Background
Image
English

MyTape API Documentation (v1)

Last updated: October 2025

MyTape is a private social network within the IuVe Project Ecosystem, created by Iurie Verejan and powered by ColibriPlus v2 (Laravel). This document describes the public and partner REST API for integrating web, mobile, and third‑party services with MyTape.

Status: Stable
Audience: First‑party (MyTape web/app), trusted partners, and approved community developers
Standards: REST/JSON over HTTPS, WebSockets (Reverb/Laravel WebSockets), OAuth2/Sanctum

1. Base URLs & Environments

  1. Production: https://api.mytape.live/v1
  2. Staging (example): https://staging-api.mytape.live/v1
All requests must use HTTPS and include required headers.

1.1 Required Headers

  1. Authorization: Bearer <token> — Sanctum Personal Access Token or OAuth2 access token
  2. Accept: application/vnd.mytape.v1+json — API versioning via media type
  3. Content-Type: application/json — for JSON bodies (multipart when uploading files)
  4. X-Client-Version: <semver> — your app/build version (optional but recommended)
  5. X-Request-Id: <uuid> — idempotency/tracing (recommended)

1.2 Versioning

  1. Current: v1 (Accept: application/vnd.mytape.v1+json)
  2. Breaking changes increment the media type (e.g., v2).

1.3 Rate Limits

  1. Default: 60 requests/minute per IP + token (Laravel throttle)
  2. Elevated tiers available for trusted partners.
  3. Headers returned: X-RateLimit-Limit, X-RateLimit-Remaining, Retry-After.

1.4 Pagination

  1. Offset pagination: ?page=1&per_page=20 (default per_page=20, max 100)
  2. Cursor pagination (preferred for feeds): ?cursor=<opaque>&limit=20
  3. Response includes meta and links.next/prev.

1.5 Error Format

{
"error": {
"code": "validation_error",
"message": "The given data was invalid.",
"details": {"field": ["Rule message..."]},
"request_id": "6a3e..."
}
}
  1. Common HTTP codes: 200, 201, 204, 400, 401, 403, 404, 409, 422, 429, 500.

1.6 Idempotency

  1. For non‑safe methods (POST, PUT, PATCH, DELETE) send a unique Idempotency-Key header to safely retry.

2. Authentication & Authorization

MyTape supports Laravel Sanctum Personal Access Tokens (PAT) and OAuth2 (Authorization Code + PKCE) for mobile/partner apps.

2.1 Register

POST /auth/register

{
"name": "Alex Doe",
"username": "alex",
"email": "alex@example.com",
"password": "••••••••",
"password_confirmation": "••••••••"
}

201 Created →

{"token":"<pat>","user":{"id":1,"username":"alex","name":"Alex Doe"}}

2.2 Login

POST /auth/login

{"email":"alex@example.com","password":"••••••••"}

200 OK → { "token": "<pat>", "user": { ... } }

2.3 Me

GET /auth/me → current user profile

2.4 Logout

POST /auth/logout → revoke current token

2.5 Token Management (PAT)

GET /auth/tokens · POST /auth/tokens · DELETE /auth/tokens/{id}

Scopes (examples):

  1. read — read‑only
  2. write — create/update content
  3. market — Market endpoints
  4. work — Work endpoints
  5. admin:* — privileged/admin (restricted)

3. Data Models (Overview)

  1. User: { id, username, name, avatar_url, bio, location, website, created_at }
  2. Profile: user extended fields (privacy, language, preferences)
  3. Media: { id, type(image|video|audio), url, thumb_url, duration, width, height }
  4. Post: { id, author(User), text, media[], visibility, stats{likes,comments,reposts}, created_at }
  5. Comment: { id, author, post_id, text, created_at }
  6. Reaction: { id, kind(like|applause|fire), user_id, post_id }
  7. Follow: { follower_id, followee_id, status }
  8. Job (Work): { id, title, company, type, location, tags[], description, salary, contact, status }
  9. Listing (Market): { id, title, price, currency, category, media[], location, description, contact }
  10. Company: { id, name, slug, logo_url, website, category, socials{}, verified }
  11. Notification: { id, type, payload{}, read_at }

4. Social Feed

4.1 Get Home Feed (cursor)

GET /feed?cursor=<c>&limit=20

200 OK →

{
"data": [ {"id": 101, "text": "Hello MyTape", "author": {"id":1,"username":"alex"}, "media": [] } ],
"links": {"next": "...?cursor=eyJwIjoxNj..."}
}

4.2 Create Post

POST /posts

{"text":"Launching soon 🚀","visibility":"connections"}

201 Created → { "id": 202, ... }

4.3 Upload Media (multipart)

POST /media

  1. Form fields: file (binary), type=image|video|audio
  2. Returns a media.id to attach to posts.

4.4 Attach Media to Post

POST /posts/{id}/media

{"media_ids":[55,56]}

4.5 Get Post / Update / Delete

  1. GET /posts/{id}
  2. PATCH /posts/{id} { "text": "edited" }
  3. DELETE /posts/{id} → 204 No Content

4.6 Comments

  1. GET /posts/{id}/comments?cursor=...
  2. POST /posts/{id}/comments { "text": "great!" }
  3. DELETE /comments/{id}

4.7 Reactions

  1. POST /posts/{id}/reactions { "kind": "like" }
  2. DELETE /posts/{id}/reactions/{kind}

4.8 Follow System

  1. POST /users/{id}/follow
  2. DELETE /users/{id}/follow
  3. GET /users/{id}/followers · GET /users/{id}/following

4.9 Explore / Trends

  1. GET /explore?topic=music&limit=20

5. Profiles & Settings

5.1 Get User by Username

GET /users/@{username}

5.2 Update Profile

PATCH /me/profile

{
"name":"Alex Doe",
"bio":"Producer & DJ",
"links":{"website":"https://alex.example","instagram":"alex"},
"preferences":{"language":"en","theme":"dark"}
}

5.3 Privacy Settings

PATCH /me/privacy

{"visibility":"private","dm":"connections","searchable":false}

5.4 Blocking & Reporting

  1. POST /users/{id}/block
  2. POST /reports { "entity_type":"post","entity_id":202,"reason":"spam" }

6. Work (Jobs & Collaborations)

Note: MyTape is not an employer or intermediary. All deals occur directly between users.

6.1 List Jobs

GET /work/jobs?query=designer&location=remote&type=contract&tags=ui,figma&page=1&per_page=20

6.2 Create Job

POST /work/jobs

{
"title":"Senior Laravel Engineer",
"company":"IuVe Tech",
"type":"full_time",
"location":"Remote",
"salary": {"min": 2500, "max": 4000, "currency":"EUR"},
"tags":["laravel","vue","redis"],
"description":"Build features for MyTape...",
"contact":"hr@mytape.live"
}

6.3 Job Details / Update / Delete

  1. GET /work/jobs/{id}
  2. PATCH /work/jobs/{id}
  3. DELETE /work/jobs/{id}

6.4 Apply / Contact

POST /work/jobs/{id}/apply

{"message":"Here is my portfolio...","attachments":[55]}

7. Market (Listings)

Note: MyTape does not process payments; listings are informational with direct contact.

7.1 Browse Listings

GET /market/listings?category=services&price_min=50&price_max=500&sort=-created_at&page=1

7.2 Create Listing

POST /market/listings

{
"title":"Mix & Mastering (per track)",
"price":120,
"currency":"EUR",
"category":"services",
"media_ids":[55],
"location":"EU/Remote",
"description":"Analog chain + stems",
"contact":"studio@mytape.live"
}

7.3 Listing Details / Update / Delete

  1. GET /market/listings/{id}
  2. PATCH /market/listings/{id}
  3. DELETE /market/listings/{id}

7.4 Save / Share

  1. POST /market/listings/{id}/save
  2. DELETE /market/listings/{id}/save

8. Company Directory

8.1 Search Companies

GET /companies?query=audio&category=studio&verified=true&page=1

8.2 Create/Claim Company (verified only)

POST /companies

{
"name":"IuVe Studios",
"website":"https://iuve.example",
"category":"studio",
"logo_media_id":77,
"socials":{"x":"iuvestudios","instagram":"iuvestudios"}
}

8.3 Company Profile

  1. GET /companies/{id}
  2. PATCH /companies/{id} (owner/verifier)

9. Search

GET /search?q=deep+house&type=post,user,company,listing&limit=10

200 OK → grouped results by type.

10. Notifications

  1. GET /notifications?unread_only=true
  2. POST /notifications/{id}/read
  3. POST /notifications/read-all

Types include: follow, comment, mention, reaction, job_match, listing_message.

11. Messaging (Direct Messages)

Private network: encrypted in transit, stored securely. Optional E2EE roadmap.
  1. GET /dm/threads
  2. POST /dm/threads { "user_id": 42 }
  3. GET /dm/threads/{id}/messages?cursor=...
  4. POST /dm/threads/{id}/messages { "text": "Hi" , "media_ids": [55] }

12. Media & Transcoding

Uploads are handled via Laravel filesystem with storage backends (local/object storage/CDN). Videos are transcoded via FFmpeg workers.

  1. POST /media (multipart) → returns { id, url, type, meta }
  2. GET /media/{id}
  3. DELETE /media/{id}

Webhook (internal): media.transcoded → payload: { media_id, status, variants[] }

13. Realtime (WebSockets)

Powered by Laravel Reverb / WebSockets + Redis.

13.1 Channels

  1. Public: public.feed, public.trends
  2. Presence: presence.user.{userId}
  3. Private: private.dm.{threadId}, private.notifications.{userId}

13.2 Events (examples)

  1. post.created, comment.created, reaction.created
  2. dm.message
  3. notification.created

Auth via /broadcasting/auth with bearer token.

14. Webhooks (Partners)

Register at POST /developer/webhooks with { url, events[] }.

Events:

  1. user.created, user.updated
  2. post.created, post.deleted
  3. comment.created, comment.deleted
  4. listing.created, job.created
  5. media.transcoded

Delivery: POST <your-url> with X-MyTape-Signature: sha256=<hmac> (shared secret).

Retry: exponential backoff up to 24h.

15. Admin & Moderation (Restricted)

  1. GET /admin/reports?status=open
  2. POST /admin/actions/ban-user { "user_id": 42, "reason": "spam", "duration_days": 7 }
  3. POST /admin/actions/takedown { "entity_type":"post","entity_id":202 }
  4. GET /admin/audit-logs?actor=moderator&from=2025-10-01

Access requires admin:* scope and IP allowlist.

16. Internationalization & Locale

  1. Request header: Accept-Language: en, ro;q=0.9, ru;q=0.8
  2. Dates in ISO‑8601 UTC, render client‑side per timezone.
  3. Text translation helpers (server‑side/AI) are opt‑in and logged.

17. Security

  1. HTTPS/TLS 1.2+ only
  2. OAuth2 + PKCE or PAT via Sanctum
  3. CSRF for browser flows; JWT/Bearer for API
  4. Passwords hashed (Argon2id/Bcrypt)
  5. File scanning for uploads, mime validation, size limits
  6. DoS protection, IP throttling, Redis‑backed queues
  7. Privacy by design: no third‑party ad trackers

Report vulnerabilities: security@mytape.live

18. Compliance & Privacy

  1. Data controller: Reclama Verejan II (IDNO: 1003600053323)
  2. Address: Str. Aleco Russo 24/2, Chișinău, Republic of Moldova
  3. See: Privacy Policy and Cookie Policy
  4. Data export: GET /me/export
  5. Account deletion: DELETE /me

19. SDKs & Client Hints

  1. JavaScript/TypeScript SDK (planned): @mytape/sdk
  2. Mobile: use OAuth2 (PKCE), store tokens in secure storage, refresh via /oauth/token.

20. Example Flows

20.1 Create Post with Image (cURL)

# 1) Upload media
curl -X POST https://api.mytape.live/v1/media \
-H "Authorization: Bearer $TOKEN" \
-F type=image -F file=@cover.jpg

# 2) Create post and attach
curl -X POST https://api.mytape.live/v1/posts \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"text":"New track out now!","media_ids":[55]}'

20.2 Search & Follow

curl "https://api.mytape.live/v1/search?q=ambient&type=user&limit=5" \
-H "Authorization: Bearer $TOKEN"

curl -X POST https://api.mytape.live/v1/users/42/follow \
-H "Authorization: Bearer $TOKEN"

20.3 Create Job

curl -X POST https://api.mytape.live/v1/work/jobs \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"title":"Sound Designer",
"company":"IuVe Project",
"type":"contract",
"location":"Remote",
"tags":["synth","fx"],
"description":"Design atmospheres for MyTape",
"contact":"jobs@mytape.live"
}'

21. Changelog

  1. v1.0 — Initial public/partner release: Auth, Feed, Posts, Media, Comments, Reactions, Follow, Search, Work, Market, Companies, Notifications, Webhooks, Realtime.

22. Support

  1. Developer portal: https://dev.mytape.live (planned)
  2. General: support@mytape.live
  3. Legal: legal@mytape.live
  4. Security: security@mytape.live

© MyTape / IuVe Project Ecosystem — Operated by Reclama Verejan II. All rights reserved.