Glyde API
| Environment | Base URL |
|---|---|
| Production | https://api.glyde.trade/v1 |
| Development | https://dev-api.glyde.trade/v1 |
All endpoints are prefixed with /v1. Responses use a consistent JSON envelope.
Response Format
Every response follows this shape:
{
"status": 200,
"data": { ... }
}
On error:
{
"status": 401,
"error": "UNAUTHORIZED"
}
Error Codes
| Code | HTTP Status | Meaning |
|---|---|---|
UNAUTHORIZED | 401 | Missing or invalid access token |
FORBIDDEN | 403 | Valid token but insufficient permissions |
NOT_FOUND | 404 | Resource does not exist |
VALIDATION_FAILED | 400 | Request body failed validation |
TOO_MANY_REQUESTS | 429 | Rate limit exceeded |
INTERNAL_SERVER_ERROR | 500 | Server-side error |
Authentication
Most endpoints require a Bearer token. After logging in, include it in every request:
Authorization: Bearer <access_token>
The token can also be sent via the glyde-access-token cookie.
Access tokens have a limited lifetime. The expire_at field in the login/refresh response tells you exactly when the token expires. Use the refresh endpoint to get a new one before expiry.
Required Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes (authenticated routes) | Bearer <access_token> |
Client-Device-Id | Yes | Stable UUIDv7 identifying the device. Generate once and persist across sessions |
Client-Info | Recommended | Device metadata string (see below) |
Content-Type | Yes (POST/PUT) | application/json |
Client-Info Format
A semicolon-separated string:
<device_name>; os=<platform>; app=<version>; runtime=<runtime>
Example:
iPhone 15 Pro; os=iOS; app=1.2.0; runtime=native
Chrome 120; os=web; app=1.0.0; runtime=web
The os field is used to select the correct OAuth client for Google sign-in. Use iOS for iOS apps and any other value for web.
Rate Limiting
All endpoints are rate-limited to 1200 requests per 60 seconds per IP. When exceeded, the API returns a 429 with error code TOO_MANY_REQUESTS.
IDs
All IDs are snowflake IDs — 64-bit integers serialized as strings in JSON.
{
"id": "1234567890123456789"
}
Always treat IDs as strings on the frontend to avoid JavaScript number precision issues.