API Reference
Complete API reference for Chameleon
API Reference
Chameleon provides RESTful APIs for all major features.
Base URL
# Development
http://localhost:3000/api
# Production
https://your-domain.com/api
Authentication
Most APIs require authentication. There are two ways to authenticate:
1. Session-Based (Browser)
For logged-in users in the browser, authentication is automatic via NextAuth session cookies.
// Frontend code - automatically authenticated
const response = await fetch("/api/get-user-info", {
method: "POST",
});
2. API Key
For programmatic access, use API keys:
const response = await fetch("/api/your-endpoint", {
method: "POST",
headers: {
"X-API-Key": "your-api-key-here",
},
});
Create API keys at /api-keys.
Response Format
All APIs return JSON in this format:
Success Response
{
"code": 0,
"message": "success",
"data": {
// Response data here
}
}
Error Response
{
"code": 1,
"message": "error description",
"data": null
}
API Categories
User APIs
User account, credits, and subscription management.
Endpoints:
/api/get-user-info- Get current user/api/get-user-credits- Get credit balance/api/get-user-subscription- Get active subscription/api/ping- Daily check-in
AI Generation APIs
Create and manage AI generations.
Endpoints:
/api/generator/generate- Create generation task/api/generator/query- Query task status/api/generator/history- Get generation history/api/demo/*- Demo endpoints
Payment APIs
Process payments and manage subscriptions.
Endpoints:
/api/checkout- Create checkout session/api/pay/notify/stripe- Webhook handler/api/pay/callback/stripe- Payment callback
Admin APIs
Administrative functions (admin only).
Endpoints:
/api/admin/ai-config- Manage AI provider keys
Rate Limiting
Currently, there is no built-in rate limiting. Consider adding rate limiting for production:
// Recommended: Use Vercel's built-in rate limiting
// Or implement custom rate limiting with Redis
Error Codes
| Code | Meaning |
|---|---|
0 | Success |
1 | General error |
401 | Unauthorized (not logged in) |
403 | Forbidden (insufficient permissions) |
404 | Not found |
500 | Server error |
Common Headers
Request Headers
Content-Type: application/json
X-API-Key: your-api-key (for API key auth)
Response Headers
Content-Type: application/json
CORS
APIs are accessible from:
- Same origin (your domain)
- For external access, configure CORS in
next.config.mjs
Webhooks
Stripe Webhook
POST /api/pay/notify/stripe
Headers:
stripe-signature: signature-string
Body: Stripe event object
See Payment APIs for details.
SDK and Examples
JavaScript/TypeScript
// Example: Get user credits
async function getUserCredits() {
const response = await fetch("/api/get-user-credits", {
method: "POST",
});
const data = await response.json();
if (data.code === 0) {
console.log("Credits:", data.data.left_credits);
}
}
cURL
# Example: Ping endpoint
curl -X POST https://your-domain.com/api/ping \
-H "Content-Type: application/json"
HTTP File
See debug/apitest.http for complete API test examples.
Testing APIs
Using API Test File
Open debug/apitest.http in VS Code with REST Client extension:
### Get user credits
POST {{baseUrl}}/api/get-user-credits
Content-Type: application/json
### Create AI generation
POST {{baseUrl}}/api/generator/generate
Content-Type: application/json
{
"ai_type": "video",
"provider": "seedance",
"model": "doubao-seedance-1-0-pro-250528",
"prompt": "A dancing robot"
}
Next Steps
- User APIs - User endpoints
- AI APIs - AI generation
- Payment APIs - Payments
- Admin APIs - Admin functions