• Supports both session-based and token-based authentication
  • Token-based authentication uses JWT:
    • Access token with 15-minute lifetime
    • Refresh token with 30-day lifetime
    • Can obtain new token pair without full login by refreshing before refresh token expiry
  • Most endpoints return 403 forbidden status for auth errors (except for token acquire/refresh endpoints which return 401 status)


Please see each API for details on request parameters, headers, and body.


Most endpoints return a response with the following JSON schema:

  "data": Object,
  "error": Boolean,
  "errcode": Integer,
  "errmsg": String or null,
  "status": Integer

The data field is generally where the endpoint's results can be accessed.

Error Handling

  • All error responses have the error set to true.
  • Some endpoints may include further error information in the errmsg, errcode, or details fields.
  • Some error responses may set the status asnull, so check HTTP status code in the response header.


Some endpoints return a paginated response. In such cases, the following fields will be modified/included in the "data" field of the response body:

  • An array of up to 100 objects. The field name depends on the endpoint being invoked (e.g., "collections", "highlights", etc.), so refer to the specific endpoint documentation for details.
  • "count": integer that shows the total number of objects to be returned
  • "next": string that represents URL of the next results page (can be null)
  • "previous": string that represents URL of the previous results page (can be null)