API Reference
Complete API reference for the Buddo platform, auto-generated from the OpenAPI 3.1 specification. 65 endpoints across 8 domains.
| Domain | Endpoints | Description |
|---|
| Authentication |
19 |
User registration, login, password reset, TOTP two-factor authentication, email verification, and session management. |
| Deploy |
9 |
Container deployment lifecycle — create, manage, restart, stop, and destroy hosted applications on the Buddo platform. |
| Social |
15 |
Friends, presence tracking, chat channels, user search, and blocking. |
| Operator |
3 |
Operator app management and analytics. |
| User API |
11 |
Points, sessions, ads, connected apps, and user profile endpoints available to operator apps via OAuth. |
| Public |
1 |
Unauthenticated public endpoints — operator directory. |
| Education |
5 |
Bitcoin learning modules, progress tracking, and step completion. |
| Infrastructure |
2 |
Health check and OAuth resource discovery. |
| OAuth |
8 |
OAuth 2.0 endpoints (subset of Authentication domain covering /api/oauth/* paths). |
Authentication Overview
The Buddo API uses two authentication mechanisms:
- JWT Bearer Tokens — obtained via
POST /api/auth/login. Used for first-party user operations (auth, social, education).
- OAuth 2.0 Access Tokens — obtained via the Authorization Code + PKCE flow. Used for operator/third-party app operations (deploy, points, sessions, ads).
OAuth Scopes
| Scope | Description |
|---|
app:balance:read | Read the operator app's point balance |
deploy:manage | Deploy and manage hosted applications |
points:award | Deprecated — award is admin-only. Retained for existing token compatibility. |
points:read | Read user point balance |
points:spend | Spend user points (credits operator account) |
points:transfer | Transfer points between users |
profile:read | Read user profile and session information |
Base URLs
| Environment | URL |
|---|
| Production | https://api.buddo.xyz |
| Development | http://localhost:4000 |