Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.shipfastai.dev/llms.txt

Use this file to discover all available pages before exploring further.

The Shipfastai REST API gives you programmatic access to authentication, user management, billing, AI chat, retrieval-augmented generation (RAG), product checkout and download, API key management, and admin features. Every feature exposed in the product is backed by an HTTP endpoint, so you can integrate it into your own frontend or automate workflows from any HTTP client.

Endpoint groups

GroupPrefixDescription
Auth/api/auth/Registration, login, token refresh, email verification, password reset, OAuth
Users/api/users/Profile management, password and email changes, data export, account deletion
Billing/api/billing/Stripe subscription checkout, customer portal, subscription status, plan listing, webhooks
Checkout & Download/api/checkout, /api/downloadOne-time product purchases and encrypted ZIP downloads
AI Chat/api/ai/Multi-turn chat and single-prompt completions via OpenAI, Anthropic, or Gemini
RAG/api/rag/Document ingestion, semantic search, and retrieval-augmented generation queries
API Keys/api/api-keys/Create, list, revoke, and update API keys for programmatic access
Contact/api/contactContact form submission with email notifications
Admin/api/admin/Platform statistics and user management (superuser only)

Base URL

EnvironmentBase URL
Developmenthttp://localhost:8000
Productionhttps://<your-deployed-backend-url>
All endpoints are prefixed with /api/. For example, the login endpoint is available at http://localhost:8000/api/auth/login.

Interactive docs

When running in development mode, the API server exposes two auto-generated documentation UIs:
  • Swagger UIhttp://localhost:8000/docs
  • ReDochttp://localhost:8000/redoc
Both UIs are generated directly from the live OpenAPI schema and let you make real requests against your local server.
The interactive docs are disabled in production by default (DEBUG=false). To enable them in a deployed environment, set DEBUG=true — but avoid doing this on public-facing production instances.

Authentication

All protected endpoints require a Bearer token in the Authorization header. You obtain a token by calling POST /api/auth/login. 
Authorization: Bearer <access_token>
See the Authentication guide for full details on obtaining and refreshing tokens.

Response format

Every response body is JSON. Successful responses return the resource or a confirmation message directly as the top-level object — there is no shared envelope wrapper. 
{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "email": "user@example.com",
  "full_name": "Jane Smith",
  "is_verified": true,
  "created_at": "2024-01-15T10:30:00Z"
}

Rate limiting

The API applies rate limiting to protect backend resources. The default limits are:
ScopeLimit
General endpoints100 requests per 60 seconds
AI endpoints (/api/ai/*, /api/rag/*)Stricter limits configured separately via ai_rate_limit
When you exceed the limit, the API returns 429 Too Many Requests. You can configure the thresholds in your backend settings.

Error responses

The API uses standard HTTP status codes. All error bodies follow the same shape: 
{
  "detail": "error message"
}
Common status codes you will encounter:
StatusMeaning
400Bad request — invalid input or missing required field
401Unauthorized — missing or invalid token
403Forbidden — account inactive or insufficient permissions
404Not found — resource does not exist
422Unprocessable entity — request body failed validation
429Too many requests — rate limit exceeded
500Internal server error — unexpected backend error

Example error response

{
  "detail": "Incorrect email or password"
}
For validation errors (422), FastAPI returns a more detailed structure that includes the specific field and error type: 
{
  "detail": [
    {
      "loc": ["body", "email"],
      "msg": "value is not a valid email address",
      "type": "value_error.email"
    }
  ]
}