API Reference

Complete REST API for managing migrations, connections, webhooks, and team.

Authentication

All endpoints (except /api/contact) require authentication. Two options:

  • Session cookie: Sign in via the web app — cookies are sent automatically
  • API key: Generate from Settings → API Keys. Format: nss_ + 64 hex chars. Include as Authorization: Bearer YOUR_KEY

API keys are shown once at creation. Stored as SHA-256 hashes — they cannot be retrieved after creation. Revoke and regenerate at any time.

Migrations API

GET/api/migrations

List all migrations. Optional query: ?search=&status=&mode=. Returns enriched with source/target connection names.

POST/api/migrations

Create a migration. Required body:

{
  "name": "users-prod-to-pg",
  "sourceConnectionId": "<UUID>",
  "targetConnectionId": "<UUID>",
  "sourceDatabase": "production",
  "sourceCollection": "users",
  "targetTable": "users",
  "mode": "one-time",
  "groupId": "optional-batch-id",
  "groupName": "optional-batch-name"
}

Returns 201 with { id, name, status: "created" }.

GET/api/migrations/:id

Full migration detail — progress, record counts, timestamps, error messages.

DELETE/api/migrations/:id

Delete a migration. Cannot delete running/queued (returns 409).

POST/api/migrations/:id/start

Start migration. Requires existing schema mapping. Enqueues BullMQ job. Response: { status: "queued" }.

POST/api/migrations/:id/stop

Stop a running migration. Removes BullMQ job, sets status to stopped.

POST/api/migrations/:id/pause

Pause a running CDC migration. Status → paused.

POST/api/migrations/:id/resume

Resume a paused CDC migration. Uses saved resume token.

GET/api/migrations/:id/logs

Server-Sent Events stream of real-time logs. Connect via EventSource. Sends { done: true } on terminal status.

GET/api/migrations/:id/schema

Get saved schema mapping for a migration.

POST/api/migrations/:id/schema

Save/update schema mapping. Body:

{
  "mappings": [
    { "sourceField": "_id", "targetColumn": "id",
      "sqlType": "UUID", "nullable": false, "isPrimaryKey": true },
    { "sourceField": "email", "targetColumn": "email",
      "sqlType": "TEXT", "nullable": true, "isPrimaryKey": false }
  ]
}
POST/api/migrations/:id/schema/introspect

Trigger auto schema introspection. Samples 500 docs, returns detected fields + generated DDL.

Connections API

GET/api/connections

List all connections. Credentials never returned.

POST/api/connections

Create connection. Body: { name, type, dbType, credentials }. Credentials encrypted with AES-256-GCM.

PATCH/api/connections/:id

Update name or credentials. Only provided fields updated.

DELETE/api/connections/:id

Delete a connection permanently.

POST/api/connections/:id/test

Test connectivity. Returns { ok: true } or { ok: false, message }.

GET/api/connections/:id/databases

List available databases on the source connection.

GET/api/connections/:id/collections?database=X

List collections/tables in the specified database.

Webhooks API

GET/api/webhooks

List configured webhooks.

POST/api/webhooks

Create webhook. URL must be HTTPS. Events: migration.completed, migration.failed, migration.started, cdc.error.

DELETE/api/webhooks/:id

Delete a webhook.

POST/api/webhooks/:id/test

Send test payload to verify endpoint.

Other endpoints

GET/api/stats

Dashboard stats: active migrations, total records, CDC channels, total migrations.

GET/api/user

Get profile (id, name, email).

PATCH/api/user

Update name and/or email.

GET/api/api-keys

List API keys (prefix only, no raw keys).

POST/api/api-keys

Generate new key. Returns raw key once.

DELETE/api/api-keys/:id

Revoke an API key.

GET/api/team

List team members.

POST/api/team

Invite member by email with role (admin/member).

DELETE/api/team/:id

Remove a team member.

POST/api/contact

Public (no auth). Submit contact/sales inquiry.

Rate limits

Redis-backed sliding-window rate limiting on all authenticated endpoints:

  • Auth endpoints: 10 req / 60s window
  • Migrations API: 30 req / 60s
  • Connections API: 30 req / 60s
  • Webhooks API: 20 req / 60s

Exceeding returns HTTP 429 with Retry-After header.