1. Syncode
Syncode
  • Syncode
    • Conventions
    • Response Schemas
    • Error Taxonomy
    • Resource Model
    • Permission Model
    • Cross-Cutting Concerns
    • Security
    • Collab-Plane
    • Execution-Plane
    • AI-Plane
  • SynCode Control Plane API
    • Auth
      • Create a new account
      • Authenticate and get tokens
      • Refresh access token
      • Invalidate refresh token
      • Change current user's password
      • Request password reset email
      • Reset password with token
    • Users
      • Get current user profile
      • Update current user profile
      • Soft-delete account
      • Get public profile of another user
      • Upload avatar (presigned URL)
      • Get usage quotas and limits
      • Get current active room (for reconnection)
      • Get time-series training statistics
    • Rooms
      • Participants
        • List all participants in a room
        • Update participant (role, mute)
        • Kick a participant from the room
      • Control
        • Advance room phase
        • Select or change the problem
        • Update room settings
        • Lock code editor, run, and submit
        • Unlock code editor, run, and submit
        • Pause the coding timer
        • Resume the coding timer
        • Request a role swap (peer mode)
        • Accept or decline a role swap request
      • Media
        • Generate LiveKit access token
        • Record participant's recording consent
        • Start session recording
        • Stop session recording
      • AI
        • Send a message to AI interviewer
        • Poll AI message result
        • Get AI conversation history
        • Request a targeted hint
        • Get hint result
        • Request code review
        • Get review result
        • Get cross-session weakness tracking
      • StaticAnalysis
        • Request static analysis
        • Get analysis result
      • Feedback
        • Submit peer evaluation
        • Get all feedback for this room
        • Get my submitted feedback
      • Create a new room
      • List rooms for current user
      • Get room details
      • Destroy a room (host only)
      • Join a room via room code
      • Leave a room
      • Lookup room by invite code
      • Execute code (interactive run)
      • Submit code against test cases
      • List past runs in this room
      • List past submissions in this room
    • Problems
      • List and search problems
      • Create a problem (admin)
      • List all available tags
      • Get problem details
      • Update a problem (admin)
      • Delete a problem (admin)
    • Bookmarks
      • List bookmarked problems
      • Bookmark a problem
      • Remove bookmark
    • Execution
      • Get execution result (single run)
      • Get submission status and aggregated results
    • Sessions
      • List my session history
      • Get session details
      • Soft-delete a session
      • Get training report
      • Get session event timeline
      • Get code snapshots
      • Get recording download URL
      • Get peer feedback for this session
      • Get whiteboard export
      • Get AI conversation history
      • Compare multiple session reports
    • Matchmaking
      • Enter the matchmaking queue
      • Cancel matchmaking
      • Get current match status
      • Accept a proposed match
      • Decline a proposed match
    • Admin
      • System overview stats
      • List all users
      • Get user details (admin view)
      • Update user (ban, role change)
      • List all rooms
      • Force-close a room
      • Query audit logs
    • Health
      • Deep health check
    • Schemas
      • RoomStatus
      • CreateDocumentRequest
      • RoomRole
      • CreateDocumentResponse
      • RoomMode
      • DestroyDocumentResponse
      • SupportedLanguage
      • KickUserRequest
      • Difficulty
      • KickUserResponse
      • UserRole
      • LockEditorRequest
      • ErrorResponse
      • LockEditorResponse
      • Pagination
      • SnapshotReadyPayload
      • UserProfile
      • UserDisconnectedPayload
      • PublicProfile
      • CallbackAckResponse
      • RoomConfig
      • RoomParticipantSummary
      • RoomSummary
      • RoomDetail
      • RoomPreview
      • ProblemSummary
      • ProblemDetail
      • ProblemExample
      • TestCase
      • TagInfo
      • AiMessage
      • WeaknessEntry
      • PeerFeedbackRatings
      • PeerFeedbackEntry
      • SessionSummary
      • SessionDetail
      • SessionParticipant
      • SessionEvent
      • CodeSnapshot
      • Evidence
      • ReportDimension
      • AdminDashboard
      • AdminUserEntry
      • AdminUserDetail
      • AdminRoomEntry
      • AuditLogEntry
      • HealthResponse
      • MatchOpponent
  • SynCode Collab Plane API
    • Documents
      • Create a Yjs document
      • Destroy a Yjs document
      • Kick a user from the document
      • Toggle editor lock
    • Health
      • Health check
    • Callbacks
      • [Callback] Snapshot ready
      • [Callback] User disconnected
    • Schemas
      • CreateDocumentRequest
      • CreateDocumentResponse
      • DestroyDocumentResponse
      • KickUserRequest
      • KickUserResponse
      • SnapshotReadyPayload
      • LockEditorRequest
      • UserDisconnectedPayload
      • LockEditorResponse
      • CallbackAckResponse
      • ErrorResponse
  1. Syncode

Conventions

Naming#

JSON fields: camelCase (matches Zod schemas)
URL paths: kebab-case for multi-word segments
Collections: plural nouns (/rooms, /problems)
Actions: nested under resource when RPC-style is clearer than CRUD (/rooms/:id/run)

Content-Type#

All requests and responses use application/json unless otherwise noted.
SSE endpoints use text/event-stream.

Authentication#

Bearer JWT in Authorization header for all protected endpoints
Access token: short-lived (15m), stored in JavaScript memory
Refresh token: long-lived (7d), HTTP-only Set-Cookie (SameSite=Strict; Secure; HttpOnly; Path=/auth)
On page refresh, call POST /auth/refresh to get a fresh access token
Admin endpoints require role: 'admin' in JWT claims

Pagination#

All collection endpoints use cursor-based pagination:
{
  "data": [],
  "pagination": {
    "nextCursor": "eyJpZCI6MTAwfQ==",
    "hasMore": true
  }
}
Query parameters: cursor (string), limit (integer, default 20, max 100).

Standard Query Parameters for Collections#

ParameterTypeDescriptionUsed By
sortBystringField to sort byProblems, Sessions, Admin Users, Admin Rooms
sortOrder'asc' | 'desc'Sort directionAll sortable endpoints
searchstringFull-text searchProblems, Admin Users
fromDateISO 8601Lower bound date filterSessions, Admin Audit Logs
toDateISO 8601Upper bound date filterSessions, Admin Audit Logs

HTTP Status Codes#

CodeMeaning
200Success (GET, PATCH, action endpoints)
201Created (POST that creates a resource)
202Accepted (async job queued, e.g. run, submit, AI, analysis)
204No content (DELETE, logout, action POST with no response body)
400Validation error / malformed request
401Missing or invalid authentication
403Authenticated but insufficient permissions
404Resource not found
409Conflict (duplicate resource, invalid state transition)
429Rate limit exceeded
503Service unavailable (circuit breaker open)
500Internal server error
504Gateway timeout (circuit breaker timeout)

Idempotency#

VerbBehavior
GETAlways idempotent
PUTAlways idempotent
DELETEAlways idempotent (204 or 404)
POST + Idempotency-Key24h dedup in Redis (room creation, AI messages)
POST naturally idempotent via 409Feedback, matchmaking, room join
POST intentionally non-idempotentrun, submit, analyze (each creates a new job)
Modified at 2026-03-12 05:26:10
Next
Response Schemas
Built with