Skip to content

OpenASA Docs

API Basics

API Basics¶

Common rules shared by OpenASA runtime APIs are collected here.

Base URL¶

Production base URL: https://api.openasa.com/

All documented paths are relative to that base URL.

Authentication¶

Browser flows use session cookie authentication.
Session-required groups include:
/me/*
write comment endpoints (POST .../comments)
protected auth endpoints under /auth/*
/cli/device/approve

Common Status Codes¶

200: success
400: request payload/params invalid
401: missing or expired session
404: resource not found
500: internal failure
502: upstream geo lookup failure (/geo/ip-locate)

Error Shape¶

Error responses commonly include:

error: machine-readable reason
message: user-readable detail

Always rely on endpoint-level OpenAPI schema as final contract.

Rate Limits¶

Rate limit is applied to:

email login request/verify endpoints
CLI challenge/device endpoints
comment creation endpoints

Integrators should use exponential backoff for retries.