagination via query parameters:
ParameterTypeDefaultDescription
pageinteger1Page number (1-indexed)
limitinteger10Items per page (max 100)
curl "https://fucksornot.com/api/uploads?page=2&limit=20"
Response includes pagination info:
{
  "uploads": [...],
  "page": 2,
  "limit": 20
}

Caching

The API uses caching to improve performance:
EndpointCache Duration
/api/uploads2 minutes
/api/items-recent5 minutes
/api/profile30 seconds
/api/image/{id}1 year (public)
Use the ETag header for conditional requests.

OpenAPI Specification

The complete API is documented using OpenAPI 3.1. You can:

View OpenAPI Spec

Download the full OpenAPI specification

Endpoints

Authentication

User registration, login, and session management

Uploads

Create, manage, and browse uploads

Voting

Vote on content

Tags

Tag management and discovery

Media

Image and thumbnail retrieval