POST/bootstrapCreate the first owner and family
OpenAPI 3.1 · API 1.0.0
The Node/SQLite Compose profile and Cloudflare D1/R2 profile expose the same organization-scoped API and synchronization behavior.
Browser clients use secure opaque sessions and rotating CSRF tokens. Long-lived bearer tokens are not stored in the browser.
POST/bootstrapCreate the first owner and family
POST/auth/sign-inStart a secure browser session
POST/invitationsCreate an expiring family invitation
POST/invitations/acceptAccept a family invitation
POST/sync/pushApply an ordered idempotent mutation batch
GET/sync/pullRead organization changes after an opaque cursor
GET/resources/{type}List active records of one resource type
GET/media/{id}/contentDownload authorized original image
PUT/media/{id}/contentUpload and integrity-check original image
DELETE/media/{id}/contentDelete private image content
GET/export/fullDownload structured data, CSV files, and original media