Skip to main content

API overview

The Nebula API is a JSON HTTP API. Authentication uses NextAuth

session cookies (browser) or API tokens (programmatic).

Authentication

Browser callers send the NextAuth session cookie. Programmatic

callers attach an Authorization header with a bearer token issued

under /settings/tokens.

Rate limits

Per-user: 100 req/min on read endpoints, 30 req/min on write.

Per-token: same limits, scoped to the token's owning org.

Exceeding the limit returns 429 Too Many Requests with a

Retry-After header.

Error format

Non-2xx responses always carry a JSON body:

{ "error": "string or array of zod issues" }

For Zod validation errors the body is the parsed issue array; for

all other errors a single-string message.

Cross links

  • /docs/api/atoms: atom and edge endpoints
  • /docs/api/chain: anchor and verify endpoints
  • /docs/api/marketplace: opportunities and tenders
  • /docs/api/webhooks: outbound webhook setup
  • /docs/api/errors: standardised error shape