API
Overview
The API provides public endpoints for version checking, maintenance status, and user authentication tracking. All endpoints (except /health) require authentication via the x-api-token header.
Authentication
All endpoints require authentication using a Base64-encoded API token in the header:
x-api-token: <base64-encoded-api-token>
How It Works
- Obtain your API token from the AppCockpit dashboard
- Base64-encode the token
- Include it in the
x-api-tokenheader of every request
Authentication Errors
| Status | Meaning |
|---|---|
401 Unauthorized | Missing or invalid token |
402 Payment Required | Team subscription has expired or is inactive |
403 Forbidden | Team has been deleted or app ID does not match |
Base URL
https://api.appcockpit.dev
Common Response Format
Error Response
All error responses share the same format:
{
"error": "Description of what went wrong"
}
Response Headers
All JSON responses include:
| Header | Description |
|---|---|
Content-Type | application/json |
ETag | MD5 hash of the response body for caching |
Endpoints
Health Check
Check if the API is running. Does not require authentication.
GET /health
Response: 200 OK (empty body)
Get Versions
Check whether a specific app version requires an update.
- V1
- V2
GET /v1/versions
Also available at the legacy path GET /versions.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
app_id | string | Yes | Your app ID (must match the authenticated app) |
app_version | string | Yes | The client's current app version (e.g. "2.5.0") |
platform | string | Yes | "ios" or "android" |
environment | string | Yes | Environment alias (e.g. "production", "staging") |
Success Response (200 OK)
{
"version": "2.5.0",
"platform": "ios",
"force_update": false,
"update_message": "A new version is available."
}
| Field | Type | Description |
|---|---|---|
version | string | The version string that was matched |
platform | string | Platform of the matched version |
force_update | boolean | Whether the user must update before continuing |
update_message | string | null | Optional message to display to the user |
Errors
| Status | Error | Cause |
|---|---|---|
| 400 | "app_id is required" | Missing app_id parameter |
| 400 | "app_version is required" | Missing app_version parameter |
| 400 | "platform is required" | Missing platform parameter |
| 400 | "environment is required" | Missing environment parameter |
| 403 | "Forbidden" | app_id does not match the authenticated app |
| 404 | "Version not found" | No matching version or minimum version rule exists |
Behavior
- Looks for an exact version match (version string + platform + environment,
status=true) - If no exact match, falls back to a minimum version rule for the platform and environment
- If a minimum version rule exists, compares the client's
app_versionagainst the minimum — returns the rule only if the client version is older - Returns
404if neither match is found
GET /v2/versions
Enhanced version with localized update messages.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
app_id | string | Yes | Your app ID (must match the authenticated app) |
app_version | string | Yes | The client's current app version (e.g. "2.5.0") |
platform | string | Yes | "ios" or "android" |
environment | string | Yes | Environment alias (e.g. "production", "staging") |
Success Response (200 OK)
{
"version": "2.5.0",
"platform": "ios",
"force_update": false,
"default_update_message": "A new version is available.",
"update_messages": {
"en": "A new version is available.",
"de": "Eine neue Version ist verfuegbar."
}
}
| Field | Type | Description |
|---|---|---|
version | string | The version string that was matched |
platform | string | Platform of the matched version |
force_update | boolean | Whether the user must update before continuing |
default_update_message | string | null | Default update message (fallback) |
update_messages | object | null | Map of locale codes to localized update messages |
Errors
| Status | Error | Cause |
|---|---|---|
| 400 | "app_id is required" | Missing app_id parameter |
| 400 | "app_version is required" | Missing app_version parameter |
| 400 | "platform is required" | Missing platform parameter |
| 400 | "environment is required" | Missing environment parameter |
| 403 | "Forbidden" | app_id does not match the authenticated app |
| 404 | "Version not found" | No matching version or minimum version rule exists |
Behavior
- Looks for an exact version match (version string + platform + environment,
status=true) - If no exact match, falls back to a minimum version rule for the platform and environment
- If a minimum version rule exists, compares the client's
app_versionagainst the minimum — returns the rule only if the client version is older - Returns
404if neither match is found
Get Maintenance Status
Check whether the app is in maintenance mode for a given environment.
- V1
- V2
GET /v1/maintenance
Also available at the legacy path GET /maintenance.
GET /v2/maintenance
V1 and V2 are identical for this endpoint.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
app_id | string | Yes | Your app ID (must match the authenticated app) |
environment | string | Yes | Environment alias to check (e.g. "production") |
Success Response (200 OK)
Maintenance active:
{
"active": true,
"title": "Scheduled Maintenance",
"description": "We're performing an upgrade. Back soon!",
"links": [
{
"title": "Status Page",
"url": "https://status.example.com"
}
]
}
Maintenance inactive:
{
"active": false,
"title": null,
"description": null,
"links": []
}
| Field | Type | Description |
|---|---|---|
active | boolean | Whether maintenance mode is currently active for this environment |
title | string | null | Title shown to users during maintenance |
description | string | null | Description / message shown to users |
links | array | List of links to show during maintenance (e.g. status page) |
links[].title | string | Display text for the link |
links[].url | string | URL of the link |
Errors
| Status | Error | Cause |
|---|---|---|
| 400 | "environment is required" | Missing environment parameter |
| 403 | "Forbidden" | app_id does not match the authenticated app |
| 404 | "App not found" | App could not be found in the database |
Authenticate User
Log a user authentication event and track the latest app version per user and platform.
info
This endpoint is only available in V2.
POST /v2/authenticate
Request Headers
| Header | Required | Description |
|---|---|---|
x-api-token | Yes | Base64-encoded API token |
Content-Type | Yes | Must be application/json |
Request Body
{
"user_id": "user_12345",
"platform": "ios",
"app_version": "2.5.0",
"environment": "production"
}
| Field | Type | Required | Description |
|---|---|---|---|
user_id | string | Yes | Unique identifier for the user |
platform | string | Yes | Must be "ios" or "android" |
app_version | string | Yes | Client's current app version |
environment | string | No | Environment identifier (e.g. "production", "staging") |
Success Response (200 OK)
{
"success": true,
"user_id": "user_12345",
"platform": "ios",
"app_version": "2.5.0"
}
| Field | Type | Description |
|---|---|---|
success | boolean | true on success |
user_id | string | Echo of the submitted user ID |
platform | string | Echo of the submitted platform |
app_version | string | Echo of the submitted app version |
Errors
| Status | Error | Cause |
|---|---|---|
| 400 | "Invalid request body" | JSON payload could not be parsed |
| 400 | "user_id is required" | user_id is missing or empty |
| 400 | "platform is required" | platform is missing or empty |
| 400 | "app_version is required" | app_version is missing or empty |
| 400 | "platform must be 'ios' or 'android'" | Invalid platform value |
| 500 | "Failed to fetch user data" | Database read error |
| 500 | "Failed to update user version data" | Database write error |
Behavior
When called, this endpoint performs two operations:
- Logs an authentication session — creates a record with the user ID, platform, app version, environment, and timestamp (retained for 365 days)
- Updates the user's latest version record — tracks the most recent app version per platform (iOS / Android separately), including:
- First authentication timestamp (set once, never overwritten)
- Last authentication timestamp (updated on every call)
- Latest app version and environment per platform
Endpoint Summary
- V1
- V2
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /health | No | Health check |
| GET | /v1/versions | Yes | Get version info |
| GET | /v1/maintenance | Yes | Get maintenance status |
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /health | No | Health check |
| GET | /v2/versions | Yes | Get version info (localized messages) |
| GET | /v2/maintenance | Yes | Get maintenance status |
| POST | /v2/authenticate | Yes | Log user authentication event |
Example Usage
- V1
- V2
cURL Examples
Check version:
curl -H "x-api-token: your-api-token" \
"https://api.appcockpit.dev/v1/versions?app_id=YOUR_APP_ID&app_version=1.2.0&platform=ios&environment=production"
Check maintenance:
curl -H "x-api-token: your-api-token" \
"https://api.appcockpit.dev/v1/maintenance?app_id=YOUR_APP_ID&environment=production"
JavaScript Example
const apiToken = "your-api-token";
// Check version
const versionResponse = await fetch(
"https://api.appcockpit.dev/v1/versions?app_id=YOUR_APP_ID&app_version=1.2.0&platform=ios&environment=production",
{
headers: { "x-api-token": apiToken },
}
);
// Check maintenance
const maintenanceResponse = await fetch(
"https://api.appcockpit.dev/v1/maintenance?app_id=YOUR_APP_ID&environment=production",
{
headers: { "x-api-token": apiToken },
}
);
cURL Examples
Check version:
curl -H "x-api-token: your-api-token" \
"https://api.appcockpit.dev/v2/versions?app_id=YOUR_APP_ID&app_version=1.2.0&platform=ios&environment=production"
Check maintenance:
curl -H "x-api-token: your-api-token" \
"https://api.appcockpit.dev/v2/maintenance?app_id=YOUR_APP_ID&environment=production"
Authenticate user:
curl -X POST \
-H "x-api-token: your-api-token" \
-H "Content-Type: application/json" \
-d '{"user_id": "user_12345", "platform": "ios", "app_version": "2.5.0", "environment": "production"}' \
"https://api.appcockpit.dev/v2/authenticate"
JavaScript Example
const apiToken = "your-api-token";
// Check version (V2)
const versionResponse = await fetch(
"https://api.appcockpit.dev/v2/versions?app_id=YOUR_APP_ID&app_version=1.2.0&platform=ios&environment=production",
{
headers: { "x-api-token": apiToken },
}
);
// Check maintenance
const maintenanceResponse = await fetch(
"https://api.appcockpit.dev/v2/maintenance?app_id=YOUR_APP_ID&environment=production",
{
headers: { "x-api-token": apiToken },
}
);
// Authenticate user
const authResponse = await fetch(
"https://api.appcockpit.dev/v2/authenticate",
{
method: "POST",
headers: {
"x-api-token": apiToken,
"Content-Type": "application/json",
},
body: JSON.stringify({
user_id: "user_12345",
platform: "ios",
app_version: "2.5.0",
environment: "production",
}),
}
);