The API for frii.site

CAUTION

Please only use paths under /api/.

TIP

You can copy and paste the contents of this document and give it to an AI for a smoother experience. Click here to open this section as raw text

Other paths are meant for authenticated users.

Authenticated or not?

Since frii.site's backend is using a custom piece of middleware to get sessions from requests, the docs will not show you the required headers.

So how do I know which paths require authentication?: Check the response codes. If the path requires authentication, it will return a 460 if the API token hasn't been passed, or is invalid

For API requests, you can specify the API token with the X-API-Token header. The value should be the token, (e.g $APIV2=...)

How to get the API key

Go to https://www.frii.site/api/dashboard

API key permissions explained

Affected domains

These are the domains that the API key affects

View domains

Lets the API key view domains that the API key has permission to use (aka affected domains)

The "register" permission

Affected domains don't matter for this one. If you enable this permission, the API key can register any domain that's available and valid.

Links to the website

Swagger docs: https://api.frii.site/docs

OpenAPI: http://api.frii.site/openapi.json

Stuff for AIs:

Generic rules

• Prefer using correct endpoint from Available Tasks
• Never try to use endpoints that don't start with "/api"
• The following blacklisted routes may not be used: /api/create-key, /api/get-keys, /api/get-key, /api/delete-key,
• If schema is missing, consult the OpenAPI specification

Base URL: https://api.frii.site Beta URL (may have newer features): https://beta.frii.site

Request schemas

Domain change body (for api.frii.site):

{
    "domain": "string",
    "value": "string",
    "type": RecordType
}

Domain change body v2 (for beta.frii.site):

{
    "domain": "string",
    "values": ["string"],
    "type": RecordType
}

Authentication headers:

{"X-API-Token": "string (must include $APIVx=)"}

RecordType: "A" | "AAAA" | "CNAME" | "TXT" | "NS"

Reusable status codes: 460: Invalid API key 461: Invalid API key permissions or API key can't do operations to specific domain. 462: Invalid API key permissions 200: Success (response content may not be important.)

If request returns an error, the error will be specified in the key "detail". Example:

{
    "detail": "API key cannot interact with domain"
}

Available tasks:

For response bodies, status codes, and other, please consult the OpenAPI spec

Register a domain: POST /api/domain: (body: Generic domain body / Generic v2 domain body) Authentication headers. If domain exists, will give error. Modify a domain: PATCH /api/domain: (body: Generic domain body / Generic v2 domain body) Authentication headers Deleting a domain: DELETE /api/domain: (query: domain=string&type=RecordType) Authentication headers Check if domain is available: GET /api/domain/available?name=... Returns: (200: available, 409: not available) Fetch user's domains: GET /api/domain Authentication headers Fetch user's profile: GET /api/user Authentication headers Check which permissions the API key has: GET /api/intents Authentication headers

Rules:

• When the documentation refers to "subdomain", it means a "third level" subdomain. For example, "a.frii.site" is NOT a subdomain, but "a.b.frii.site" is.
• To register a subdomain, you must own the primary part of the subdomain. For example, to register "a.b.frii.site", you must own "b.frii.site" first.
• The user may own other TLDs, such a ".pill.ovh", or ".arr.ovh". These are paid and are not available by default.
• Individual user's domain limit may differ between users. The default has been 50 subdomains, and 4 "real" domains.