IntelliPicHub

English

简体中文

English

简体中文

Appearance

IntelliPicHubHTTP API documentation

Long-lived API keys and scope-bound endpoints for cron jobs, Workers, and external integrations.

API Reference
Source on GitHub

Acts-as-user keys

Every API key is bound to a user. Effective permissions equal user role intersected with granted scopes. Same model as GitHub PAT and Stripe Restricted Keys.

Scope-bound endpoints

Endpoints declare the scopes they require via @RequireScope. JWT requests bypass; API key requests are checked. Wildcards (e.g. admin:*) supported.

SHA-256-only storage

Token plaintext is shown exactly once on creation, never logged, never persisted. Lose it, revoke it, create a new one.

Designed to extend

Schema reserves columns for V2/V3 features (rate limits, IP allowlist, audit log, key rotation) so they land as pure additions, no migration.

Quick example

Create a key (browser session, JWT auth):

bash
curl -X POST https://<host>/api/auth/api-keys \
  -H "Authorization: Bearer <jwt>" \
  -H "Content-Type: application/json" \
  -d '{"name":"ingest-worker","scopes":["picture:upload"]}'

Use the returned plaintext (shown once) to ingest:

bash
curl -N -X POST https://<host>/api/picture/upload/batch/selected \
  -H "Authorization: Bearer iph_live_..." \
  -H "Content-Type: application/json" \
  -d '{"urlList":["https://..."],"namePrefix":"cc0-","tags":["cc0"]}'

See the API Reference for the full specification.

Released under the MIT License.

Copyright © 2026-present jiaheliu137