HTTP API
API reference
Overview
Public routes live under /api/*. They accept JSON bodies unless noted, return JSON, and use standard HTTP status codes. Many routes rate-limit per IP to protect Supabase and email providers.
Base URL
POST https://satellitelabs.xyz/api/<resource>Authentication
Form-style endpoints (newsletter, careers, waitlists) are unauthenticated by design but validated with Zod schemas and optional RPCs on the server. Do not expose service keys in the browser — call these routes from your backend if you need to hide attribution or apply your own auth layer.
Request format
Send JSON with a explicit content type:
POST /api/newsletter/subscribe
Content-Type: application/json
{
"email": "you@company.com",
"source": "footer"
}Errors
Failed validation returns 400 with an error string. Rate limits respond with 429. Server or upstream failures use 500 — treat them as retryable with backoff.
Newsletter
POST /api/newsletter/subscribe accepts email, optional first_name / last_name, and a source enum such as footer, blog, or careers. Successful subscriptions return JSON with a status from the Supabase RPC layer.
Careers
POST /api/careers/apply carries application payloads (role, links, CV metadata) into the hiring pipeline. Keep attachments in object storage and pass URLs — do not post raw binary to the route.