API overview & authentication

CodeForge AI ships a REST API under /api. An interactive OpenAPI/Swagger explorer is available at /docs (admin access).

Authentication

Protected endpoints use your session cookie, set after you sign in via NextAuth. Call the API from the same origin (the browser sends the cookie automatically), for example from your own dashboard scripts or the in-app client.

// Same-origin fetch — the session cookie is sent automatically
const res = await fetch("/api/billing/usage");
const data = await res.json();
console.log(data.usage); // { used, allowance, remaining, ... }

Public endpoints (problem listing, search, discussions read) don't require a session. Mutating requests must be same-origin (a CORS guard blocks cross-site writes) and bodies are capped at 1 MB.