BoaterOS API

v0.1.0 · REST + remote MCP server

Endpoints

• GET /v1/health — service liveness, no auth
• GET /v1/me — current API key + org, requires Authorization: Bearer <api-key>

Authentication

Org-scoped API keys are issued from the BoaterOS app. Pass them as a bearer token. Customer-portal endpoints use customer-scoped JWTs from POST /v1/customers/me/login.

Conventions

• OpenAPI 3.1 spec at /openapi.yaml
• Errors as RFC 7807 application/problem+json
• Idempotency via Idempotency-Key header (24h dedupe)
• Rate-limit headers: X-RateLimit-Remaining, X-RateLimit-Reset
• Webhooks signed with X-BoaterOS-Signature: sha256=<hex>

Documentation: docs.boateros.com