API Reference
Base URL: https://api.0dai.dev
Authentication
Pass token via header: Authorization: Bearer YOUR_TOKEN
Public npm flows are activation-first: authenticate, claim a free activation license, bind the project, then call /v1/init or /v1/sync.
Endpoints
POST /v1/init
Generate ai/ layer from project metadata after auth + activation + project bind.
{
"project_files": ["package.json", "src/", "next.config.js"],
"manifest_contents": {"package.json": "{...}", "tsconfig.json": "{...}"},
"project_name": "sample-app",
"project_id": "prj_1234abcd5678ef90",
"remote_origin": "https://github.com/acme/sample-app",
"available_clis": ["claude", "codex"]
}
// → { stack, files: {path: content}, file_count, activation, project_id }POST /v1/detect
Detect stack from file listing.
{ "files": ["package.json", "go.mod"] }
// → { stack: "fullstack-monorepo", available_clis: [...] }POST /v1/sync
Get delta updates for an activated, bound project. Public npm clients may send only allowlisted manifests/build configs, not source code.
POST /v1/auth/device
Start device code flow. Returns user_code for browser entry.
POST /v1/auth/verify
Browser confirms code + email.
POST /v1/auth/token
CLI polls until device verified, then receives access_token.
GET /v1/auth/status
Returns email, plan, usage, limits, project bindings, and license activation state.
GET /v1/auth/validate-token
Lightweight bearer-token validation endpoint for authenticated web/server helpers.
POST /v1/licenses/activate
Claim a free activation license for the current authenticated account.
GET /v1/licenses/status
Return activation id, status, plan, and last-seen metadata for the current account.
POST /v1/projects/bind
Bind a project to the authenticated and activated account before init or sync.
POST /v1/projects/heartbeat
Send a lightweight post-init/post-sync signal with aggregate project activity metadata.
SSH Access
SSH access v1 stores only public keys. Host registry and grants require a paid plan, while key registry works for any authenticated user.
POST /v1/ssh/overview
Return the authenticated user's SSH keys, owned hosts, accessible hosts, grants, and recent audit events.
POST /v1/ssh/keys/list
List the authenticated user's registered SSH public keys.
POST /v1/ssh/keys/add
Register a new SSH public key for the authenticated user.
{
"name": "laptop",
"public_key": "ssh-ed25519 AAAAC3Nza... alice@laptop"
}POST /v1/ssh/keys/revoke
Revoke a previously registered SSH public key.
POST /v1/ssh/hosts/list
List owned hosts and accessible hosts for paid plans.
POST /v1/ssh/hosts/register
Register a new host and receive a one-time sync token for host-side pull sync.
POST /v1/ssh/hosts/rotate-token
Rotate a host sync token and return the new one-time secret.
POST /v1/ssh/grants/add
Grant a collaborator email access to a specific host and Unix user.
POST /v1/ssh/grants/revoke
Revoke a previously created SSH access grant.
POST /v1/ssh/sync
Host-side pull endpoint. Returns desired managed authorized_keys state for the specified host when called with a valid sync token.
Headers:
X-SSH-Sync-Token: ODAI_SSH_SYNC_TOKEN
Body:
{
"host_id": "sshh_1234abcd"
}Rate limits
| Tier | init | sync | detect |
|---|---|---|---|
| Anonymous | auth required | auth required | 3/day |
| Free | 10/day | 50/day | 50/day |
| Pro | unlimited | unlimited | unlimited |