REST API conventions

Every service is reachable over REST at https://base.finiteskills.com/v1. Requests and responses are JSON.

Required headers

X-Appwrite-ProjectAlways required โ€” identifies the project.
X-Appwrite-KeyServer-side full-access key. Bypasses per-document permissions.
X-Appwrite-SessionA user session secret (alternative to the session cookie), for SSR/server-for-user calls.
X-Appwrite-JWTA short-lived user JWT from POST /account/jwt.
Content-Typeapplication/json for JSON bodies; multipart/form-data for file uploads.

IDs

Where an id is required you may pass a literal id, or the string unique() to have FiniteBase generate one. Ids are 1โ€“36 chars of [A-Za-z0-9._-] and cannot start with a special character.

Responses & errors

Success returns the resource as JSON (lists return { total, documents|files|... }). Errors return a consistent envelope with an HTTP status:

Error shape
{
  "message": "Invalid credentials.",
  "code": 401,
  "type": "user_invalid_credentials",
  "version": "1.0.0"
}

Branch on type (stable string), not the message. See Errors for the common types.

Permissions syntax

Collections, documents, buckets and files carry a permission list. Each entry is action("role"):

Examples
read("any")            // anyone, including logged-out
read("users")          // any authenticated user
create("user:USER_ID") // one specific user
update("team:TEAM_ID") // any member of a team
delete("team:TEAM_ID/admin") // members with a role in a team

Actions are read, create, update, delete.