API Examples
Ready-to-use API examples for testing and exploring Starbase endpoints.
Quick Start
Option 1: Postman
- Import
Starbase.postman_collection.jsoninto Postman - Run the Initial Setup request (only works once)
- Run Login to authenticate
- Tokens are automatically saved to collection variables
Option 2: VS Code REST Client
- Install the REST Client extension
- Open any
.httpfile - Select environment:
Ctrl+Alt+E(orCmd+Alt+Eon Mac) - Click “Send Request” above any request
Option 3: JetBrains IDEs (Rider, IntelliJ)
- Open any
.httpfile - Select environment from the dropdown
- Click the play button next to any request
Files
| File | Description |
|---|---|
Starbase.postman_collection.json | Complete Postman collection with all endpoints |
http-client.env.json | Environment variables for .http files |
auth.http | Login, logout, token refresh, password reset |
mfa.http | MFA configuration (TOTP, email) |
webauthn.http | WebAuthn/FIDO2 credential management |
push-mfa.http | Push notification MFA |
users.http | User management (admin) |
audit.http | Audit log queries and verification |
health.http | Health check endpoints |
Environment Configuration
Edit http-client.env.json to configure your environments:
{
"dev": {
"baseUrl": "http://localhost:5000",
"username": "admin@example.com",
"password": "YourSecurePassword123!"
}
}
Authentication Flow
- First Run (No Users)
POST /api/v1/setupCreates initial admin user. Only works once.
- Login
POST /api/v1/auth/loginReturns
accessTokenandrefreshToken(or MFA challenge). - Use Access Token
Authorization: Bearer <accessToken> - Refresh Token
POST /api/v1/auth/refreshWhen access token expires, get a new one.
Rate Limits
| Endpoint Type | Default Limit |
|---|---|
| Login/Refresh | 5/minute |
| Password Reset | 3/5 minutes |
| MFA Setup | 10/5 minutes |
| General API | 100/minute |
| Health Checks | 30/minute |
Rate limit exceeded returns 429 Too Many Requests with Retry-After header.
Common Response Codes
| Code | Meaning |
|---|---|
| 200 | Success |
| 400 | Validation error |
| 401 | Not authenticated |
| 403 | Insufficient privileges |
| 404 | Not found (or setup already complete) |
| 429 | Rate limit exceeded |
| 500 | Server error |
Privileges Required
| Endpoint Category | Required Privilege |
|---|---|
| View all users | UserManagement.View |
| View basic users | UserManagement.ViewBasic |
| Create users | UserManagement.Create |
| Update users | UserManagement.Update |
| Deactivate users | UserManagement.Deactivate |
| View audit logs | Audit.View |
| Verify audit ledger | Audit.Verify |
| View archives | Audit.ViewArchives |
| System metrics | SystemAdministration.Metrics |
| Org MFA metrics | OrganizationManagement.MfaMetrics |