OrbitNest / Docs

SDKs

REST API

Direct HTTP access to every OrbitNest feature — for languages without an SDK, or anyone who prefers raw requests.

OrbitNest's REST API is the foundation under every SDK. Call it directly from any HTTP client, with Bearer auth and JSON bodies.

Base URL

Every project has two URL shapes:

  • Admin (JWT auth): /api/projects/:id/* — used by the Studio dashboard.
  • Client (API key auth): /api/project/:slug/* — used by your apps.

Authentication

Every request needs an Authorization: Bearer <key> header. Use the anon key from the client, the service_role key from trusted servers, or a user JWT issued by the auth module.

bash
curl "https://studio.orbitnest.io/api/project/my-app/database/tables/posts" \
  -H "Authorization: Bearer ${ANON_KEY}" \
  -H "Content-Type: application/json"

Database

bash
# List rows (with filters and ordering)
GET  /api/project/:slug/database/tables/:table?col=eq.value&order=created_at.desc

# Insert
POST /api/project/:slug/database/tables/:table
     Body: { "col": "value", ... }

# Update
PATCH /api/project/:slug/database/tables/:table?id=eq.:id
      Body: { "col": "new value" }

# Delete
DELETE /api/project/:slug/database/tables/:table?id=eq.:id

# Execute raw SQL (service_role only)
POST /api/project/:slug/database/sql
     Body: { "sql": "SELECT count(*) FROM posts" }

Authentication

bash
POST /api/projects/:id/auth/signup-with-email
POST /api/projects/:id/auth/verify-signup
POST /api/projects/:id/auth/signin-with-email
POST /api/projects/:id/auth/verify-signin
POST /api/projects/:id/auth/signup
POST /api/projects/:id/auth/signin
POST /api/projects/:id/auth/refresh
POST /api/projects/:id/auth/signout
GET  /api/projects/:id/auth/user

Edge functions

bash
POST /api/project/:slug/functions/:name
     Body: <any JSON>
     Response: whatever the function returns

Storage

bash
GET    /api/project/:slug/storage/buckets
POST   /api/project/:slug/storage/buckets

GET    /api/project/:slug/storage/buckets/:name/files
POST   /api/project/:slug/storage/buckets/:name/files
DELETE /api/project/:slug/storage/buckets/:name/files/:path

GET    /api/project/:slug/storage/buckets/:name/signed-url/:path?expires=3600

Full reference

Every endpoint is documented in the interactive Swagger UI at /api/docs. The OpenAPI spec is downloadable for import into Postman, Insomnia, or your API client of choice.

Error responses

json
{
  "statusCode": 400,
  "message": "Validation failed",
  "error": "BAD_REQUEST",
  "details": {
    "field": "email",
    "reason": "must be a valid email"
  }
}

Rate limits

  • Default: 60 requests / minute per IP
  • Auth endpoints: 10 requests / minute per IP (per project)
  • Headers returned: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

Enterprise accounts can request custom rate limits.