All endpoints are served from https://api.runbits.dev. Protected endpoints require a Authorization: Bearer <token> header. All responses are JSON.
Health check and infrastructure endpoints.
/healthGateway liveness check/api/config/flagsReturns all feature flagsRegistration, login, social auth, passwordless, and token management. Rate-limited to 10 req / 60 s per IP.
/api/auth/registerCreate a new user account/api/auth/loginAuthenticate with email + password/api/auth/googleSign in or register via Google OAuth/api/auth/apple/callbackSign in or register via Apple Sign-In/api/auth/facebook/callbackOAuth 2.0 callback for Facebook login/api/auth/magic-link/requestSend a magic link to the given email/api/auth/magic-link/verifyExchange a magic-link token for session tokens/api/auth/otp/requestSend a one-time password to the given email/api/auth/otp/verifyVerify OTP and issue session tokens/api/auth/refreshIssue a new access token using a valid refresh token/api/auth/logoutRevoke a refresh token/api/auth/meReturn the authenticated user's profile/api/auth/meUpdate name and/or phone/api/auth/verify-emailVerify an email address via token/api/auth/resend-verificationRe-send email verification link/api/auth/switch-roleSwitch the active role for the current session/api/auth/switch-profileSwitch active profile (multi-profile)/api/auth/add-roleAdd a new role to the existing accountStore listing, detail, and management. GET requests are public; mutations require auth.
/api/storesList stores — paginated, filterable by zone, category, search/api/stores/:idSingle store detail/api/stores/:idUpdate store fields (owner or admin)/api/stores/:id/menuList menu items for a store — paginated/api/stores/:id/menuCreate a menu item/api/stores/:storeId/menu/:itemIdUpdate a menu item/api/stores/:storeId/menu/:itemIdRemove a menu item/api/stores/:id/statsAggregated store metrics (owner or admin)Order placement and management. All endpoints require auth. Rate-limited to 60 req / 60 s per user.
/api/ordersList orders for the authenticated user or store — paginated/api/ordersPlace a new order/api/orders/:idOrder detail/api/orders/:idUpdate order status (owner/rider)/api/orders/:idCancel an order (within cancellation window)Subscription management, usage, limits, and billing history. All endpoints require auth.
/api/subscriptions/:storeIdCurrent subscription for a store/api/subscriptionsCreate a new subscription/api/subscriptions/:id/upgradeUpgrade to a higher plan immediately/api/subscriptions/:id/downgradeDowngrade plan (takes effect at period end)/api/subscriptions/:id/cancelCancel subscription at period end/api/subscriptions/:storeId/usageCurrent usage counters for the store's plan/api/subscriptions/:storeId/limitsPlan limits for the store/api/subscriptions/:storeId/billingBilling history and payment method/api/subscriptions/account/:accountId/consolidatedConsolidated billing view across all stores for an accountAdd-on marketplace for extending store functionality. All endpoints require auth.
/api/subscriptions/:storeId/modulesList available and active modules for the store/api/subscriptions/:storeId/modulesAdd a module to the store's subscription/api/subscriptions/:storeId/modules/:moduleIdRemove a module (takes effect at period end)In-order messaging between customers, store owners, and riders. Rate-limited to 120 req / 60 s per user.
/api/chat/orders/:orderId/messagesRetrieve message history for an order's chat thread/api/chat/orders/:orderId/messagesSend a message in an order's chat thread/api/chat/orders/:orderId/messages/readMark all messages in a thread as read/api/chat/unread-countTotal unread messages across all order threadsMulti-profile support per user account. All endpoints require auth.
/api/profilesList profiles for the authenticated user — paginated/api/profilesCreate a new profile/api/profiles/:idUpdate a profile/api/profiles/:idSoft-delete a profileZones, push tokens, and internal endpoints.
/api/zonesList delivery zones — public/api/push-tokensRegister a device push notification token/api/push-tokens/:tokenUnregister a device tokenRider and fleet management. All endpoints require auth.
/api/riders/*Rider management: registration, location updates, availability, assignment/api/fleets/*Fleet management: groups of riders under an operatorQuery params: ?limit=20&offset=0 (default limit 20, max 100).
All errors return a consistent JSON body. Every response includes X-Request-Id for tracing.
200OK201Created204No content400Bad request401Unauthorized403Forbidden404Not found429Rate limit exceeded
Social
Coupons, promotions, favorites, and in-order chat.
/api/couponsList coupons — owners see their store coupons; customers see applicable ones/api/couponsCreate a coupon (code, discount, type, expiry)/api/coupons/:idSingle coupon detail/api/coupons/:idDelete / deactivate a coupon/api/promotionsList promotions — paginated/api/promotionsCreate a promotion/api/promotions/:idSingle promotion detail/api/promotions/:idDelete a promotion/api/favoritesList the user's favorited stores — paginated/api/favoritesAdd a store to favorites/api/favorites/:storeIdRemove a store from favorites