BadAPI Docs

Base URL: https://badapi.fly.dev

This API supports CSV uploads, AI summaries, and per-device API keys. Use session tokens for key management and JWT for request logs. All other endpoints require an API key.

Authorization: Bearer <api_key>
Authorization: Bearer <session_token>
Authorization: Bearer <jwt>
Get TokensManage Keys

Auth + Sessions

Login returns a session token + JWT.

Register

POST /user/register
{
  "username": "nova",
  "password": "supersecure"
}

Login

POST /user/login
{
  "username": "nova",
  "password": "supersecure"
}

Response:
{
  "session_token": "...",
  "jwt": "..."
}

API Keys

Requires session token. Use Authorization: Bearer <session_token>.

POST /auth/apikeys
Authorization: Bearer <session_token>
{
  "name": "laptop"
}
GET /auth/apikeys
Authorization: Bearer <session_token>
DELETE /auth/apikeys/{key_id}
Authorization: Bearer <session_token>

Uploads

All upload endpoints require API key auth.

Requirements: file must be .csv, max size 200 MB, max rows 200k, max columns 200.

POST /data/upload
Authorization: Bearer <api_key>
Content-Type: multipart/form-data
file: <your.csv>
GET /data/uploads
Authorization: Bearer <api_key>
GET /data/upload/{file_id}
Authorization: Bearer <api_key>
DELETE /data/upload/{file_id}
Authorization: Bearer <api_key>

Downloads

POST /data/upload/{file_id}/link
Authorization: Bearer <api_key>
GET /data/download/{token}

The download token endpoint has the general rate limits applied by user_id.

AI Summaries

POST /analysis/ai-summary
Authorization: Bearer <api_key>
{
  "file_id": "..."
}
GET /analysis/summaries
Authorization: Bearer <api_key>
GET /analysis/summary/{summary_id}
Authorization: Bearer <api_key>

Request Logs (JWT)

GET /admin/me/logs?limit=50
Authorization: Bearer <jwt>

Logs include timestamp, api_key_id, method, path, status_code, latency_ms, upload_id, ip, user_agent.

Rate Limits + Caps

Rate-limited responses include X-RateLimit-* headers and return 429.

BucketLimitNotes
General API60/minBurst + general API usage.
General API10/secOptional burst cap.
General API5,000/dayDaily quota.
AI Summaries1/minOption A minute cap.
AI Summaries5/dayOption A daily cap.
Uploads20/dayCSV uploads per day.
Download Links120/hourToken links per hour.

File caps: max size 200 MB, max rows 200k, max columns 200.

Errors

Errors follow FastAPI conventions.

HTTP/1.1 429 Too Many Requests
{
  "detail": "Rate limit exceeded"
}
HTTP/1.1 401 Unauthorized
{
  "detail": "Invalid API key"
}

Examples

Python

import requests

API = "https://badapi.fly.dev"
API_KEY = "your_api_key"

resp = requests.get(
  f"{API}/data/uploads",
  headers={"Authorization": f"Bearer {API_KEY}"}
)
print(resp.json())

Java (HttpClient)

import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;

String api = "https://badapi.fly.dev";
String apiKey = "your_api_key";

HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
  .uri(URI.create(api + "/data/uploads"))
  .header("Authorization", "Bearer " + apiKey)
  .GET()
  .build();

HttpResponse<String> response = client.send(
  request, HttpResponse.BodyHandlers.ofString()
);
System.out.println(response.body());

Endpoint Index

GroupMethodPathAuthDescription
AuthPOST/user/registerNoneRegister a new user.
AuthPOST/user/loginNoneLogin and receive session token + JWT.
AuthPOST/apikey/createNoneLegacy key creation (single key on user record).
AuthGET/protectedAPI KeySample protected endpoint.
API KeysPOST/auth/apikeysSession TokenCreate a new API key (raw key returned once).
API KeysGET/auth/apikeysSession TokenList keys (no raw key, last4 only).
API KeysDELETE/auth/apikeys/{key_id}Session TokenRevoke a key.
UploadsPOST/data/uploadAPI KeyUpload CSV to R2 with metadata.
UploadsGET/data/uploadsAPI KeyList uploads.
UploadsGET/data/upload/{file_id}API KeyGet a single upload.
DownloadsPOST/data/upload/{file_id}/linkAPI KeyCreate a one-time download token.
DownloadsGET/data/download/{token}TokenExchange token for a presigned URL.
UploadsDELETE/data/upload/{file_id}API KeyDelete upload + metadata.
AI SummariesPOST/analysis/ai-summaryAPI KeyGenerate or fetch AI summary for an upload.
AI SummariesGET/analysis/summariesAPI KeyList AI summaries.
AI SummariesGET/analysis/summary/{summary_id}API KeyGet a specific summary.
LogsGET/admin/me/logs?limit=50JWTFetch request logs (newest first).