{
  "info": {
    "_postman_id": "corsproxy-dev-api",
    "name": "corsproxy.dev API",
    "description": "Managed CORS proxy API. Programmatic surface for the hosted runtime at\n`https://api.corsproxy.dev`. The same wire protocol is implemented by\nthe MIT-licensed Go runtime at <https://github.com/melihbirim/corsproxy>\nif you want to self-host.\n\nAuth model:\n  - **Public proxy** (`/proxy?url=…&key=sk_live_…` or `X-API-Key`) for\n    browser / server callers forwarding requests to third-party APIs.\n  - **Bearer JWT** (`Authorization: Bearer <jwt>`) for everything in\n    `/v1/auth/*`, `/v1/api-keys/*`, `/v1/usage/*`, `/v1/billing/*`,\n    and `/v1/compliance/*`. JWT is issued via the magic-link flow.\n\nRate limits:\n  - Free plan: 100 requests/day per account, enforced atomically by a\n    per-user Durable Object. Over the limit returns `429`.\n",
    "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
  },
  "variable": [
    {
      "key": "jwt",
      "value": "",
      "type": "string",
      "description": "Bearer JWT — get via /v1/auth/passwordless/callback"
    },
    {
      "key": "api_key",
      "value": "",
      "type": "string",
      "description": "Proxy API key, e.g. sk_live_abc123"
    }
  ],
  "item": [
    {
      "name": "health",
      "description": "",
      "item": [
        {
          "name": "GET /v1/health — Health probe",
          "request": {
            "method": "GET",
            "header": [],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/health",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "health"
              ],
              "query": [],
              "variable": []
            },
            "description": "Plain liveness check. Always 200 when the worker is up."
          }
        }
      ]
    },
    {
      "name": "proxy",
      "description": "The CORS-forwarding endpoint. The reason the service exists.",
      "item": [
        {
          "name": "GET /v1/proxy — Forward a GET request to an upstream URL",
          "request": {
            "method": "GET",
            "header": [
              {
                "key": "X-API-Key",
                "value": "",
                "description": "API key for server-side callers."
              },
              {
                "key": "X-API-Key",
                "value": "{{api_key}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/proxy",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "proxy"
              ],
              "query": [
                {
                  "key": "url",
                  "value": "",
                  "description": "Absolute URL of the upstream API to call.",
                  "disabled": false
                },
                {
                  "key": "key",
                  "value": "",
                  "description": "API key for browser callers. Server callers should use the `X-API-Key` header instead.",
                  "disabled": true
                }
              ],
              "variable": []
            },
            "description": "The core proxy. Sends `GET <url>` upstream and rewrites the response\nwith permissive CORS headers so a browser can read it.\n"
          }
        },
        {
          "name": "POST /v1/proxy — Forward a POST request to an upstream URL",
          "request": {
            "method": "POST",
            "header": [
              {
                "key": "X-API-Key",
                "value": "{{api_key}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/proxy",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "proxy"
              ],
              "query": [],
              "variable": []
            },
            "description": "Forward a POST request to an upstream URL",
            "body": {
              "mode": "raw",
              "raw": "{}",
              "options": {
                "raw": {
                  "language": "json"
                }
              }
            }
          }
        }
      ]
    },
    {
      "name": "auth",
      "description": "Passwordless (magic-link) authentication.",
      "item": [
        {
          "name": "GET /v1/auth/captcha — Issue a math CAPTCHA challenge",
          "request": {
            "method": "GET",
            "header": [],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/auth/captcha",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "auth",
                "captcha"
              ],
              "query": [],
              "variable": []
            },
            "description": "Required before /v1/auth/passwordless and /v1/marketing/subscribe."
          }
        },
        {
          "name": "POST /v1/auth/passwordless — Request a magic-link email",
          "request": {
            "method": "POST",
            "header": [
              {
                "key": "Content-Type",
                "value": "application/json"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/auth/passwordless",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "auth",
                "passwordless"
              ],
              "query": [],
              "variable": []
            },
            "description": "Creates the user on first request (verified=false, onboarded=false)\nand emails a one-time sign-in link valid for 15 minutes. The link\ntarget is `https://app.corsproxy.dev/auth/callback?token=…`.\n",
            "body": {
              "mode": "raw",
              "raw": "{\n  \"email\": \"you@example.com\",\n  \"captcha_id\": \"\",\n  \"captcha_answer\": 0\n}",
              "options": {
                "raw": {
                  "language": "json"
                }
              }
            }
          }
        },
        {
          "name": "POST /v1/auth/passwordless/callback — Exchange a magic-link token for a JWT",
          "request": {
            "method": "POST",
            "header": [
              {
                "key": "Content-Type",
                "value": "application/json"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/auth/passwordless/callback",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "auth",
                "passwordless",
                "callback"
              ],
              "query": [],
              "variable": []
            },
            "description": "Exchange a magic-link token for a JWT",
            "body": {
              "mode": "raw",
              "raw": "{\n  \"token\": \"\"\n}",
              "options": {
                "raw": {
                  "language": "json"
                }
              }
            }
          }
        },
        {
          "name": "POST /v1/auth/onboarding — Complete first-time onboarding (terms / privacy / optional name)",
          "request": {
            "method": "POST",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              },
              {
                "key": "Content-Type",
                "value": "application/json"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/auth/onboarding",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "auth",
                "onboarding"
              ],
              "query": [],
              "variable": []
            },
            "description": "Complete first-time onboarding (terms / privacy / optional name)",
            "body": {
              "mode": "raw",
              "raw": "{\n  \"terms_accepted\": true,\n  \"privacy_accepted\": true,\n  \"name\": \"\"\n}",
              "options": {
                "raw": {
                  "language": "json"
                }
              }
            }
          }
        },
        {
          "name": "GET /v1/auth/me — Current user profile (excluding password hash)",
          "request": {
            "method": "GET",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/auth/me",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "auth",
                "me"
              ],
              "query": [],
              "variable": []
            },
            "description": "Current user profile (excluding password hash)"
          }
        },
        {
          "name": "POST /v1/auth/logout — Invalidate the current session",
          "request": {
            "method": "POST",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/auth/logout",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "auth",
                "logout"
              ],
              "query": [],
              "variable": []
            },
            "description": "Invalidate the current session"
          }
        }
      ]
    },
    {
      "name": "keys",
      "description": "Manage API keys used by the proxy endpoints.",
      "item": [
        {
          "name": "GET /v1/api-keys — List the user's API keys",
          "request": {
            "method": "GET",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/api-keys",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "api-keys"
              ],
              "query": [],
              "variable": []
            },
            "description": "List the user's API keys"
          }
        },
        {
          "name": "POST /v1/api-keys — Create a new API key (shown in full only on the response)",
          "request": {
            "method": "POST",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              },
              {
                "key": "Content-Type",
                "value": "application/json"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/api-keys",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "api-keys"
              ],
              "query": [],
              "variable": []
            },
            "description": "Create a new API key (shown in full only on the response)",
            "body": {
              "mode": "raw",
              "raw": "{\n  \"name\": \"\",\n  \"allowed_origins\": [\n    \"\"\n  ],\n  \"upstream_rules\": [\n    null\n  ]\n}",
              "options": {
                "raw": {
                  "language": "json"
                }
              }
            }
          }
        },
        {
          "name": "GET /v1/api-keys/{id} — Fetch an API key (metadata only, never the secret)",
          "request": {
            "method": "GET",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/api-keys/:id",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "api-keys",
                ":id"
              ],
              "query": [],
              "variable": [
                {
                  "key": "id",
                  "value": ""
                }
              ]
            },
            "description": "Fetch an API key (metadata only, never the secret)"
          }
        },
        {
          "name": "DELETE /v1/api-keys/{id} — Revoke an API key",
          "request": {
            "method": "DELETE",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/api-keys/:id",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "api-keys",
                ":id"
              ],
              "query": [],
              "variable": [
                {
                  "key": "id",
                  "value": ""
                }
              ]
            },
            "description": "Revoke an API key"
          }
        }
      ]
    },
    {
      "name": "usage",
      "description": "Daily counters and bandwidth analytics (from D1).",
      "item": [
        {
          "name": "GET /v1/usage/account — Today's usage for the account",
          "request": {
            "method": "GET",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/usage/account",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "usage",
                "account"
              ],
              "query": [],
              "variable": []
            },
            "description": "Today's usage for the account"
          }
        },
        {
          "name": "GET /v1/usage/account/history — Last 7 days of account usage",
          "request": {
            "method": "GET",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/usage/account/history",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "usage",
                "account",
                "history"
              ],
              "query": [],
              "variable": []
            },
            "description": "Last 7 days of account usage"
          }
        },
        {
          "name": "GET /v1/usage/keys/{key_id} — Today's usage for a single API key",
          "request": {
            "method": "GET",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/usage/keys/:key_id",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "usage",
                "keys",
                ":key_id"
              ],
              "query": [],
              "variable": [
                {
                  "key": "key_id",
                  "value": ""
                }
              ]
            },
            "description": "Today's usage for a single API key"
          }
        },
        {
          "name": "GET /v1/usage/overall — 30- and 7-day rollups with bandwidth",
          "request": {
            "method": "GET",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/usage/overall",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "usage",
                "overall"
              ],
              "query": [],
              "variable": []
            },
            "description": "30- and 7-day rollups with bandwidth"
          }
        }
      ]
    },
    {
      "name": "billing",
      "description": "Upgrade-request contact form.",
      "item": [
        {
          "name": "GET /v1/billing/options — List paid plans (for the upgrade form)",
          "request": {
            "method": "GET",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/billing/options",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "billing",
                "options"
              ],
              "query": [],
              "variable": []
            },
            "description": "List paid plans (for the upgrade form)"
          }
        },
        {
          "name": "POST /v1/billing/upgrade-request — Submit an upgrade-request contact form",
          "request": {
            "method": "POST",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              },
              {
                "key": "Content-Type",
                "value": "application/json"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/billing/upgrade-request",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "billing",
                "upgrade-request"
              ],
              "query": [],
              "variable": []
            },
            "description": "Emails sales (contact@corsproxy.dev) with the user's plan, last-7-day\nusage, requested plan, and free-text reason. No charge — Stripe checkout\nisn't wired yet.\n",
            "body": {
              "mode": "raw",
              "raw": "{\n  \"target_plan\": \"pro\",\n  \"reason\": \"\",\n  \"expected_daily_requests\": 0\n}",
              "options": {
                "raw": {
                  "language": "json"
                }
              }
            }
          }
        }
      ]
    },
    {
      "name": "marketing",
      "description": "Newsletter signup (Resend audience).",
      "item": [
        {
          "name": "POST /v1/marketing/subscribe — Newsletter signup",
          "request": {
            "method": "POST",
            "header": [
              {
                "key": "Content-Type",
                "value": "application/json"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/marketing/subscribe",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "marketing",
                "subscribe"
              ],
              "query": [],
              "variable": []
            },
            "description": "Adds the email to our Resend audience.",
            "body": {
              "mode": "raw",
              "raw": "{\n  \"email\": \"you@example.com\",\n  \"captcha_id\": \"\",\n  \"captcha_answer\": 0,\n  \"source\": \"landing\"\n}",
              "options": {
                "raw": {
                  "language": "json"
                }
              }
            }
          }
        }
      ]
    },
    {
      "name": "compliance",
      "description": "GDPR export + delete.",
      "item": [
        {
          "name": "GET /v1/compliance/export — Export everything we know about the authenticated user",
          "request": {
            "method": "GET",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/compliance/export",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "compliance",
                "export"
              ],
              "query": [],
              "variable": []
            },
            "description": "Export everything we know about the authenticated user"
          }
        },
        {
          "name": "DELETE /v1/compliance/account — Hard-delete the authenticated user's account and all data",
          "request": {
            "method": "DELETE",
            "header": [
              {
                "key": "Authorization",
                "value": "Bearer {{jwt}}"
              }
            ],
            "url": {
              "raw": "https://api.corsproxy.dev/v1/compliance/account",
              "protocol": "https",
              "host": [
                "api",
                "corsproxy",
                "dev"
              ],
              "path": [
                "v1",
                "compliance",
                "account"
              ],
              "query": [],
              "variable": []
            },
            "description": "Article 17 of GDPR. Irreversible."
          }
        }
      ]
    }
  ]
}