Hello! This is the backend API for
echolotl.lol. You can use
these endpoints however you like, but please don't abuse them.
There are rate limits.
This is a mega WIP as I learn Elysia and backend stuff. You can view
the source code
here.
Gets echolotl's current playing song on Spotify.
15 requests over 1 minute
Returns the currently playing song on Spotify, if any.
Gets echolotl's latest status.
15 requests over 2 minutes
Returns the latest status object.
Gets recent statuses, newest first.
limit (optional number): Number of statuses to
return. Defaults to 10.
15 requests over 2 minutes
Returns a list of statuses and the count returned.
POST /status
lock
Creates a new status entry.
Requires an
Authorization: Bearer <PASSKEY> header, where
PASSKEY matches the server's configured
PASSKEY environment variable.
{
"text": "string (1-100 chars)",
"emoji": "emoji (optional, nullable)"
}
15 requests over 2 minutes
Authorization bearer
token.Lets you login with Discord for echolotl.lol. This is what will power any authenticated requests.
Redirects the browser to Discord's OAuth consent screen. Sets
a short-lived oauth_state cookie for validation.
20 requests over 1 minute, shared across all Discord auth routes
GET
/auth/discord/authenticate
This is the redirect_uri configured on the
Discord application and it's not meant to be called
directly. Discord redirects here with a code and
state after the user approves the login.
This does more additional checks to ensure the Discord account is at least a month old (to mitigate spam),
and then saves the Discord user info to the database and sets a session cookie for future authenticated requests.
code (string): Authorization code provided by
Discord.
state (string): Must match the
oauth_state cookie set in /auth/discord/.
20 requests over 1 minute, shared across all Discord auth routes
session cookie set.
Destroys the session tied to the session cookie
(if any) and clears the cookie.
20 requests over 1 minute, shared across all Discord auth routes
Returns a confirmation text string.
Reads the session cookie and returns the
associated user as a full user object. This always returns the full user object, even if the user has enabled anonymous mode.
20 requests over 1 minute, shared across all Discord auth routes
Anonymous mode disabled:
Anonymous mode enabled:
PATCH
/auth/discord/me
lock
Requires an active session cookie. Can be used to set the anonymous mode for the current user,
and returns a full user object with the updates. This is a non-anonymous object for the same reason as the GET /auth/discord/me endpoint.
20 requests over 1 minute, shared across all Discord auth routes
Returns the updated user.
DELETE
/auth/discord/me
lock
Requires an active session cookie. This will delete the current user and all their data from the database, including their status history.
20 requests over 1 minute, shared across all Discord auth routes
Returns a confirmation text string.
GET
/auth/discord/user/:userId
Returns a user object for the given userId.
If the user has enabled anonymous mode, this will return a redacted user object with a generic username and display name, and no avatar hash.
userId (string): The user's standalone
userId, as returned by
/auth/discord/me or itself.
20 requests over 1 minute, shared across all Discord auth routes
Anonymous mode disabled:
Anonymous mode enabled:
userId.