API Reference
The Nilux AI REST API provides programmatic access to authentication, billing, and usage statistics. This API powers the web dashboard and can be used to build custom integrations.
Base URL: https://api.nilline-developer.site
Authentication
All authenticated endpoints require an access token in the Authorization header:
Authorization: Bearer <access_token>
Tokens are obtained via the login or register endpoints and expire after a configured period. Use the refresh endpoint to obtain a new access token without re-authenticating.
If a request returns 401 Unauthorized, attempt a token refresh. If refresh fails, redirect to login.
Register
POST /api/auth/register
Creates a new user account and returns authentication tokens.
Request Body:
{
"email": "user@example.com",
"password": "securepassword123",
"name": "Optional Name"
}
Response (200):
{
"user": {
"id": "d7b1a2c3-...",
"email": "user@example.com",
"name": "Optional Name",
"tier": "free",
"email_verified": false,
"is_active": true,
"created_at": "2026-05-07T12:00:00Z",
"updated_at": "2026-05-07T12:00:00Z"
},
"tokens": {
"access_token": "eyJhbGciOi...",
"refresh_token": "eyJhbGciOi...",
"token_type": "bearer",
"expires_in": 3600
},
"api_key": {
"key": "sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"name": "Primary Key",
"keyPreview": "sk_live...xxxx",
"createdAt": "2026-05-07T12:00:00Z",
"isActive": true
}
}
Error (400):
{
"detail": "Email already registered"
}
Warning: The full API key is returned only in the registration response. Save it immediately — it cannot be retrieved again.
Login
POST /api/auth/login
Authenticates an existing user.
Request Body:
{
"email": "user@example.com",
"password": "securepassword123"
}
Response (200): Same structure as register.
Error (401):
{
"detail": "Invalid credentials"
}
Error (400):
{
"detail": "Inactive user"
}
Refresh Token
POST /api/auth/refresh
Obtains a new access token using a refresh token.
Request Body:
{
"refresh_token": "eyJhbGciOi..."
}
Response (200):
{
"access_token": "eyJhbGciOi...",
"refresh_token": "eyJhbGciOi...",
"token_type": "bearer",
"expires_in": 3600
}
Error (401):
{
"detail": "Invalid refresh token"
}
Get Current User
GET /api/auth/me
Returns the authenticated user's profile.
Response (200):
{
"id": "d7b1a2c3-...",
"email": "user@example.com",
"name": "Optional Name",
"tier": "free",
"email_verified": false,
"is_active": true,
"created_at": "2026-05-07T12:00:00Z",
"updated_at": "2026-05-07T12:00:00Z"
}
Get API Key
GET /api/auth/api-key
Returns the current API key preview (not the full key).
Response (200):
{
"name": "Primary Key",
"keyPreview": "sk_live...abcd",
"createdAt": "2026-05-07T12:00:00Z",
"lastUsed": "2026-05-08T09:30:00Z",
"isActive": true
}
Returns null if no API key exists.
Rotate API Key
POST /api/auth/api-key/rotate
Generates a new API key and invalidates the old one.
Response (200):
{
"key": "sk_live_NEW_FULL_KEY_HERE",
"name": "Primary Key",
"keyPreview": "sk_live...wxyz",
"createdAt": "2026-05-08T10:00:00Z",
"isActive": true
}
Warning: The full key is returned only here. The old key stops working immediately. Save the new key before dismissing the response.
Logout
POST /api/auth/logout
Response (200):
{
"message": "Logged out successfully"
}
Note: The server endpoint is a no-op. Real logout is performed client-side by clearing stored tokens.
Health Check
Health
GET /api/health
Returns system health information. This endpoint does not require authentication.
Response (200):
{
"status": "OK",
"timestamp": "2026-05-08T12:47:54.569163",
"uptime": 86400,
"version": "1.0.0",
"brand": {
"name": "Nilux AI Assistant",
"shortName": "Nilux",
"description": "AI-powered code assistant"
}
}
Note: The full response may include additional system status fields.