ɳSelfɳSELFDOCS

  • Getting Started

    • Introduction
    • Quick Start
    • Installation
    • Your First Project

  • Core Concepts

    • Architecture Overview
    • Project Structure
    • Configuration
    • Environments

  • Services

    • PostgreSQL Database
    • Hasura GraphQL
    • Authentication
    • Real-Time Communication
    • Storage (MinIO)
    • Email Configuration
    • Redis Cache
    • Search Engines
    • Functions
    • MLflow (ML Tracking)
    • Monitoring & Metrics
    • Admin UI
    • Dashboard

  • Database Tools

    • Schema Management
    • Migrations
    • Seeding Data
    • Backup & Restore
    • dbdiagram.io Sync

  • Microservices

    • NestJS Services
    • BullMQ Workers
    • Go Services
    • Python Services

  • CLI Reference

    • All Commands
    • Core Commands
    • Database Commands
    • Service Management
    • Production Commands

  • Deployment

    • Local Development
    • Production Setup
    • SSL/TLS Configuration
    • Domain Configuration
    • Environment Variables

  • Advanced Topics

    • Multi-Tenancy & SaaS
    • Security & Hardening
    • Custom Actions
    • Webhooks
    • Performance Tuning
    • Troubleshooting

  • ɳClaw

    • Backend Manager
    • API Gateway
    • Voice Input
    • Threads & Projects

  • Migration Guides

    • From Supabase
    • From Nhost
    • From Firebase

  • Plugins

    • Plugin catalog (87)
    • Installation
    • Free plugins (25)
    • Pro plugins (62)

  • Reference

    • Stack & Hosting
    • API Reference
    • Guides
    • RFCs
    • Legal
    • Contributing

  • Resources

    • Changelog
    • Licensing
    • FAQ
    • Support

API reference

Every public HTTP surface of the nSelf stack. All service endpoints go through the nginx reverse proxy with TLS termination.

Hasura GraphQL

Base: https://api.local.nself.org/v1/graphql

Primary application API. All app reads and writes go through Hasura. Auth via JWT claims.

MethodPathSummary
POST/v1/graphqlGraphQL query, mutation, and subscription endpoint.
GET/v1/versionHasura server version.
GET/healthzHasura health check.

Auth (nHost-compatible)

Base: https://auth.local.nself.org

Email/password, magic link, OAuth, and WebAuthn. JWTs include Hasura claims.

MethodPathSummary
POST/v1/signup/email-passwordRegister a new user.
POST/v1/signin/email-passwordSign in with email and password.
POST/v1/signin/patExchange a personal access token for a session.
POST/v1/signoutSign out and revoke the current refresh token.
POST/v1/tokenRefresh access token.
POST/v1/user/password/resetRequest a password reset email.
POST/v1/user/email/changeRequest an email-change confirmation.
POST/v1/mfa/totp/generateEnroll a TOTP second factor.
POST/v1/mfa/totp/verifyVerify a TOTP code.

Storage

Base: https://storage.local.nself.org

S3-compatible object storage (MinIO). Presigned URL support for direct upload and download.

MethodPathSummary
POST/v1/filesUpload a file (multipart).
GET/v1/files/:idDownload a file or redirect to a presigned URL.
DELETE/v1/files/:idDelete a file.
GET/v1/files/:id/presignedGet a time-limited presigned download URL.

ping_api (telemetry + licensing)

Base: https://ping.nself.org

Public license validation and CLI telemetry. Only hosted at nself.org, not self-hosted.

MethodPathSummary
GET/versionLatest CLI version and release notes.
POST/telemetryAnonymous CLI usage event.
POST/license/validateValidate a license key and return its tier.
POST/license/activateActivate a license key for a domain.
GET/plugins/:name/downloadAuthenticated pro plugin tarball download.

Admin API (local GUI)

Base: http://localhost:3021

Local admin dashboard. Only runs on the developer machine. Never exposed publicly.

MethodPathSummary
GET/api/statusStack-wide status.
GET/api/servicesAll services with health and ports.
POST/api/services/:name/restartRestart a specific service.
GET/api/logs/:serviceStream service logs.

Authentication

All authenticated requests use a bearer JWT in theAuthorization: Bearer <token> header. Tokens come from the Auth service and encode Hasura role claims.

Rate limits

Default nginx rate limits: 60 req/min per IP on GraphQL, 30 req/min on Auth, 10 req/min on signup. Override innginx/conf.d/.