Skip to main content

General API Information

This section covers general usage patterns, authentication, error handling, and best practices for working with the MongoNext API.

1. Authentication

  • Most endpoints require authentication via NextAuth.js (session or JWT).
  • Admin-only endpoints require the user to have an admin role.
  • Pass authentication tokens via cookies (handled automatically by NextAuth.js) or in the Authorization header for API requests.

2. Request/Response Format

  • All endpoints accept and return JSON.
  • Use appropriate HTTP methods (GET, POST, PUT, DELETE).
  • Always set Content-Type: application/json for requests with a body.

3. Error Handling

  • Errors are returned with appropriate HTTP status codes (400, 401, 403, 404, 500).
  • Error responses include a message field for debugging.

Example:

{
"error": "Unauthorized",
"message": "You must be signed in to access this resource."
}

4. Rate Limiting

  • Sensitive endpoints (auth, user management) should implement rate limiting to prevent abuse.
  • Use libraries like express-rate-limit or similar in custom API routes.

5. Security Tips

  • Always validate and sanitize input on both client and server.
  • Never expose sensitive data (passwords, tokens) in API responses.
  • Use HTTPS in production to encrypt all traffic.

6. Versioning

  • For breaking changes, consider versioning your API endpoints (e.g., /api/v1/products).

For details on specific endpoints, see the other API documentation sections.