HTTP API

API reference

Overview

Public routes live under /api/*. They accept JSON bodies unless noted, return JSON, and use standard HTTP status codes. Many routes rate-limit per IP to protect Supabase and email providers.

Base URL

POST https://satellitelabs.xyz/api/<resource>

Authentication

Form-style endpoints (newsletter, careers, waitlists) are unauthenticated by design but validated with Zod schemas and optional RPCs on the server. Do not expose service keys in the browser — call these routes from your backend if you need to hide attribution or apply your own auth layer.

Request format

Send JSON with a explicit content type:

POST /api/newsletter/subscribe
Content-Type: application/json

{
  "email": "you@company.com",
  "first_name": "Jane",
  "last_name": "Doe",
  "source": "footer"
}

Errors

Failed validation returns 400 with an error string. Rate limits respond with 429. Server or upstream failures use 500 — treat them as retryable with backoff.

Newsletter

POST /api/newsletter/subscribe requires email, first_name, and last_name (all trimmed, max 100 chars for names). Optional source identifies where the signup came from (for example footer, blog, or blog-post). Successful subscriptions return JSON with a status from the Supabase RPC layer.

Careers

POST /api/careers/apply carries application payloads (role, links, CV metadata) into the hiring pipeline. Keep attachments in object storage and pass URLs — do not post raw binary to the route.

← Introduction