API Overview

The GoodData API is a RESTful API that provides access to all platform features. This documentation covers authentication, endpoints, request/response formats, and integration examples.

Base URL

All API requests should be made to your configured backend base URL:

http://localhost:8000/api

https://api.yourapp.com/api

Authentication

The API uses JWT (JSON Web Token) based authentication. Include the token in the Authorization header for authenticated requests:

Authorization: Bearer <your-jwt-token>

Getting a Token

Obtain a JWT token through the authentication endpoints:

// Login with email/password
const response = await fetch('/api/auth/login', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    email: 'user@example.com',
    password: 'password123'
  })
});

const { token, user } = await response.json();

Request Format

Headers

All requests should include these headers:

Content-Type: application/json
Authorization: Bearer <token>  # For authenticated endpoints

Request Body

API requests expect JSON payloads:

{
  "field1": "value1",
  "field2": "value2"
}

Response Format

All API responses follow a consistent structure:

Success Response

{
  "success": true,
  "data": {
    // Response data here
  },
  "message": "Operation completed successfully"
}

Error Response

{
  "success": false,
  "error": "Error message describing what went wrong",
  "code": "ERROR_CODE",
  "details": {
    // Additional error details (optional)
  }
}

Status Codes

The API uses standard HTTP status codes:

Code	Meaning	Description
`200`	OK	Request successful
`201`	Created	Resource created successfully
`400`	Bad Request	Invalid request data
`401`	Unauthorized	Invalid or missing authentication
`403`	Forbidden	Insufficient permissions
`404`	Not Found	Resource not found
`409`	Conflict	Resource already exists
`422`	Unprocessable Entity	Validation errors
`429`	Too Many Requests	Rate limit exceeded
`500`	Internal Server Error	Server error

API Endpoints

Authentication

Method	Endpoint	Description
`POST`	`/auth/login`	Authenticate with email/password
`POST`	`/auth/register`	Create new user account
`POST`	`/auth/google`	Authenticate with Google OAuth
`POST`	`/auth/logout`	Invalidate current session
`POST`	`/auth/refresh`	Refresh JWT token
`GET`	`/auth/me`	Get current user profile

Users

Method	Endpoint	Description
`GET`	`/users/profile`	Get user profile
`PUT`	`/users/profile`	Update user profile
`DELETE`	`/users/account`	Delete user account

Contact & Communication

Method	Endpoint	Description
`POST`	`/contact`	Submit contact form
`POST`	`/newsletter/subscribe`	Subscribe to newsletter
`DELETE`	`/newsletter/unsubscribe`	Unsubscribe from newsletter

Content

Method	Endpoint	Description
`GET`	`/search`	Search content
`GET`	`/comments/:postId`	Get post comments
`POST`	`/comments/:postId`	Create comment

Rate Limiting

API requests are rate-limited to ensure service stability:

Authentication endpoints: 5 requests per minute
General endpoints: 100 requests per minute
Bulk operations: 10 requests per minute

Rate limit information is included in response headers:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 99
X-RateLimit-Reset: 1640995200

When rate limits are exceeded, the API returns a 429 Too Many Requests status with a Retry-After header indicating when to retry.

Pagination

List endpoints support pagination using query parameters:

GET /api/users?page=1&limit=20&sort=created_at&order=desc

Pagination Parameters

Parameter	Description	Default	Maximum
`page`	Page number (1-based)	`1`	`1000`
`limit`	Items per page	`20`	`100`
`sort`	Sort field	`created_at`	-
`order`	Sort order (`asc`, `desc`)	`desc`	-

Pagination Response

{
  "success": true,
  "data": {
    "items": [...],
    "pagination": {
      "page": 1,
      "limit": 20,
      "total": 150,
      "pages": 8,
      "hasNext": true,
      "hasPrev": false
    }
  }
}

Filtering & Searching

Most list endpoints support filtering and searching:

GET /api/users?search=john&status=active&created_after=2024-01-01

Common Filters

Filter	Description	Example
`search`	Text search across relevant fields	`?search=john`
`status`	Filter by status	`?status=active`
`created_after`	Filter by creation date (after)	`?created_after=2024-01-01`
`created_before`	Filter by creation date (before)	`?created_before=2024-12-31`

Webhooks

GoodData can send webhooks for important events:

Supported Events

user.created - New user registration
user.updated - User profile updated
contact.submitted - Contact form submission
newsletter.subscribed - Newsletter subscription

Webhook Format

{
  "event": "user.created",
  "timestamp": "2024-01-01T12:00:00Z",
  "data": {
    "user": {
      "id": "user_123",
      "email": "user@example.com",
      "name": "John Doe"
    }
  }
}

SDKs & Libraries

JavaScript/TypeScript

Use the built-in API client:

import { api } from '@/lib/api';

// Authenticate
const { token, user } = await api.login({
  email: 'user@example.com',
  password: 'password123'
});

// Make authenticated requests
const profile = await api.getMe();

cURL Examples

# Login
curl -X POST http://localhost:8000/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"user@example.com","password":"password123"}'

# Get profile (with token)
curl -X GET http://localhost:8000/api/auth/me \
  -H "Authorization: Bearer <your-token>"

Error Handling

Validation Errors

Field validation errors return detailed information:

{
  "success": false,
  "error": "Validation failed",
  "code": "VALIDATION_ERROR",
  "details": {
    "email": ["Email is required", "Email must be valid"],
    "password": ["Password must be at least 8 characters"]
  }
}

Common Error Codes

Code	Description
`VALIDATION_ERROR`	Input validation failed
`UNAUTHORIZED`	Authentication required
`FORBIDDEN`	Insufficient permissions
`NOT_FOUND`	Resource not found
`CONFLICT`	Resource already exists
`RATE_LIMITED`	Too many requests
`SERVER_ERROR`	Internal server error

Testing

Testing Endpoints

Use the following test endpoints in development:

GET /api/health      # Check API health
GET /api/version     # Get API version
GET /api/test        # Test authentication

Postman Collection

Import our Postman collection for easy API testing:

{
  "info": {
    "name": "GoodData API",
    "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
  },
  "item": [
    // Collection items...
  ]
}

Best Practices

Client Implementation

Always handle errors: Check response status and handle error cases
Implement retry logic: For network errors and rate limits
Cache tokens: Store JWT tokens securely and reuse them
Use timeouts: Set reasonable request timeouts
Log requests: Log API calls for debugging (without sensitive data)

Security

Use HTTPS: Always use HTTPS in production
Validate SSL: Verify SSL certificates
Store tokens securely: Use secure storage for JWT tokens
Rotate tokens: Refresh tokens before expiration
Sanitize inputs: Validate and sanitize all user inputs

Support

Need help with the API?

Authentication Guide - Detailed authentication setup
Endpoint Reference - Complete endpoint documentation
Error Reference - Detailed error information
Contact Support - Get help from our team

The API is continuously evolving. Check the changelog for the latest updates and breaking changes.

API Overview

Base URL

Authentication

Getting a Token

Request Format

Headers

Request Body

Response Format

Success Response

Error Response

Status Codes

API Endpoints

Authentication

Users

Contact & Communication

Content

Rate Limiting

Pagination

Pagination Parameters

Pagination Response

Filtering & Searching

Common Filters

Webhooks

Supported Events

Webhook Format

SDKs & Libraries

JavaScript/TypeScript

cURL Examples

Error Handling

Validation Errors

Common Error Codes

Testing

Testing Endpoints

Postman Collection

Best Practices

Client Implementation

Security

Support

On this page