API Reference
Authentication
All endpoints (except /api/contact) require authentication. Two options:
- Session cookie: Sign in via the web app — cookies are sent automatically
- API key: Generate from Settings → API Keys. Format:
nss_+ 64 hex chars. Include asAuthorization: Bearer YOUR_KEY
API keys are shown once at creation. Stored as SHA-256 hashes — they cannot be retrieved after creation. Revoke and regenerate at any time.
Migrations API
List all migrations. Optional query: ?search=&status=&mode=. Returns enriched with source/target connection names.
Create a migration. Required body:
{
"name": "users-prod-to-pg",
"sourceConnectionId": "<UUID>",
"targetConnectionId": "<UUID>",
"sourceDatabase": "production",
"sourceCollection": "users",
"targetTable": "users",
"mode": "one-time",
"groupId": "optional-batch-id",
"groupName": "optional-batch-name"
}Returns 201 with { id, name, status: "created" }.
Full migration detail — progress, record counts, timestamps, error messages.
Delete a migration. Cannot delete running/queued (returns 409).
Start migration. Requires existing schema mapping. Enqueues BullMQ job. Response: { status: "queued" }.
Stop a running migration. Removes BullMQ job, sets status to stopped.
Pause a running CDC migration. Status → paused.
Resume a paused CDC migration. Uses saved resume token.
Server-Sent Events stream of real-time logs. Connect via EventSource. Sends { done: true } on terminal status.
Get saved schema mapping for a migration.
Save/update schema mapping. Body:
{
"mappings": [
{ "sourceField": "_id", "targetColumn": "id",
"sqlType": "UUID", "nullable": false, "isPrimaryKey": true },
{ "sourceField": "email", "targetColumn": "email",
"sqlType": "TEXT", "nullable": true, "isPrimaryKey": false }
]
}Trigger auto schema introspection. Samples 500 docs, returns detected fields + generated DDL.
Connections API
List all connections. Credentials never returned.
Create connection. Body: { name, type, dbType, credentials }. Credentials encrypted with AES-256-GCM.
Update name or credentials. Only provided fields updated.
Delete a connection permanently.
Test connectivity. Returns { ok: true } or { ok: false, message }.
List available databases on the source connection.
List collections/tables in the specified database.
Webhooks API
List configured webhooks.
Create webhook. URL must be HTTPS. Events: migration.completed, migration.failed, migration.started, cdc.error.
Delete a webhook.
Send test payload to verify endpoint.
Other endpoints
Dashboard stats: active migrations, total records, CDC channels, total migrations.
Get profile (id, name, email).
Update name and/or email.
List API keys (prefix only, no raw keys).
Generate new key. Returns raw key once.
Revoke an API key.
List team members.
Invite member by email with role (admin/member).
Remove a team member.
Public (no auth). Submit contact/sales inquiry.
Rate limits
Redis-backed sliding-window rate limiting on all authenticated endpoints:
- Auth endpoints: 10 req / 60s window
- Migrations API: 30 req / 60s
- Connections API: 30 req / 60s
- Webhooks API: 20 req / 60s
Exceeding returns HTTP 429 with Retry-After header.