1. Syncode
Syncode
  • Syncode
    • Conventions
    • Response Schemas
    • Error Taxonomy
    • Resource Model
    • Permission Model
    • Cross-Cutting Concerns
    • Security
    • Collab-Plane
    • Execution-Plane
    • AI-Plane
  • SynCode Control Plane API
    • Auth
      • Create a new account
      • Authenticate and get tokens
      • Refresh access token
      • Invalidate refresh token
      • Change current user's password
      • Request password reset email
      • Reset password with token
    • Users
      • Get current user profile
      • Update current user profile
      • Soft-delete account
      • Get public profile of another user
      • Upload avatar (presigned URL)
      • Get usage quotas and limits
      • Get current active room (for reconnection)
      • Get time-series training statistics
    • Rooms
      • Participants
        • List all participants in a room
        • Update participant (role, mute)
        • Kick a participant from the room
      • Control
        • Advance room phase
        • Select or change the problem
        • Update room settings
        • Lock code editor, run, and submit
        • Unlock code editor, run, and submit
        • Pause the coding timer
        • Resume the coding timer
        • Request a role swap (peer mode)
        • Accept or decline a role swap request
      • Media
        • Generate LiveKit access token
        • Record participant's recording consent
        • Start session recording
        • Stop session recording
      • AI
        • Send a message to AI interviewer
        • Poll AI message result
        • Get AI conversation history
        • Request a targeted hint
        • Get hint result
        • Request code review
        • Get review result
        • Get cross-session weakness tracking
      • StaticAnalysis
        • Request static analysis
        • Get analysis result
      • Feedback
        • Submit peer evaluation
        • Get all feedback for this room
        • Get my submitted feedback
      • Create a new room
      • List rooms for current user
      • Get room details
      • Destroy a room (host only)
      • Join a room via room code
      • Leave a room
      • Lookup room by invite code
      • Execute code (interactive run)
      • Submit code against test cases
      • List past runs in this room
      • List past submissions in this room
    • Problems
      • List and search problems
      • Create a problem (admin)
      • List all available tags
      • Get problem details
      • Update a problem (admin)
      • Delete a problem (admin)
    • Bookmarks
      • List bookmarked problems
      • Bookmark a problem
      • Remove bookmark
    • Execution
      • Get execution result (single run)
      • Get submission status and aggregated results
    • Sessions
      • List my session history
      • Get session details
      • Soft-delete a session
      • Get training report
      • Get session event timeline
      • Get code snapshots
      • Get recording download URL
      • Get peer feedback for this session
      • Get whiteboard export
      • Get AI conversation history
      • Compare multiple session reports
    • Matchmaking
      • Enter the matchmaking queue
      • Cancel matchmaking
      • Get current match status
      • Accept a proposed match
      • Decline a proposed match
    • Admin
      • System overview stats
      • List all users
      • Get user details (admin view)
      • Update user (ban, role change)
      • List all rooms
      • Force-close a room
      • Query audit logs
    • Health
      • Deep health check
    • Schemas
      • RoomStatus
      • CreateDocumentRequest
      • RoomRole
      • CreateDocumentResponse
      • RoomMode
      • DestroyDocumentResponse
      • SupportedLanguage
      • KickUserRequest
      • Difficulty
      • KickUserResponse
      • UserRole
      • LockEditorRequest
      • ErrorResponse
      • LockEditorResponse
      • Pagination
      • SnapshotReadyPayload
      • UserProfile
      • UserDisconnectedPayload
      • PublicProfile
      • CallbackAckResponse
      • RoomConfig
      • RoomParticipantSummary
      • RoomSummary
      • RoomDetail
      • RoomPreview
      • ProblemSummary
      • ProblemDetail
      • ProblemExample
      • TestCase
      • TagInfo
      • AiMessage
      • WeaknessEntry
      • PeerFeedbackRatings
      • PeerFeedbackEntry
      • SessionSummary
      • SessionDetail
      • SessionParticipant
      • SessionEvent
      • CodeSnapshot
      • Evidence
      • ReportDimension
      • AdminDashboard
      • AdminUserEntry
      • AdminUserDetail
      • AdminRoomEntry
      • AuditLogEntry
      • HealthResponse
      • MatchOpponent
  • SynCode Collab Plane API
    • Documents
      • Create a Yjs document
      • Destroy a Yjs document
      • Kick a user from the document
      • Toggle editor lock
    • Health
      • Health check
    • Callbacks
      • [Callback] Snapshot ready
      • [Callback] User disconnected
    • Schemas
      • CreateDocumentRequest
      • CreateDocumentResponse
      • DestroyDocumentResponse
      • KickUserRequest
      • KickUserResponse
      • SnapshotReadyPayload
      • LockEditorRequest
      • UserDisconnectedPayload
      • LockEditorResponse
      • CallbackAckResponse
      • ErrorResponse
  1. Syncode

Cross-Cutting Concerns

Rate Limiting#

ScopeLimitWindowApplies To
Global API100 req1 minPer authenticated user
Auth (login/register)5 req1 minPer IP
Code execution (run)10 req1 minPer user
Code submission3 req1 minPer user
Room joins5 req1 minPer user
AI hints3 req5 minPer user per room
AI messages20 req1 minPer user per room
Rate limit headers on every response:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 97
X-RateLimit-Reset: 1709467260
429 responses include Retry-After header.

CORS#

Allowed origins via CORS_ORIGINS env var. Default: http://localhost:5173,https://syncode.anggita.org.

Versioning#

No URL versioning (internal API). Breaking changes use Accept-Version header with backward compat for one minor release.

Request Size Limits#

Default body: 1 MB
Code submission body: 5 MB
Avatar upload metadata: 1 KB (actual upload goes to S3)

Observability#

Trace ID in X-Trace-Id response header (OpenTelemetry)
Structured logging (pino) with request ID correlation
Metrics: request count, latency histogram, error rate per endpoint

Data Retention#

DataRetention
Execution results & submissions24 hours (Redis TTL)
Audit logs1 year
Soft-deleted users30 days then anonymized
Match requests5 minutes
Code snapshotsIndefinite (with session)
Session recordings90 days (S3 lifecycle)
Refresh tokens7 days (Redis TTL)

Conditional Requests#

EndpointETagIf-Match
GET /problems/:idYes (weak, updatedAt)-
GET /users/meYes (weak, updatedAt)-
GET /sessions/:id/reportYes (strong, immutable)-
PATCH /users/me-Yes (prevents lost updates)
PATCH /problems/:id-Yes (prevents lost updates)
Modified at 2026-03-12 05:26:10
Previous
Permission Model
Next
Security
Built with