The Collab.Code API lets you create rooms, manage auth, stream AI reviews, and execute code programmatically. All endpoints are REST-based over HTTPS. Real-time collaboration uses Socket.IO (see WebSocket Events below).
JWT Bearer tokens
All authenticated endpoints require Authorization: Bearer {token} header.
JSON everywhere
Request and response bodies are always application/json.
SSE streaming
AI endpoints return Server-Sent Events — stream responses token-by-token.
/api/authRegister a new account
Request body
{
"action": "register",
"email": "you@company.com",
"password": "••••••",
"username": "sarah_dev"
}Response
{
"token": "eyJhbGci...",
"user": {
"userId": "uuid",
"username": "sarah_dev",
"email": "you@company.com",
"avatarColor": "#4f8ef7",
"plan": "pro"
}
}cURL example
curl -X POST https://collabcode.dev/api/auth \
-H "Content-Type: application/json" \
-d '{"action":"register","email":"you@co.com","password":"secret","username":"sarah"}'/api/authSign in to existing account
Request body
{
"action": "login",
"email": "you@company.com",
"password": "••••••"
}Response
{
"token": "eyJhbGci...",
"user": { ... }
}cURL example
curl -X POST https://collabcode.dev/api/auth \
-H "Content-Type: application/json" \
-d '{"action":"login","email":"you@co.com","password":"secret"}'/api/roomsList all public rooms
Response
{
"rooms": [
{
"id": "abc123",
"name": "Interview Prep",
"language": "python",
"ownerName": "sarah_dev",
"participantCount": 2,
"isPublic": true,
"createdAt": "2026-05-14T10:00:00Z"
}
]
}cURL example
curl https://collabcode.dev/api/rooms
/api/roomsCreate a new room
Request body
{
"name": "Interview Prep",
"language": "python",
"isPublic": false
}Response
{
"room": {
"id": "abc123",
"name": "Interview Prep",
"language": "python",
"ownerId": "uuid",
"ownerName": "sarah_dev",
"participantCount": 0,
"isPublic": false,
"createdAt": "2026-05-14T10:00:00Z"
}
}cURL example
curl -X POST https://collabcode.dev/api/rooms \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"name":"Interview Prep","language":"python","isPublic":false}'/api/ai-reviewStream an AI code review
Request body
{
"code": "function add(a, b) { return a + b; }",
"language": "javascript",
"reviewType": "full"
}
// reviewType: "full" | "security" | "performance" | "bestPractices" | "explain"Response
// Server-Sent Events stream
data: {"chunk": "The function looks..."}
data: {"chunk": " good overall, but..."}
data: [DONE]cURL example
curl -X POST https://collabcode.dev/api/ai-review \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"code":"...","language":"javascript","reviewType":"full"}'/api/ai-generateStream AI code generation
Request body
{
"prompt": "Binary search in TypeScript",
"language": "typescript",
"genType": "generate"
}
// genType: "generate" | "tests" | "docs" | "fix" | "refactor"Response
// Server-Sent Events stream
data: {"chunk": "function binarySearch..."}
data: [DONE]cURL example
curl -X POST https://collabcode.dev/api/ai-generate \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"prompt":"Binary search","language":"typescript","genType":"generate"}'Real-time features use Socket.IO 4.x. Connect with your JWT token in the handshake auth object.
import { io } from "socket.io-client";
const socket = io("https://collabcode.dev", {
auth: { token: "eyJhbGci..." }
});
// Join a room
socket.emit("room:join", { roomId: "abc123", token });
// Listen for Y.js CRDT updates
socket.on("yjs:update", ({ update }) => {
Y.applyUpdate(doc, new Uint8Array(update));
});
// Send a Y.js update
socket.emit("yjs:update", {
roomId: "abc123",
update: Array.from(Y.encodeStateAsUpdate(doc))
});
// Live cursors
socket.emit("awareness:update", {
roomId, cursor: { lineNumber: 5, column: 12 }, selection: null
});
// Chat
socket.emit("chat:send", { roomId, content: "Hello!" });
socket.on("chat:message", (msg) => console.log(msg));
// Execute code
socket.emit("execution:run", { roomId, code, language: "python" });
socket.on("execution:result", ({ stdout, stderr, exitCode }) => { });room:joinemit{ roomId, token }room:joinedon{ room, participants }yjs:syncon{ state: number[] }yjs:updateemit/on{ roomId, update: number[] }awareness:updateemit/on{ roomId, cursor, selection }chat:sendemit{ roomId, content }chat:messageon{ id, userId, username, content, timestamp }execution:runemit{ roomId, code, language }execution:resulton{ stdout, stderr, exitCode, executionTime }language:changeemit{ roomId, language }participant:joinedonParticipant objectparticipant:lefton{ userId, socketId }/api/auth (login)20 requestsper minute per IP/api/auth (register)5 requestsper minute per IP/api/rooms (GET)120 requestsper minute/api/rooms (POST)30 requestsper minute/api/ai-review60 requestsper hour per user/api/ai-generate60 requestsper hour per userSocket.IO eventsUnlimitedFair-useResponses include X-RateLimit-Remaining and X-RateLimit-Reset headers. Enterprise plans have higher limits — contact sales.