REST API conventions
Every service is reachable over REST at https://base.finiteskills.com/v1. Requests and
responses are JSON.
Required headers
X-Appwrite-Project | Always required โ identifies the project. |
X-Appwrite-Key | Server-side full-access key. Bypasses per-document permissions. |
X-Appwrite-Session | A user session secret (alternative to the session cookie), for SSR/server-for-user calls. |
X-Appwrite-JWT | A short-lived user JWT from POST /account/jwt. |
Content-Type | application/json for JSON bodies; multipart/form-data for file uploads. |
IDs
Where an id is required you may pass a literal id, or the string unique() to have FiniteBase
generate one. Ids are 1โ36 chars of [A-Za-z0-9._-] and cannot start with a special character.
Responses & errors
Success returns the resource as JSON (lists return { total, documents|files|... }). Errors return
a consistent envelope with an HTTP status:
Error shape
{
"message": "Invalid credentials.",
"code": 401,
"type": "user_invalid_credentials",
"version": "1.0.0"
}
Branch on type (stable string), not the message. See Errors for the common types.
Permissions syntax
Collections, documents, buckets and files carry a permission list. Each entry is
action("role"):
Examples
read("any") // anyone, including logged-out
read("users") // any authenticated user
create("user:USER_ID") // one specific user
update("team:TEAM_ID") // any member of a team
delete("team:TEAM_ID/admin") // members with a role in a team
Actions are read, create, update, delete.