Overview
The FoN API is a RESTful API that allows you to interact with the FoN platform programmatically. All requests should be made to the base URL:Authentication
Most endpoints require authentication, using one of three mechanisms depending on the endpoint:Session Cookie
Cookie: auth-token=<jwt> — used by almost all endpoints (voting, tags, profile, uploads, MFA, password management, etc.)JWT Bearer Token
Authorization: Bearer <jwt> — used only by the /api/auth/tokens token-management endpointsAPI Token
Authorization: Bearer <api_token> — used only by /api/v1/uploadRequest Format
JSON Requests
For endpoints that accept JSON, set theContent-Type header:
Form Data
For file uploads, usemultipart/form-data:
Response Format
All responses are returned as JSON. There is no wrapper envelope — successful responses return the resource or domain object directly. For example,GET /api/uploads returns:
Error Responses
Errors follow the standard Nitro/H3 error shape, with astatusCode, statusMessage, and a descriptive message:
HTTP Status Codes
| Code | Description |
|---|---|
200 | Success |
304 | Not Modified (cached) |
400 | Bad Request - Invalid input |
401 | Unauthorized - Authentication required |
403 | Forbidden - Insufficient permissions |
404 | Not Found - Resource doesn’t exist |
429 | Too Many Requests - Rate limited |
500 | Internal Server Error |
Rate Limits
The API enforces rate limits to ensure fair usage:| Endpoint Category | Limit | Window |
|---|---|---|
| Authentication | 10 requests | 15 minutes |
| Uploads | 20 requests | 1 hour |
| Voting | 30 requests | 1 minute |
| Anonymous voting | 10 requests | 1 minute |
| General | 100 requests | 1 minute |
429 response with a Retry-After header.
Pagination
List endpoints support pagination via query parameters:| Parameter | Type | Default | Description |
|---|---|---|---|
page | integer | 1 | Page number (1-indexed) |
limit | integer | 10 | Items per page (max 100) |
Caching
The API uses caching to improve performance:| Endpoint | Cache Duration |
|---|---|
/api/uploads | 2 minutes |
/api/items-recent | 5 minutes |
/api/profile | 30 seconds |
/api/image/{id} | 1 year (public) |
ETag header for conditional requests.
OpenAPI Specification
The complete API is documented using OpenAPI 3.1. You can:View OpenAPI Spec
Download the full OpenAPI specification
Endpoints
Authentication
User registration, login, and session management
Uploads
Create, manage, and browse uploads
Voting
Vote on content
Tags
Tag management and discovery
Media
Image and thumbnail retrieval