API Reference

The Collab.Code API lets you create rooms, manage auth, stream AI reviews, and execute code programmatically. All endpoints are REST-based over HTTPS. Real-time collaboration uses Socket.IO (see WebSocket Events below).

Base URLhttps://collabcode.dev

JWT Bearer tokens

All authenticated endpoints require Authorization: Bearer {token} header.

JSON everywhere

Request and response bodies are always application/json.

SSE streaming

AI endpoints return Server-Sent Events — stream responses token-by-token.

Authentication

POST/api/auth

Register a new account

Request body

{
  "action": "register",
  "email": "you@company.com",
  "password": "••••••",
  "username": "sarah_dev"
}

Response

{
  "token": "eyJhbGci...",
  "user": {
    "userId": "uuid",
    "username": "sarah_dev",
    "email": "you@company.com",
    "avatarColor": "#4f8ef7",
    "plan": "pro"
  }
}

cURL example

curl -X POST https://collabcode.dev/api/auth \
  -H "Content-Type: application/json" \
  -d '{"action":"register","email":"you@co.com","password":"secret","username":"sarah"}'
POST/api/auth

Sign in to existing account

Request body

{
  "action": "login",
  "email": "you@company.com",
  "password": "••••••"
}

Response

{
  "token": "eyJhbGci...",
  "user": { ... }
}

cURL example

curl -X POST https://collabcode.dev/api/auth \
  -H "Content-Type: application/json" \
  -d '{"action":"login","email":"you@co.com","password":"secret"}'

Rooms

GET/api/rooms

List all public rooms

Response

{
  "rooms": [
    {
      "id": "abc123",
      "name": "Interview Prep",
      "language": "python",
      "ownerName": "sarah_dev",
      "participantCount": 2,
      "isPublic": true,
      "createdAt": "2026-05-14T10:00:00Z"
    }
  ]
}

cURL example

curl https://collabcode.dev/api/rooms
POST/api/rooms
Auth required

Create a new room

Request body

{
  "name": "Interview Prep",
  "language": "python",
  "isPublic": false
}

Response

{
  "room": {
    "id": "abc123",
    "name": "Interview Prep",
    "language": "python",
    "ownerId": "uuid",
    "ownerName": "sarah_dev",
    "participantCount": 0,
    "isPublic": false,
    "createdAt": "2026-05-14T10:00:00Z"
  }
}

cURL example

curl -X POST https://collabcode.dev/api/rooms \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"Interview Prep","language":"python","isPublic":false}'

AI Review & Generate

POST/api/ai-review
Auth required

Stream an AI code review

Request body

{
  "code": "function add(a, b) { return a + b; }",
  "language": "javascript",
  "reviewType": "full"
}

// reviewType: "full" | "security" | "performance" | "bestPractices" | "explain"

Response

// Server-Sent Events stream
data: {"chunk": "The function looks..."}
data: {"chunk": " good overall, but..."}
data: [DONE]

cURL example

curl -X POST https://collabcode.dev/api/ai-review \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"code":"...","language":"javascript","reviewType":"full"}'
POST/api/ai-generate
Auth required

Stream AI code generation

Request body

{
  "prompt": "Binary search in TypeScript",
  "language": "typescript",
  "genType": "generate"
}

// genType: "generate" | "tests" | "docs" | "fix" | "refactor"

Response

// Server-Sent Events stream
data: {"chunk": "function binarySearch..."}
data: [DONE]

cURL example

curl -X POST https://collabcode.dev/api/ai-generate \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"prompt":"Binary search","language":"typescript","genType":"generate"}'

WebSocket Events

Real-time features use Socket.IO 4.x. Connect with your JWT token in the handshake auth object.

import { io } from "socket.io-client";

const socket = io("https://collabcode.dev", {
  auth: { token: "eyJhbGci..." }
});

// Join a room
socket.emit("room:join", { roomId: "abc123", token });

// Listen for Y.js CRDT updates
socket.on("yjs:update", ({ update }) => {
  Y.applyUpdate(doc, new Uint8Array(update));
});

// Send a Y.js update
socket.emit("yjs:update", {
  roomId: "abc123",
  update: Array.from(Y.encodeStateAsUpdate(doc))
});

// Live cursors
socket.emit("awareness:update", {
  roomId, cursor: { lineNumber: 5, column: 12 }, selection: null
});

// Chat
socket.emit("chat:send", { roomId, content: "Hello!" });
socket.on("chat:message", (msg) => console.log(msg));

// Execute code
socket.emit("execution:run", { roomId, code, language: "python" });
socket.on("execution:result", ({ stdout, stderr, exitCode }) => { });
EventDirectionPayload
room:joinemit{ roomId, token }
room:joinedon{ room, participants }
yjs:syncon{ state: number[] }
yjs:updateemit/on{ roomId, update: number[] }
awareness:updateemit/on{ roomId, cursor, selection }
chat:sendemit{ roomId, content }
chat:messageon{ id, userId, username, content, timestamp }
execution:runemit{ roomId, code, language }
execution:resulton{ stdout, stderr, exitCode, executionTime }
language:changeemit{ roomId, language }
participant:joinedonParticipant object
participant:lefton{ userId, socketId }

Rate limits

EndpointLimitWindow
/api/auth (login)20 requestsper minute per IP
/api/auth (register)5 requestsper minute per IP
/api/rooms (GET)120 requestsper minute
/api/rooms (POST)30 requestsper minute
/api/ai-review60 requestsper hour per user
/api/ai-generate60 requestsper hour per user
Socket.IO eventsUnlimitedFair-use

Responses include X-RateLimit-Remaining and X-RateLimit-Reset headers. Enterprise plans have higher limits — contact sales.