CINXE.COM

<!DOCTYPE html><html lang="en" class="h-full"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="stylesheet" href="/_next/static/css/e527f0089f600c10.css" data-precedence="next"/><link rel="preload" as="script" fetchPriority="low" href="/_next/static/chunks/webpack-8939cfb3c10d3e4e.js"/><script src="/_next/static/chunks/fd9d1056-5ee502662f283a0c.js" async=""></script><script src="/_next/static/chunks/7023-33e5340857d3c2a8.js" async=""></script><script src="/_next/static/chunks/main-app-33f6b09c3d9a1b9b.js" async=""></script><script src="/_next/static/chunks/231-181ea92841931ecc.js" async=""></script><script src="/_next/static/chunks/1364-c5ca11b1c706d695.js" async=""></script><script src="/_next/static/chunks/7915-4e4e4521ff2dd284.js" async=""></script><script src="/_next/static/chunks/app/%5Blocale%5D/specs/xrpc/page-2bd25c8281fe278d.js" async=""></script><script src="/_next/static/chunks/2533-375920c1c2b49e69.js" async=""></script><script src="/_next/static/chunks/902-72f88913c77b5544.js" async=""></script><script src="/_next/static/chunks/1953-6d7c09a02aa0c5ee.js" async=""></script><script src="/_next/static/chunks/app/%5Blocale%5D/layout-312c13a570617719.js" async=""></script><title>HTTP API (XRPC) - AT Protocol</title><meta name="description" content="Cross-system queries and procedures over HTTP"/><meta property="og:title" content="HTTP API (XRPC) - AT Protocol"/><meta property="og:description" content="Cross-system queries and procedures over HTTP"/><meta property="og:url" content="https://atproto.com/"/><meta property="og:site_name" content="AT Protocol"/><meta property="og:image" content="https://atproto.com/default-social-card.png"/><meta property="og:image:secure_url" content="https://atproto.com/default-social-card.png"/><meta property="og:image:width" content="1200"/><meta property="og:image:height" content="630"/><meta property="og:type" content="website"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:title" content="HTTP API (XRPC) - AT Protocol"/><meta name="twitter:description" content="Cross-system queries and procedures over HTTP"/><meta name="twitter:image" content="https://atproto.com/default-social-card.png"/><script src="/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js" noModule=""></script></head><body class="flex min-h-full bg-white antialiased dark:bg-zinc-900"><script>!function(){try{var d=document.documentElement,c=d.classList;c.remove('light','dark');var e=localStorage.getItem('theme');if('system'===e||(!e&&true)){var t='(prefers-color-scheme: dark)',m=window.matchMedia(t);if(m.media!==t||m.matches){d.style.colorScheme = 'dark';c.add('dark')}else{d.style.colorScheme = 'light';c.add('light')}}else if(e){c.add(e|| '')}if(e==='light'||e==='dark')d.style.colorScheme=e}catch(e){}}()</script><div class="w-full"><div class="h-full lg:ml-72 xl:ml-80"><header class="contents lg:pointer-events-none lg:fixed lg:inset-0 lg:z-40 lg:flex"><div class="contents lg:pointer-events-auto lg:block lg:w-72 lg:overflow-y-auto lg:border-r lg:border-zinc-900/10 lg:px-6 lg:pb-8 lg:pt-4 xl:w-80 lg:dark:border-white/10"><div class="hidden lg:flex"><a aria-label="Home" href="/"><svg viewBox="0 0 162 28" aria-hidden="true" class="h-6"><path class="fill-blue-500" d="M14.362 27.78c-1.956 0-3.756-.324-5.4-.972-1.644-.648-3.072-1.566-4.284-2.754a12.247 12.247 0 0 1-2.808-4.158c-.66-1.596-.99-3.33-.99-5.202 0-2.232.342-4.212 1.026-5.94.696-1.728 1.656-3.18 2.88-4.356a12.48 12.48 0 0 1 4.284-2.7c1.632-.612 3.378-.918 5.238-.918 2.28 0 4.278.354 5.994 1.062 1.716.708 3.144 1.668 4.284 2.88a11.706 11.706 0 0 1 2.538 4.158c.552 1.548.804 3.168.756 4.86-.06 2.328-.546 4.116-1.458 5.364-.912 1.236-2.328 1.854-4.248 1.854a5.839 5.839 0 0 1-2.826-.702 3.703 3.703 0 0 1-1.764-2.07l1.044.054c-.492.924-1.164 1.572-2.016 1.944a6.464 6.464 0 0 1-2.61.558c-1.212 0-2.28-.258-3.204-.774a5.682 5.682 0 0 1-2.178-2.214c-.528-.948-.792-2.046-.792-3.294 0-1.284.276-2.394.828-3.33a5.77 5.77 0 0 1 2.232-2.196c.936-.516 1.992-.774 3.168-.774.78 0 1.59.162 2.43.486.852.324 1.512.78 1.98 1.368l-.738.936V8.664h2.412l-.054 6.462c0 .924.18 1.62.54 2.088.36.468.894.702 1.602.702.624 0 1.104-.174 1.44-.522.348-.36.588-.846.72-1.458a10.66 10.66 0 0 0 .252-2.106c.036-1.86-.24-3.426-.828-4.698-.588-1.272-1.386-2.298-2.394-3.078a9.499 9.499 0 0 0-3.294-1.71c-1.2-.36-2.394-.54-3.582-.54-1.68 0-3.174.27-4.482.81-1.308.528-2.412 1.278-3.312 2.25-.888.96-1.56 2.1-2.016 3.42-.444 1.308-.654 2.748-.63 4.32.048 1.56.33 2.964.846 4.212a9.324 9.324 0 0 0 2.16 3.204 9.38 9.38 0 0 0 3.276 2.034c1.26.468 2.64.702 4.14.702.84 0 1.674-.096 2.502-.288.84-.18 1.608-.438 2.304-.774l1.026 2.808c-.924.432-1.896.75-2.916.954a14.649 14.649 0 0 1-3.078.324Zm-.144-10.098c.852 0 1.566-.246 2.142-.738.576-.492.864-1.326.864-2.502 0-1.068-.258-1.872-.774-2.412-.504-.552-1.218-.828-2.142-.828-1.092 0-1.908.288-2.448.864-.54.576-.81 1.368-.81 2.376 0 1.032.276 1.83.828 2.394.564.564 1.344.846 2.34.846Z"></path><path class="fill-blue-600 dark:fill-blue-500" d="M51.799 7.813V5.545h13.509v2.268H59.86V23h-2.624V7.812h-5.438ZM39.392 23h-2.795l6.28-17.455h3.043L52.203 23h-2.796L44.472 8.716h-.137L39.392 23Zm.469-6.835h9.068v2.216h-9.068v-2.216Z"></path><path class="fill-zinc-700 dark:fill-zinc-400" d="M161.144 5.545V23h-2.548V5.545h2.548ZM149.649 23.264c-1.227 0-2.298-.281-3.213-.843-.915-.563-1.625-1.35-2.131-2.361-.505-1.012-.758-2.194-.758-3.546 0-1.358.253-2.545.758-3.562.506-1.017 1.216-1.807 2.131-2.37.915-.562 1.986-.843 3.213-.843s2.298.28 3.213.843 1.625 1.353 2.131 2.37c.506 1.017.758 2.204.758 3.562 0 1.352-.252 2.534-.758 3.546-.506 1.011-1.216 1.798-2.131 2.36-.915.563-1.986.844-3.213.844Zm.009-2.139c.795 0 1.454-.21 1.977-.63.523-.421.909-.98 1.159-1.68.256-.699.384-1.468.384-2.31 0-.834-.128-1.602-.384-2.3-.25-.705-.636-1.27-1.159-1.697-.523-.426-1.182-.639-1.977-.639-.801 0-1.466.213-1.995.64-.522.426-.912.991-1.167 1.695a6.789 6.789 0 0 0-.375 2.302c0 .84.125 1.61.375 2.31.255.698.645 1.258 1.167 1.678.529.42 1.194.631 1.995.631ZM136.032 23.264c-1.267 0-2.358-.287-3.273-.86-.909-.58-1.608-1.378-2.096-2.395-.489-1.018-.733-2.182-.733-3.495 0-1.33.25-2.503.75-3.52.5-1.022 1.204-1.82 2.113-2.395.909-.573 1.98-.86 3.213-.86.995 0 1.881.184 2.659.554a4.764 4.764 0 0 1 1.884 1.534c.483.659.77 1.429.861 2.31h-2.48a2.974 2.974 0 0 0-.938-1.586c-.483-.443-1.13-.665-1.943-.665-.71 0-1.332.188-1.866.563-.529.37-.941.898-1.236 1.585-.296.682-.443 1.489-.443 2.42 0 .955.144 1.779.434 2.472.29.693.699 1.23 1.227 1.61.535.382 1.162.572 1.884.572.483 0 .92-.088 1.313-.264.397-.182.73-.44.997-.776.272-.335.463-.739.571-1.21h2.48a4.823 4.823 0 0 1-.827 2.267 4.76 4.76 0 0 1-1.849 1.568c-.767.38-1.668.571-2.702.571ZM121.571 23.264c-1.227 0-2.298-.281-3.213-.843-.915-.563-1.625-1.35-2.131-2.361-.505-1.012-.758-2.194-.758-3.546 0-1.358.253-2.545.758-3.562.506-1.017 1.216-1.807 2.131-2.37.915-.562 1.986-.843 3.213-.843s2.298.28 3.213.843 1.625 1.353 2.131 2.37c.505 1.017.758 2.204.758 3.562 0 1.352-.253 2.534-.758 3.546-.506 1.011-1.216 1.798-2.131 2.36-.915.563-1.986.844-3.213.844Zm.009-2.139c.795 0 1.454-.21 1.977-.63.523-.421.909-.98 1.159-1.68.256-.699.383-1.468.383-2.31 0-.834-.127-1.602-.383-2.3-.25-.705-.636-1.27-1.159-1.697-.523-.426-1.182-.639-1.977-.639-.802 0-1.466.213-1.995.64-.522.426-.912.991-1.167 1.695a6.789 6.789 0 0 0-.375 2.302c0 .84.125 1.61.375 2.31.255.698.645 1.258 1.167 1.678.529.42 1.193.631 1.995.631ZM113.379 9.91v2.044h-7.151V9.91h7.151Zm-5.233-3.137h2.548v12.383c0 .495.074.867.221 1.117.148.244.339.412.572.503.238.085.497.127.775.127.205 0 .384-.014.537-.042l.358-.068.46 2.105a4.307 4.307 0 0 1-.63.17 4.992 4.992 0 0 1-1.023.102 4.483 4.483 0 0 1-1.875-.358 3.208 3.208 0 0 1-1.406-1.159c-.358-.522-.537-1.179-.537-1.968V6.773ZM98.321 23.264c-1.227 0-2.298-.281-3.213-.843-.915-.563-1.625-1.35-2.13-2.361-.506-1.012-.76-2.194-.76-3.546 0-1.358.254-2.545.76-3.562.505-1.017 1.215-1.807 2.13-2.37.915-.562 1.986-.843 3.213-.843s2.298.28 3.213.843 1.625 1.353 2.131 2.37c.505 1.017.758 2.204.758 3.562 0 1.352-.253 2.534-.758 3.546-.506 1.011-1.216 1.798-2.131 2.36-.915.563-1.986.844-3.213.844Zm.008-2.139c.796 0 1.455-.21 1.978-.63.523-.421.909-.98 1.159-1.68.256-.699.383-1.468.383-2.31 0-.834-.127-1.602-.383-2.3-.25-.705-.636-1.27-1.159-1.697-.523-.426-1.182-.639-1.978-.639-.8 0-1.465.213-1.994.64-.522.426-.912.991-1.167 1.695a6.789 6.789 0 0 0-.375 2.302c0 .84.125 1.61.375 2.31.255.698.644 1.258 1.167 1.678.529.42 1.193.631 1.995.631ZM84.065 23V9.91h2.463v2.079h.136a3.164 3.164 0 0 1 1.261-1.662 3.61 3.61 0 0 1 2.063-.614 10.896 10.896 0 0 1 1.082.06v2.437a4.577 4.577 0 0 0-.545-.094 5.202 5.202 0 0 0-.784-.06c-.603 0-1.14.129-1.611.384a2.85 2.85 0 0 0-1.517 2.566V23h-2.548ZM68.918 23V5.545h6.221c1.358 0 2.483.248 3.375.742.892.494 1.56 1.17 2.003 2.028.443.853.665 1.813.665 2.881 0 1.074-.225 2.04-.674 2.898-.443.852-1.113 1.528-2.01 2.028-.893.494-2.015.742-3.367.742h-4.279V14.63h4.04c.858 0 1.554-.148 2.088-.444.534-.3.926-.71 1.176-1.227.25-.517.375-1.105.375-1.764 0-.66-.125-1.244-.375-1.756-.25-.511-.645-.912-1.184-1.201-.534-.29-1.239-.435-2.114-.435h-3.307V23h-2.633Z"></path></svg></a></div><div class="fixed inset-x-0 top-0 z-50 flex h-14 items-center justify-between gap-12 px-4 transition sm:px-6 lg:left-72 lg:z-30 lg:px-8 xl:left-80 backdrop-blur-sm lg:left-72 xl:left-80 dark:backdrop-blur bg-white/[var(--bg-opacity-light)] dark:bg-zinc-900/[var(--bg-opacity-dark)]" style="--bg-opacity-light:0.5;--bg-opacity-dark:0.2"><div class="absolute inset-x-0 top-full h-px transition bg-zinc-900/7.5 dark:bg-white/7.5"></div><div class="hidden lg:block lg:max-w-md lg:flex-auto"><button type="button" class="hidden h-8 w-full items-center gap-2 rounded-full bg-white pl-2 pr-3 text-sm text-zinc-500 ring-1 ring-zinc-900/10 transition hover:ring-zinc-900/20 ui-not-focus-visible:outline-none lg:flex dark:bg-white/5 dark:text-zinc-400 dark:ring-inset dark:ring-white/10 dark:hover:ring-white/20"><svg viewBox="0 0 20 20" fill="none" aria-hidden="true" class="h-5 w-5 stroke-current"><path stroke-linecap="round" stroke-linejoin="round" d="M12.01 12a4.25 4.25 0 1 0-6.02-6 4.25 4.25 0 0 0 6.02 6Zm0 0 3.24 3.25"></path></svg>Find something...<kbd class="ml-auto text-2xs text-zinc-400 dark:text-zinc-500"><kbd class="font-sans"></kbd><kbd class="font-sans">K</kbd></kbd></button><span hidden="" style="position:fixed;top:1px;left:1px;width:1px;height:0;padding:0;margin:-1px;overflow:hidden;clip:rect(0, 0, 0, 0);white-space:nowrap;border-width:0;display:none"></span></div><div class="flex items-center gap-5 lg:hidden"><button type="button" class="flex h-6 w-6 items-center justify-center rounded-md transition hover:bg-zinc-900/5 dark:hover:bg-white/5" aria-label="Toggle navigation"><svg viewBox="0 0 10 9" fill="none" stroke-linecap="round" aria-hidden="true" class="w-2.5 stroke-zinc-900 dark:stroke-white"><path d="M.5 1h9M.5 8h9M.5 4.5h9"></path></svg></button><span hidden="" style="position:fixed;top:1px;left:1px;width:1px;height:0;padding:0;margin:-1px;overflow:hidden;clip:rect(0, 0, 0, 0);white-space:nowrap;border-width:0;display:none"></span><a aria-label="Home" href="/"><svg viewBox="0 0 162 28" aria-hidden="true" class="h-6"><path class="fill-blue-500" d="M14.362 27.78c-1.956 0-3.756-.324-5.4-.972-1.644-.648-3.072-1.566-4.284-2.754a12.247 12.247 0 0 1-2.808-4.158c-.66-1.596-.99-3.33-.99-5.202 0-2.232.342-4.212 1.026-5.94.696-1.728 1.656-3.18 2.88-4.356a12.48 12.48 0 0 1 4.284-2.7c1.632-.612 3.378-.918 5.238-.918 2.28 0 4.278.354 5.994 1.062 1.716.708 3.144 1.668 4.284 2.88a11.706 11.706 0 0 1 2.538 4.158c.552 1.548.804 3.168.756 4.86-.06 2.328-.546 4.116-1.458 5.364-.912 1.236-2.328 1.854-4.248 1.854a5.839 5.839 0 0 1-2.826-.702 3.703 3.703 0 0 1-1.764-2.07l1.044.054c-.492.924-1.164 1.572-2.016 1.944a6.464 6.464 0 0 1-2.61.558c-1.212 0-2.28-.258-3.204-.774a5.682 5.682 0 0 1-2.178-2.214c-.528-.948-.792-2.046-.792-3.294 0-1.284.276-2.394.828-3.33a5.77 5.77 0 0 1 2.232-2.196c.936-.516 1.992-.774 3.168-.774.78 0 1.59.162 2.43.486.852.324 1.512.78 1.98 1.368l-.738.936V8.664h2.412l-.054 6.462c0 .924.18 1.62.54 2.088.36.468.894.702 1.602.702.624 0 1.104-.174 1.44-.522.348-.36.588-.846.72-1.458a10.66 10.66 0 0 0 .252-2.106c.036-1.86-.24-3.426-.828-4.698-.588-1.272-1.386-2.298-2.394-3.078a9.499 9.499 0 0 0-3.294-1.71c-1.2-.36-2.394-.54-3.582-.54-1.68 0-3.174.27-4.482.81-1.308.528-2.412 1.278-3.312 2.25-.888.96-1.56 2.1-2.016 3.42-.444 1.308-.654 2.748-.63 4.32.048 1.56.33 2.964.846 4.212a9.324 9.324 0 0 0 2.16 3.204 9.38 9.38 0 0 0 3.276 2.034c1.26.468 2.64.702 4.14.702.84 0 1.674-.096 2.502-.288.84-.18 1.608-.438 2.304-.774l1.026 2.808c-.924.432-1.896.75-2.916.954a14.649 14.649 0 0 1-3.078.324Zm-.144-10.098c.852 0 1.566-.246 2.142-.738.576-.492.864-1.326.864-2.502 0-1.068-.258-1.872-.774-2.412-.504-.552-1.218-.828-2.142-.828-1.092 0-1.908.288-2.448.864-.54.576-.81 1.368-.81 2.376 0 1.032.276 1.83.828 2.394.564.564 1.344.846 2.34.846Z"></path><path class="fill-blue-600 dark:fill-blue-500" d="M51.799 7.813V5.545h13.509v2.268H59.86V23h-2.624V7.812h-5.438ZM39.392 23h-2.795l6.28-17.455h3.043L52.203 23h-2.796L44.472 8.716h-.137L39.392 23Zm.469-6.835h9.068v2.216h-9.068v-2.216Z"></path><path class="fill-zinc-700 dark:fill-zinc-400" d="M161.144 5.545V23h-2.548V5.545h2.548ZM149.649 23.264c-1.227 0-2.298-.281-3.213-.843-.915-.563-1.625-1.35-2.131-2.361-.505-1.012-.758-2.194-.758-3.546 0-1.358.253-2.545.758-3.562.506-1.017 1.216-1.807 2.131-2.37.915-.562 1.986-.843 3.213-.843s2.298.28 3.213.843 1.625 1.353 2.131 2.37c.506 1.017.758 2.204.758 3.562 0 1.352-.252 2.534-.758 3.546-.506 1.011-1.216 1.798-2.131 2.36-.915.563-1.986.844-3.213.844Zm.009-2.139c.795 0 1.454-.21 1.977-.63.523-.421.909-.98 1.159-1.68.256-.699.384-1.468.384-2.31 0-.834-.128-1.602-.384-2.3-.25-.705-.636-1.27-1.159-1.697-.523-.426-1.182-.639-1.977-.639-.801 0-1.466.213-1.995.64-.522.426-.912.991-1.167 1.695a6.789 6.789 0 0 0-.375 2.302c0 .84.125 1.61.375 2.31.255.698.645 1.258 1.167 1.678.529.42 1.194.631 1.995.631ZM136.032 23.264c-1.267 0-2.358-.287-3.273-.86-.909-.58-1.608-1.378-2.096-2.395-.489-1.018-.733-2.182-.733-3.495 0-1.33.25-2.503.75-3.52.5-1.022 1.204-1.82 2.113-2.395.909-.573 1.98-.86 3.213-.86.995 0 1.881.184 2.659.554a4.764 4.764 0 0 1 1.884 1.534c.483.659.77 1.429.861 2.31h-2.48a2.974 2.974 0 0 0-.938-1.586c-.483-.443-1.13-.665-1.943-.665-.71 0-1.332.188-1.866.563-.529.37-.941.898-1.236 1.585-.296.682-.443 1.489-.443 2.42 0 .955.144 1.779.434 2.472.29.693.699 1.23 1.227 1.61.535.382 1.162.572 1.884.572.483 0 .92-.088 1.313-.264.397-.182.73-.44.997-.776.272-.335.463-.739.571-1.21h2.48a4.823 4.823 0 0 1-.827 2.267 4.76 4.76 0 0 1-1.849 1.568c-.767.38-1.668.571-2.702.571ZM121.571 23.264c-1.227 0-2.298-.281-3.213-.843-.915-.563-1.625-1.35-2.131-2.361-.505-1.012-.758-2.194-.758-3.546 0-1.358.253-2.545.758-3.562.506-1.017 1.216-1.807 2.131-2.37.915-.562 1.986-.843 3.213-.843s2.298.28 3.213.843 1.625 1.353 2.131 2.37c.505 1.017.758 2.204.758 3.562 0 1.352-.253 2.534-.758 3.546-.506 1.011-1.216 1.798-2.131 2.36-.915.563-1.986.844-3.213.844Zm.009-2.139c.795 0 1.454-.21 1.977-.63.523-.421.909-.98 1.159-1.68.256-.699.383-1.468.383-2.31 0-.834-.127-1.602-.383-2.3-.25-.705-.636-1.27-1.159-1.697-.523-.426-1.182-.639-1.977-.639-.802 0-1.466.213-1.995.64-.522.426-.912.991-1.167 1.695a6.789 6.789 0 0 0-.375 2.302c0 .84.125 1.61.375 2.31.255.698.645 1.258 1.167 1.678.529.42 1.193.631 1.995.631ZM113.379 9.91v2.044h-7.151V9.91h7.151Zm-5.233-3.137h2.548v12.383c0 .495.074.867.221 1.117.148.244.339.412.572.503.238.085.497.127.775.127.205 0 .384-.014.537-.042l.358-.068.46 2.105a4.307 4.307 0 0 1-.63.17 4.992 4.992 0 0 1-1.023.102 4.483 4.483 0 0 1-1.875-.358 3.208 3.208 0 0 1-1.406-1.159c-.358-.522-.537-1.179-.537-1.968V6.773ZM98.321 23.264c-1.227 0-2.298-.281-3.213-.843-.915-.563-1.625-1.35-2.13-2.361-.506-1.012-.76-2.194-.76-3.546 0-1.358.254-2.545.76-3.562.505-1.017 1.215-1.807 2.13-2.37.915-.562 1.986-.843 3.213-.843s2.298.28 3.213.843 1.625 1.353 2.131 2.37c.505 1.017.758 2.204.758 3.562 0 1.352-.253 2.534-.758 3.546-.506 1.011-1.216 1.798-2.131 2.36-.915.563-1.986.844-3.213.844Zm.008-2.139c.796 0 1.455-.21 1.978-.63.523-.421.909-.98 1.159-1.68.256-.699.383-1.468.383-2.31 0-.834-.127-1.602-.383-2.3-.25-.705-.636-1.27-1.159-1.697-.523-.426-1.182-.639-1.978-.639-.8 0-1.465.213-1.994.64-.522.426-.912.991-1.167 1.695a6.789 6.789 0 0 0-.375 2.302c0 .84.125 1.61.375 2.31.255.698.644 1.258 1.167 1.678.529.42 1.193.631 1.995.631ZM84.065 23V9.91h2.463v2.079h.136a3.164 3.164 0 0 1 1.261-1.662 3.61 3.61 0 0 1 2.063-.614 10.896 10.896 0 0 1 1.082.06v2.437a4.577 4.577 0 0 0-.545-.094 5.202 5.202 0 0 0-.784-.06c-.603 0-1.14.129-1.611.384a2.85 2.85 0 0 0-1.517 2.566V23h-2.548ZM68.918 23V5.545h6.221c1.358 0 2.483.248 3.375.742.892.494 1.56 1.17 2.003 2.028.443.853.665 1.813.665 2.881 0 1.074-.225 2.04-.674 2.898-.443.852-1.113 1.528-2.01 2.028-.893.494-2.015.742-3.367.742h-4.279V14.63h4.04c.858 0 1.554-.148 2.088-.444.534-.3.926-.71 1.176-1.227.25-.517.375-1.105.375-1.764 0-.66-.125-1.244-.375-1.756-.25-.511-.645-.912-1.184-1.201-.534-.29-1.239-.435-2.114-.435h-3.307V23h-2.633Z"></path></svg></a></div><div class="flex items-center gap-5"><nav class="hidden md:block"><ul role="list" class="flex items-center gap-8"><li><a class="text-sm leading-5 text-zinc-600 transition hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/sdks">SDKs</a></li><li><a class="text-sm leading-5 text-zinc-600 transition hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="https://docs.bsky.app/blog">Blog</a></li><li><a class="text-sm leading-5 text-zinc-600 transition hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="https://github.com/bluesky-social/atproto">GitHub</a></li><select class="block w-full appearance-none rounded-md border-0 py-1.5 pl-3 pr-3 text-gray-900 ring-1 ring-inset ring-gray-300 focus:ring-2 focus:ring-indigo-600 sm:text-sm sm:leading-6 dark:bg-gray-800 dark:text-gray-100 dark:ring-gray-700"><option value="en" selected="">English</option><option value="pt">Português</option><option value="ja">日本語</option></select></ul></nav><div class="hidden md:block md:h-5 md:w-px md:bg-zinc-900/10 md:dark:bg-white/15"></div><div class="flex gap-4"><div class="contents lg:hidden"><button type="button" class="flex h-6 w-6 items-center justify-center rounded-md transition hover:bg-zinc-900/5 ui-not-focus-visible:outline-none lg:hidden dark:hover:bg-white/5" aria-label="Find something..."><svg viewBox="0 0 20 20" fill="none" aria-hidden="true" class="h-5 w-5 stroke-zinc-900 dark:stroke-white"><path stroke-linecap="round" stroke-linejoin="round" d="M12.01 12a4.25 4.25 0 1 0-6.02-6 4.25 4.25 0 0 0 6.02 6Zm0 0 3.24 3.25"></path></svg></button><span hidden="" style="position:fixed;top:1px;left:1px;width:1px;height:0;padding:0;margin:-1px;overflow:hidden;clip:rect(0, 0, 0, 0);white-space:nowrap;border-width:0;display:none"></span></div><button type="button" class="flex h-6 w-6 items-center justify-center rounded-md transition hover:bg-zinc-900/5 dark:hover:bg-white/5" aria-label="Toggle theme"><svg viewBox="0 0 20 20" fill="none" aria-hidden="true" class="h-5 w-5 stroke-zinc-900 dark:hidden"><path d="M12.5 10a2.5 2.5 0 1 1-5 0 2.5 2.5 0 0 1 5 0Z"></path><path stroke-linecap="round" d="M10 5.5v-1M13.182 6.818l.707-.707M14.5 10h1M13.182 13.182l.707.707M10 15.5v-1M6.11 13.889l.708-.707M4.5 10h1M6.11 6.111l.708.707"></path></svg><svg viewBox="0 0 20 20" fill="none" aria-hidden="true" class="hidden h-5 w-5 stroke-white dark:block"><path d="M15.224 11.724a5.5 5.5 0 0 1-6.949-6.949 5.5 5.5 0 1 0 6.949 6.949Z"></path></svg></button></div></div></div><nav class="hidden lg:mt-10 lg:block"><ul role="list"><li class="md:hidden"><a class="block py-1 text-sm text-zinc-600 transition hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/">API</a></li><li class="md:hidden"><a class="block py-1 text-sm text-zinc-600 transition hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="#">Documentation</a></li><li class="md:hidden"><a class="block py-1 text-sm text-zinc-600 transition hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="#">Support</a></li><li class="relative mt-6 md:mt-0"><h2 class="text-xs font-semibold text-zinc-900 dark:text-white">Home</h2><div class="relative mt-3 pl-2"><div class="absolute inset-y-0 left-2 w-px bg-zinc-900/10 dark:bg-white/5"></div><ul role="list" class="border-l border-transparent"><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/"><span class="truncate">Introduction</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/sdks"><span class="truncate">SDKs</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/guides/glossary"><span class="truncate">Glossary</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/guides/faq"><span class="truncate">FAQ</span></a></li></ul></div></li><li class="relative mt-6"><h2 class="text-xs font-semibold text-zinc-900 dark:text-white">Building apps</h2><div class="relative mt-3 pl-2"><div class="absolute inset-y-0 left-2 w-px bg-zinc-900/10 dark:bg-white/5"></div><ul role="list" class="border-l border-transparent"><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/guides/applications"><span class="truncate">Quick start</span></a></li></ul></div></li><li class="relative mt-6"><h2 class="text-xs font-semibold text-zinc-900 dark:text-white">Guides</h2><div class="relative mt-3 pl-2"><div class="absolute inset-y-0 left-2 w-px bg-zinc-900/10 dark:bg-white/5"></div><ul role="list" class="border-l border-transparent"><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/guides/overview"><span class="truncate">Overview</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/guides/identity"><span class="truncate">Identity</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/guides/data-repos"><span class="truncate">Data Repositories</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/guides/lexicon"><span class="truncate">Schemas & Lexicon</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/guides/self-hosting"><span class="truncate">PDS Self-Hosting</span></a></li></ul></div></li><li class="relative mt-6"><h2 class="text-xs font-semibold text-zinc-900 dark:text-white">Specs</h2><div class="relative mt-3 pl-2"><div class="absolute inset-x-0 top-0 bg-zinc-800/2.5 will-change-transform dark:bg-white/2.5" style="border-radius:8px;height:32px;top:256px;opacity:0"></div><div class="absolute inset-y-0 left-2 w-px bg-zinc-900/10 dark:bg-white/5"></div><div class="absolute left-2 h-6 w-px bg-blue-500" style="top:260px;opacity:1"></div><ul role="list" class="border-l border-transparent"><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/atp"><span class="truncate">AT Protocol</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/data-model"><span class="truncate">Data Model</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/lexicon"><span class="truncate">Lexicon</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/cryptography"><span class="truncate">Cryptography</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/account"><span class="truncate">Accounts</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/repository"><span class="truncate">Repository</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/blob"><span class="truncate">Blobs</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/label"><span class="truncate">Labels</span></a></li><li class="relative"><a aria-current="page" class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-900 dark:text-white" href="/specs/xrpc"><span class="truncate">HTTP API (XRPC)</span></a><ul role="list" style="opacity:1"><li><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-7 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/xrpc#lexicon-http-endpoints"><span class="truncate">Lexicon HTTP Endpoints</span></a></li><li><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-7 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/xrpc#authentication"><span class="truncate">Authentication</span></a></li><li><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-7 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/xrpc#service-proxying"><span class="truncate">Service Proxying</span></a></li><li><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-7 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/xrpc#summary-of-http-headers"><span class="truncate">Summary of HTTP Headers</span></a></li><li><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-7 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/xrpc#summary-of-http-status-codes"><span class="truncate">Summary of HTTP Status Codes</span></a></li><li><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-7 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/xrpc#usage-and-implementation-guidelines"><span class="truncate">Usage and Implementation Guidelines</span></a></li><li><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-7 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/xrpc#security-and-privacy-considerations"><span class="truncate">Security and Privacy Considerations</span></a></li><li><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-7 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/xrpc#possible-future-changes"><span class="truncate">Possible Future Changes</span></a></li></ul></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/oauth"><span class="truncate">OAuth</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/event-stream"><span class="truncate">Event Stream</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/sync"><span class="truncate">Sync</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/did"><span class="truncate">DID</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/handle"><span class="truncate">Handle</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/nsid"><span class="truncate">NSID</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/tid"><span class="truncate">TID</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/record-key"><span class="truncate">Record Key</span></a></li><li class="relative"><a class="flex justify-between gap-2 py-1 pr-3 text-sm transition pl-4 text-zinc-600 hover:text-zinc-900 dark:text-zinc-400 dark:hover:text-white" href="/specs/at-uri-scheme"><span class="truncate">URI Scheme</span></a></li></ul></div></li></ul></nav></div></header><div class="relative flex h-full flex-col px-4 pt-14 sm:px-6 lg:px-8"><main class="flex-auto"><article class="flex h-full flex-col pb-24 pt-16"><div class="flex-auto prose dark:prose-invert [html_:where(&>*)]:mx-auto [html_:where(&>*)]:max-w-2xl [html_:where(&>*)]:lg:mx-[calc(50%-min(50%,theme(maxWidth.lg)))] [html_:where(&>*)]:lg:max-w-3xl"><h1>HTTP API (XRPC)</h1> <p class="lead">HTTP APIs for client-server and server-server requests in atproto use a set of common conventions called XRPC. Endpoint path names include an NSID indicating the <a href="/specs/lexicon">Lexicon</a> specifying the request and response schemas, usually with JSON content type.</p> <h2 class="scroll-mt-24" id="lexicon-http-endpoints"><a class="group text-inherit no-underline hover:text-inherit" href="#lexicon-http-endpoints">Lexicon HTTP Endpoints</a></h2> <p>The HTTP request path starts with <code>/xrpc/</code>, followed by an NSID. Paths must always be top-level, not below a prefix. The NSID maps to the <code>id</code> field in the associated Lexicon.</p> <p>The two requests types that can be expressed in Lexicons are "query" (HTTP GET) and "procedure" (HTTP POST). Following HTTP REST semantics, queries (GET) are cacheable and should not mutate resource state. Procedures are not cacheable and may mutate state.</p> <p>Lexicon <code>params</code> (under the <code>parameters</code> field) map to HTTP URL query parameters. Only certain Lexicon types can be included in params, as specified by the <code>params</code> type. Multiple query parameters with the same name can be used to represent an array of parameters. When encoding <code>boolean</code> parameters, the strings <code>true</code> and <code>false</code> should be used. Strings should not be quoted. If a <code>default</code> value is included in the schema, it should be included in every request to ensure consistent caching behavior.</p> <p>Request and response body content types can be specified in Lexicon. The schema can require an exact MIME type, or a blob pattern indicating a range of acceptable types (eg, <code>image/*</code>).</p> <p>JSON body schemas are specified in Lexicon using the usual atproto data model. Full validation by the server or client requires knowledge of the Lexicon, but partial validation against the abstract data model is always possible.</p> <p>CORS support is encouraged but not required.</p> <h3>Error Responses</h3> <p>All unsuccessful responses should follow a standard error response schema. The <code>Content-Type</code> should be <code>application/json</code>, and the payload should be a JSON object with the following fields:</p> <ul> <li><code>error</code> (string, required): type name of the error (generic ASCII constant, no whitespace)</li> <li><code>message</code> (string, optional): description of the error, appropriate for display to humans</li> </ul> <p>The error type should map to an error name defined in the endpoint's Lexicon schema. This enables more specific error-handling by client software. This is particularly encouraged on <code>400</code>, <code>500</code>, and <code>502</code> status codes, where further information will be useful.</p> <h3>Blob Upload and Download</h3> <p>Blobs are something of a special case because they can have any MIME type and are not stored directly in repositories, and thus are not directly associated with an NSID or Lexicon (though they do end up referenced from Lexicons).</p> <p>The convention for working with blobs is for clients to upload them via the <code>com.atproto.repo.uploadBlob</code> endpoint, which returns a <code>blob</code> JSON object containing a CID and basic metadata about the blob. Client can then include this <code>blob</code> data in future requests (eg, include in new records). Constraints like MIME type and file size are only validated at this second step. The server may implement content type sniffing at the upload step and return a MIME type different from any <code>Content-Type</code> header provided, but a <code>Content-Type</code> header is still expected on the upload HTTP request.</p> <p>Blobs for a specific account can be listed and downloaded using endpoints in the <code>com.atproto.sync.*</code> NSID space. These endpoints give access to the complete original blob, as uploaded. A common pattern is for applications to mirror both the original blob and any downsized thumbnail or preview versions via separate URLs (eg, on a CDN), instead of deep-linking to the <code>getBlob</code> endpoint on the original PDS.</p> <h3>Cursors and Pagination</h3> <p>A common pattern in Lexicon design is to include a <code>cursor</code> parameter for pagination. The client should not include the <code>cursor</code> parameter in the first request, and should keep all other parameters fixed between requests. If a cursor is included in a response, the next batch of responses can be fetched by including that value in a follow-on, continuing until the cursor is not included any longer, indicating the end of the result set has been reached.</p> <h2 class="scroll-mt-24" id="authentication"><a class="group text-inherit no-underline hover:text-inherit" href="#authentication">Authentication</a></h2> <p>The primary client/server authentication and authorization scheme for XRPC is OAuth, described in the <a href="./oauth">Auth Specification</a>.</p> <p>Not all endpoints require authentication, but there is not yet a consistent way to enumerate which endpoints do or do not.</p> <p>There is also a legacy authentication scheme using HTTP Bearer auth with JWT tokens, including refresh tokens, described here. Initial login uses the <code>com.atproto.server.createSession</code> endpoint, including the password and an account identifier (eg, handle or registered email address). This returns a <code>refreshJwt</code> (as well as an initial <code>accessJwt</code>).</p> <p>Most requests should be authenticated using an access JWT, but the validity lifetime for these tokens is short. Every couple minutes, a new access JWT can be requested by hitting the <code>com.atproto.server.refreshSession</code> endpoint, using the refresh JWT instead of an access JWT.</p> <p>Clients should treat the tokens as opaque string tokens: the JWT fields and semantics are not a stable part of the specification.</p> <p>Servers (eg, PDS implementations) which generate and valiate auth JWTs should implement domain separation between access and refresh tokens, using the <code>typ</code> header field: access tokens should use <code>at+jwt</code>, and refresh tokens should use <code>refresh+jwt</code>. Note that <code>at+jwt</code> (defined in <a href="https://www.rfc-editor.org/rfc/rfc9068.html">RFC 9068</a>) is short for "access token", and is not a reference to the "at" in atproto.</p> <h3>App Passwords</h3> <p>App Passwords are a mechanism to reduce security risks when logging in to third-party clients and web applications. Accounts can create and revoke app passwords separate from their primary password. They are used to log in the same way as the primary password, but grant slightly restricted permissions to the client application, preventing destructive actions like account or changes to authentication settings (including app passwords themselves).</p> <p>Clients and apps themselves do not need to do anything special to use app passwords. It is a best practice for most clients and apps to include a reminder to use an app password when logging in. App passwords usually have the form <code>xxxx-xxxx-xxxx-xxxx</code>, and clients can check against this format to prevent accidental logins with primary passwords (unless the primary password itself has this format).</p> <h3>Admin Token (Temporary Specification)</h3> <p>Some administrative XRPC endpoints require authentication with admin privileges. The current scheme for this is to use HTTP Basic authentication with user "admin" and a fixed token in the password field, instead of HTTP Bearer auth with a JWT. This means that admin requests do not have a link to the account or identity of the client beyond "admin".</p> <p>As a reminder, HTTP Basic authentication works by joining the username and password together with a colon (<code>:</code>), and encoding the resulting string using <code>base64</code> ("standard" version). The encoded string is included in the <code>Authorization</code> header, prefixed with <code>Basic </code> (with separating space).</p> <p>As an example, if the admin token was <code>secret-token</code>, the header would look like:</p> <div class="my-6 overflow-hidden rounded-2xl bg-zinc-50 dark:bg-zinc-900 dark:ring-1 dark:ring-white/10"><div class="not-prose"><div class="group dark:bg-white/2.5"><div class="relative"><pre class="overflow-x-auto p-4 text-xs text-black dark:text-white"><code>Authorization: Basic YWRtaW46c2VjcmV0LXRva2Vu </code></pre><button type="button" class="group/button absolute right-4 top-3.5 overflow-hidden rounded-full py-1 pl-2 pr-3 text-2xs font-medium opacity-0 backdrop-blur transition focus:opacity-100 group-hover:opacity-100 bg-white/5 hover:bg-white/7.5 dark:bg-white/2.5 dark:hover:bg-white/5"><span aria-hidden="false" class="pointer-events-none flex items-center gap-0.5 text-zinc-400 transition duration-300"><svg viewBox="0 0 20 20" aria-hidden="true" class="h-5 w-5 fill-zinc-500/20 stroke-zinc-500 transition-colors group-hover/button:stroke-zinc-400"><path stroke-width="0" d="M5.5 13.5v-5a2 2 0 0 1 2-2l.447-.894A2 2 0 0 1 9.737 4.5h.527a2 2 0 0 1 1.789 1.106l.447.894a2 2 0 0 1 2 2v5a2 2 0 0 1-2 2h-5a2 2 0 0 1-2-2Z"></path><path fill="none" stroke-linejoin="round" d="M12.5 6.5a2 2 0 0 1 2 2v5a2 2 0 0 1-2 2h-5a2 2 0 0 1-2-2v-5a2 2 0 0 1 2-2m5 0-.447-.894a2 2 0 0 0-1.79-1.106h-.527a2 2 0 0 0-1.789 1.106L7.5 6.5m5 0-1 1h-3l-1-1"></path></svg>Copy</span><span aria-hidden="true" class="pointer-events-none absolute inset-0 flex items-center justify-center text-blue-400 transition duration-300 translate-y-1.5 opacity-0">Copied!</span></button></div></div></div></div> <p>The set of endpoints requiring admin auth is likely to get out of date in this specification, but currently includes:</p> <ul> <li><code>com.atproto.admin.*</code></li> <li><code>com.atproto.server.createInviteCode</code></li> <li><code>com.atproto.server.createInviteCodes</code></li> </ul> <h3>Inter-Service Authentication (JWT)</h3> <p>This section describes a mechanism for authentication between services using signed JWTs.</p> <p>The current mechanism is to use short-lived JWTs signed by the account's atproto signing key. The receiving service can validate the signature by checking this key against the account's DID document.</p> <p>The JWT parameters are:</p> <ul> <li><code>alg</code> header field (string, required): indicates the signing key type (see <a href="/specs/cryptography">Cryptography</a>) <ul> <li>use <code>ES256K</code> for <code>k256</code> keys</li> <li>use <code>ES256</code> for <code>p256</code> keys</li> </ul> </li> <li><code>typ</code> header field (string, required): currently <code>JWT</code>, but intend to update to a more specific value.</li> <li><code>iss</code> body field (string, required): account DID that the request is being sent on behalf of. This may include a suffix service identifier; see below</li> <li><code>aud</code> body field (string, required): service DID associated with the service that the request is being sent to</li> <li><code>exp</code> body field (number, required): token expiration time, as a UNIX timestamp with seconds precision. Should be a short time window, as revocation is not implemented. 60 seconds is a good token lifetime.</li> <li><code>iat</code> body field (number, required): token creation time, as a UNIX timestamp with seconds precision.</li> <li><code>lxm</code> body field (string, optional): short for "lexicon method". NSID syntax. Indicates the endpoint that this token authorizes. Servers must always validate this field if included, and should require it for security-sensitive operations. May become required in the future.</li> <li><code>jti</code> body field (string, required): unique random string nonce. May be used by receiving services to prevent reuse of token and replay attacks.</li> <li>JWT signature (string, required): base64url-encoded signature using the account DID's signing key.</li> </ul> <p>When the token is generated in the context of a specific service in the issuer's DID document, the issuer field may have the corresponding <em>service</em> identifier in the <code>iss</code> field, separated by a <code>#</code> character. For example, <code>did:web:label.example.com#atproto_labeler</code> for a labeler service. When this is included the appropriate signing key is determined based on a fixed mapping of service identifiers to key identifiers:</p> <ul> <li>service identifier <code>atproto_labeler</code> maps to key identifier <code>atproto_label</code></li> </ul> <p>If the service identifier is not included, the scope is general purpose and the <code>atproto</code> key identifier should be used.</p> <p>The receiving service may require or prohibit specific service identifiers for access to specific resources or endpoints.</p> <p>The signature is computed using the regular JWT process, using the account's signing key (the same used to sign repo commits). As Typescript pseudo-code, this looks like:</p> <div class="my-6 overflow-hidden rounded-2xl bg-zinc-50 dark:bg-zinc-900 dark:ring-1 dark:ring-white/10"><div class="not-prose"><div class="group dark:bg-white/2.5"><div class="relative"><pre class="overflow-x-auto p-4 text-xs text-black dark:text-white"><code>const headerPayload = utf8ToBase64Url(jsonStringify(header)) + '.' + utf8ToBase64Url(jsonString(body)) const signature = hashAndSign(accountSigningKey, utf8Bytes(headerPayload)) const jwt = headerPayload + '.' + bytesToBase64Url(signature) </code></pre><button type="button" class="group/button absolute right-4 top-3.5 overflow-hidden rounded-full py-1 pl-2 pr-3 text-2xs font-medium opacity-0 backdrop-blur transition focus:opacity-100 group-hover:opacity-100 bg-white/5 hover:bg-white/7.5 dark:bg-white/2.5 dark:hover:bg-white/5"><span aria-hidden="false" class="pointer-events-none flex items-center gap-0.5 text-zinc-400 transition duration-300"><svg viewBox="0 0 20 20" aria-hidden="true" class="h-5 w-5 fill-zinc-500/20 stroke-zinc-500 transition-colors group-hover/button:stroke-zinc-400"><path stroke-width="0" d="M5.5 13.5v-5a2 2 0 0 1 2-2l.447-.894A2 2 0 0 1 9.737 4.5h.527a2 2 0 0 1 1.789 1.106l.447.894a2 2 0 0 1 2 2v5a2 2 0 0 1-2 2h-5a2 2 0 0 1-2-2Z"></path><path fill="none" stroke-linejoin="round" d="M12.5 6.5a2 2 0 0 1 2 2v5a2 2 0 0 1-2 2h-5a2 2 0 0 1-2-2v-5a2 2 0 0 1 2-2m5 0-.447-.894a2 2 0 0 0-1.79-1.106h-.527a2 2 0 0 0-1.789 1.106L7.5 6.5m5 0-1 1h-3l-1-1"></path></svg>Copy</span><span aria-hidden="true" class="pointer-events-none absolute inset-0 flex items-center justify-center text-blue-400 transition duration-300 translate-y-1.5 opacity-0">Copied!</span></button></div></div></div></div> <h2 class="scroll-mt-24" id="service-proxying"><a class="group text-inherit no-underline hover:text-inherit" href="#service-proxying">Service Proxying</a></h2> <p>The PDS acts as a generic proxy between clients and other atproto services. Clients can use an HTTP header to specify which service in the network they want the request forwarded to (eg, a specific AppView or Labeler service). The PDS will do some safety checks, then forward the request on with an inter-service authentication token (JWT, described above) issued and signed by the user's identity.</p> <p>The HTTP header is <code>atproto-proxy</code>, and the value is a DID (identifying a service), followed by a service endpoint identifier, joined by a <code>#</code> character. The PDS resolves the service DID, extracts a service endpoint URL from the DID document, and proxies the request on to the identified server.</p> <p>An example request header, to proxy to a labeling service, is:</p> <div class="my-6 overflow-hidden rounded-2xl bg-zinc-50 dark:bg-zinc-900 dark:ring-1 dark:ring-white/10"><div class="not-prose"><div class="group dark:bg-white/2.5"><div class="relative"><pre class="overflow-x-auto p-4 text-xs text-black dark:text-white"><code>atproto-proxy: did:web:labeler.example.com#atproto_labeler </code></pre><button type="button" class="group/button absolute right-4 top-3.5 overflow-hidden rounded-full py-1 pl-2 pr-3 text-2xs font-medium opacity-0 backdrop-blur transition focus:opacity-100 group-hover:opacity-100 bg-white/5 hover:bg-white/7.5 dark:bg-white/2.5 dark:hover:bg-white/5"><span aria-hidden="false" class="pointer-events-none flex items-center gap-0.5 text-zinc-400 transition duration-300"><svg viewBox="0 0 20 20" aria-hidden="true" class="h-5 w-5 fill-zinc-500/20 stroke-zinc-500 transition-colors group-hover/button:stroke-zinc-400"><path stroke-width="0" d="M5.5 13.5v-5a2 2 0 0 1 2-2l.447-.894A2 2 0 0 1 9.737 4.5h.527a2 2 0 0 1 1.789 1.106l.447.894a2 2 0 0 1 2 2v5a2 2 0 0 1-2 2h-5a2 2 0 0 1-2-2Z"></path><path fill="none" stroke-linejoin="round" d="M12.5 6.5a2 2 0 0 1 2 2v5a2 2 0 0 1-2 2h-5a2 2 0 0 1-2-2v-5a2 2 0 0 1 2-2m5 0-.447-.894a2 2 0 0 0-1.79-1.106h-.527a2 2 0 0 0-1.789 1.106L7.5 6.5m5 0-1 1h-3l-1-1"></path></svg>Copy</span><span aria-hidden="true" class="pointer-events-none absolute inset-0 flex items-center justify-center text-blue-400 transition duration-300 translate-y-1.5 opacity-0">Copied!</span></button></div></div></div></div> <p>A few requirements must be met for proxying to happen. These conditions may be extended in the future to address network abuse concerns.</p> <ul> <li>the target service must have a resolvable DID, a well-formed DID document, and a corresponding service entry with a matching identifier</li> <li>only atproto endpoint paths are supported. This means an <code>/xrpc/</code> prefix, followed by a valid NSID and endpoint name. Note that the <code>/xrpc/</code> prefix may become configurable in the future</li> <li>the request must be from an authenticated user with an active account on the PDS</li> <li>rate-limits at the PDS still apply</li> </ul> <h2 class="scroll-mt-24" id="summary-of-http-headers"><a class="group text-inherit no-underline hover:text-inherit" href="#summary-of-http-headers">Summary of HTTP Headers</a></h2> <p>Clients can use the following request headers:</p> <p><code>Content-Type</code>: If a request body is present, this header should be included and indicate the content type.</p> <p><code>Authorization</code>: Contains auth information. See "Authentication" section of this specification for details.</p> <p><code>atproto-proxy</code>: used for proxying to other atproto services. See "Service Proxying" section of this document for details.</p> <p><code>atproto-accept-labelers</code>: used by clients to request labels from specific labelers to be included and applied in the response. See <a href="/specs/label">Label</a> specification for details.</p> <h2 class="scroll-mt-24" id="summary-of-http-status-codes"><a class="group text-inherit no-underline hover:text-inherit" href="#summary-of-http-status-codes">Summary of HTTP Status Codes</a></h2> <p><code>200 OK</code>: The request was successful. If there is a response body (optional), there should be a <code>Content-Type</code> header.</p> <p><code>400 Bad Request</code>: Request was invalid, and was not processed</p> <p><code>401 Unauthorized</code>: Authentication is required for this endpoint. There should be a <code>WWW-Authenticate</code> header.</p> <p><code>403 Forbidden</code>: The client lacks permission for this endpoint</p> <p><code>404 Not Found</code>: Can indicate a missing resource. This can also indicate that the server does not support atproto, or does not support this endpoint. See response error message (or lack thereof) to clairfy.</p> <p><code>413 Payload Too Large</code>: Request body was too large. If possible, split in to multiple smaller requests.</p> <p><code>429 Too Many Requests</code>: A resource limit has been exceeded, client should back off. There may be a <code>Retry-After</code> header indicating a specific back-off time period.</p> <p><code>500 Internal Server Error</code>: Generic internal service error. Client may retry after a delay.</p> <p><code>501 Not Implemented</code>: The specified endpoint is known, but not implemented. Client should <em>not</em> retry. In particular, returned when WebSockets are requested by not implemented by server.</p> <p><code>502 Bad Gateway</code>, <code>503 Service Unavailable</code>, or <code>504 Gateway Timeout</code>: These all usually indicate temporary or permanent service downtime. Clients may retry after a delay.</p> <h2 class="scroll-mt-24" id="usage-and-implementation-guidelines"><a class="group text-inherit no-underline hover:text-inherit" href="#usage-and-implementation-guidelines">Usage and Implementation Guidelines</a></h2> <p>Clients are encouraged to implement timeouts, limited retries, and randomized exponential backoff. This increases robustness in the inevitable case of sporadic downtime, while minimizing load on struggling servers.</p> <p>Servers <em>should</em> implement custom JSON error responses for all requests with an <code>/xrpc/</code> path prefix, but realistically, many services will return generic load-balancer or reverse-proxy HTML error pages. Clients should be robust to non-JSON error responses.</p> <p>HTTP servers and client libraries usually limit the overall size of URLs, including query parameters, and these limits constrain the use of parameters in XRPC.</p> <p>PDS implementations are free to restrict blob uploads as they see fit. For example, they may have a global maximum size or restricted set of allowed MIME types. These should be a superset of blob constraints for all supported Lexicons.</p> <h2 class="scroll-mt-24" id="security-and-privacy-considerations"><a class="group text-inherit no-underline hover:text-inherit" href="#security-and-privacy-considerations">Security and Privacy Considerations</a></h2> <p>Only HTTPS should be used over the open internet.</p> <p>Care should be taken with personally identifiable information in blobs, such as EXIF metadata. It is currently the <em>client's</em> responsibility to strip any sensitive EXIF metadata from blobs before uploading. It would be reasonable for a PDS to help prevent accidental metadata leakage as well; see future changes section below.</p> <h2 class="scroll-mt-24" id="possible-future-changes"><a class="group text-inherit no-underline hover:text-inherit" href="#possible-future-changes">Possible Future Changes</a></h2> <p>The auth system is likely to be entirely overhauled.</p> <p>Lexicons should be able to indicate whether auth is required.</p> <p>The role of the PDS as a generic gateway may be formalized and extended. A generic mechanism for proxying specific XRPC endpoints on to other network services may be added. Generic caching of queries and blobs may be specified. Mutation of third-party responses by the PDS might be explicitly allowed.</p> <p>An explicit decision about whether HTTP redirects are supported.</p> <p>Cursor pagination behavior should be clarified when a cursor is returned but the result list is empty, and when a cursor value is repeated.</p> <p>To help prevent accidental publishing of sensitive metadata embedded in media blobs, a query parameter may be added to the upload blob endpoint to opt-out of metadata stripping, and default to either blocking upload or auto-striping such metadata for all blobs.</p> <p>The <code>lxm</code> JWT field for inter-service auth may become required.</p></div></article></main><footer class="mx-auto w-full max-w-2xl space-y-10 pb-16 lg:max-w-5xl"><div class="flex"><div class="flex flex-col items-start gap-3"><a class="inline-flex gap-0.5 justify-center overflow-hidden text-sm font-medium transition rounded-full bg-zinc-100 py-1 px-3 text-zinc-900 hover:bg-zinc-200 dark:bg-zinc-800/40 dark:text-zinc-400 dark:ring-1 dark:ring-inset dark:ring-zinc-800 dark:hover:bg-zinc-800 dark:hover:text-zinc-300" aria-label="Previous: Labels" href="/specs/label"><svg viewBox="0 0 20 20" fill="none" aria-hidden="true" class="mt-0.5 h-5 w-5 -ml-1 rotate-180"><path stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" d="m11.5 6.5 3 3.5m0 0-3 3.5m3-3.5h-9"></path></svg>Previous</a><a tabindex="-1" aria-hidden="true" class="text-base font-semibold text-zinc-900 transition hover:text-zinc-600 dark:text-white dark:hover:text-zinc-300" href="/specs/label">Labels</a></div><div class="ml-auto flex flex-col items-end gap-3"><a class="inline-flex gap-0.5 justify-center overflow-hidden text-sm font-medium transition rounded-full bg-zinc-100 py-1 px-3 text-zinc-900 hover:bg-zinc-200 dark:bg-zinc-800/40 dark:text-zinc-400 dark:ring-1 dark:ring-inset dark:ring-zinc-800 dark:hover:bg-zinc-800 dark:hover:text-zinc-300" aria-label="Next: OAuth" href="/specs/oauth">Next<svg viewBox="0 0 20 20" fill="none" aria-hidden="true" class="mt-0.5 h-5 w-5 -mr-1"><path stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" d="m11.5 6.5 3 3.5m0 0-3 3.5m3-3.5h-9"></path></svg></a><a tabindex="-1" aria-hidden="true" class="text-base font-semibold text-zinc-900 transition hover:text-zinc-600 dark:text-white dark:hover:text-zinc-300" href="/specs/oauth">OAuth</a></div></div><div class="flex flex-col items-center justify-between gap-5 border-t border-zinc-900/5 pt-8 sm:flex-row dark:border-white/5"><p class="text-xs text-zinc-600 dark:text-zinc-400">© Copyright 2025. All rights reserved.</p><div class="flex gap-4"><a class="group" href="https://bsky.app/profile/atproto.com"><span class="sr-only">Follow us on Bluesky</span><svg viewBox="0 0 360 320" aria-hidden="true" class="h-5 w-5 fill-zinc-700 transition group-hover:fill-zinc-900 dark:group-hover:fill-zinc-500"><path d="M180 141.964C163.699 110.262 119.308 51.1817 78.0347 22.044C38.4971 -5.86834 23.414 -1.03207 13.526 3.43594C2.08093 8.60755 0 26.1785 0 36.5164C0 46.8542 5.66748 121.272 9.36416 133.694C21.5786 174.738 65.0603 188.607 105.104 184.156C107.151 183.852 109.227 183.572 111.329 183.312C109.267 183.642 107.19 183.924 105.104 184.156C46.4204 192.847 -5.69621 214.233 62.6582 290.33C137.848 368.18 165.705 273.637 180 225.702C194.295 273.637 210.76 364.771 295.995 290.33C360 225.702 313.58 192.85 254.896 184.158C252.81 183.926 250.733 183.645 248.671 183.315C250.773 183.574 252.849 183.855 254.896 184.158C294.94 188.61 338.421 174.74 350.636 133.697C354.333 121.275 360 46.8568 360 36.519C360 26.1811 357.919 8.61012 346.474 3.43851C336.586 -1.02949 321.503 -5.86576 281.965 22.0466C240.692 51.1843 196.301 110.262 180 141.964Z"></path></svg></a><a class="group" href="https://github.com/bluesky-social"><span class="sr-only">Follow us on GitHub</span><svg viewBox="0 0 20 20" aria-hidden="true" class="h-5 w-5 fill-zinc-700 transition group-hover:fill-zinc-900 dark:group-hover:fill-zinc-500"><path fill-rule="evenodd" clip-rule="evenodd" d="M10 1.667c-4.605 0-8.334 3.823-8.334 8.544 0 3.78 2.385 6.974 5.698 8.106.417.075.573-.182.573-.406 0-.203-.011-.875-.011-1.592-2.093.397-2.635-.522-2.802-1.002-.094-.246-.5-1.005-.854-1.207-.291-.16-.708-.556-.01-.567.656-.01 1.124.62 1.281.876.75 1.292 1.948.93 2.427.705.073-.555.291-.93.531-1.143-1.854-.213-3.791-.95-3.791-4.218 0-.929.322-1.698.854-2.296-.083-.214-.375-1.09.083-2.265 0 0 .698-.224 2.292.876a7.576 7.576 0 0 1 2.083-.288c.709 0 1.417.096 2.084.288 1.593-1.11 2.291-.875 2.291-.875.459 1.174.167 2.05.084 2.263.53.599.854 1.357.854 2.297 0 3.278-1.948 4.005-3.802 4.219.302.266.563.78.563 1.58 0 1.143-.011 2.061-.011 2.35 0 .224.156.491.573.405a8.365 8.365 0 0 0 4.11-3.116 8.707 8.707 0 0 0 1.567-4.99c0-4.721-3.73-8.545-8.334-8.545Z"></path></svg></a></div></div></footer></div></div></div><script src="/_next/static/chunks/webpack-8939cfb3c10d3e4e.js" async=""></script><script>(self.__next_f=self.__next_f||[]).push([0]);self.__next_f.push([2,null])</script><script>self.__next_f.push([1,"1:HL[\"/_next/static/css/e527f0089f600c10.css\",\"style\"]\n"])</script><script>self.__next_f.push([1,"2:I[5751,[],\"\"]\n4:I[231,[\"231\",\"static/chunks/231-181ea92841931ecc.js\",\"1364\",\"static/chunks/1364-c5ca11b1c706d695.js\",\"7915\",\"static/chunks/7915-4e4e4521ff2dd284.js\",\"8814\",\"static/chunks/app/%5Blocale%5D/specs/xrpc/page-2bd25c8281fe278d.js\"],\"\"]\n5:I[2734,[\"231\",\"static/chunks/231-181ea92841931ecc.js\",\"1364\",\"static/chunks/1364-c5ca11b1c706d695.js\",\"7915\",\"static/chunks/7915-4e4e4521ff2dd284.js\",\"8814\",\"static/chunks/app/%5Blocale%5D/specs/xrpc/page-2bd25c8281fe278d.js\"],\"Heading\"]\n6:I[5294,[\"231\",\"static/chunks/231-181ea92841931ecc.js\",\"1364\",\"static/chunks/1364-c5ca11b1c706d695.js\",\"7915\",\"static/chunks/7915-4e4e4521ff2dd284.js\",\"8814\",\"static/chunks/app/%5Blocale%5D/specs/xrpc/page-2bd25c8281fe278d.js\"],\"Code\"]\n7:I[5294,[\"231\",\"static/chunks/231-181ea92841931ecc.js\",\"1364\",\"static/chunks/1364-c5ca11b1c706d695.js\",\"7915\",\"static/chunks/7915-4e4e4521ff2dd284.js\",\"8814\",\"static/chunks/app/%5Blocale%5D/specs/xrpc/page-2bd25c8281fe278d.js\"],\"Pre\"]\n8:I[9275,[],\"\"]\na:I[1343,[],\"\"]\nd:I[6130,[],\"\"]\n9:[\"locale\",\"en\",\"d\"]\ne:[]\n"])</script><script>self.__next_f.push([1,"0:[null,[\"$\",\"$L2\",null,{\"buildId\":\"O7HVqp30nMRBWJ8IbhAj1\",\"assetPrefix\":\"\",\"initialCanonicalUrl\":\"/specs/xrpc\",\"initialTree\":[\"\",{\"children\":[[\"locale\",\"en\",\"d\"],{\"children\":[\"specs\",{\"children\":[\"xrpc\",{\"children\":[\"__PAGE__\",{}]}]}]},\"$undefined\",\"$undefined\",true]}],\"initialSeedData\":[\"\",{\"children\":[[\"locale\",\"en\",\"d\"],{\"children\":[\"specs\",{\"children\":[\"xrpc\",{\"children\":[\"__PAGE__\",{},[[\"$L3\",[\"$\",\"article\",null,{\"className\":\"flex h-full flex-col pb-24 pt-16\",\"children\":[\"$\",\"div\",null,{\"className\":\"flex-auto prose dark:prose-invert [html_:where(\u0026\u003e*)]:mx-auto [html_:where(\u0026\u003e*)]:max-w-2xl [html_:where(\u0026\u003e*)]:lg:mx-[calc(50%-min(50%,theme(maxWidth.lg)))] [html_:where(\u0026\u003e*)]:lg:max-w-3xl\",\"children\":[[\"$\",\"h1\",null,{\"children\":\"HTTP API (XRPC)\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"HTTP APIs for client-server and server-server requests in atproto use a set of common conventions called XRPC. Endpoint path names include an NSID indicating the \",[\"$\",\"$L4\",null,{\"href\":\"/specs/lexicon\",\"children\":\"Lexicon\"}],\" specifying the request and response schemas, usually with JSON content type.\"],\"className\":\"lead\"}],\"\\n\",[\"$\",\"$L5\",null,{\"level\":2,\"id\":\"lexicon-http-endpoints\",\"children\":\"Lexicon HTTP Endpoints\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"The HTTP request path starts with \",[\"$\",\"$L6\",null,{\"children\":\"/xrpc/\"}],\", followed by an NSID. Paths must always be top-level, not below a prefix. The NSID maps to the \",[\"$\",\"$L6\",null,{\"children\":\"id\"}],\" field in the associated Lexicon.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"The two requests types that can be expressed in Lexicons are \\\"query\\\" (HTTP GET) and \\\"procedure\\\" (HTTP POST). Following HTTP REST semantics, queries (GET) are cacheable and should not mutate resource state. Procedures are not cacheable and may mutate state.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"Lexicon \",[\"$\",\"$L6\",null,{\"children\":\"params\"}],\" (under the \",[\"$\",\"$L6\",null,{\"children\":\"parameters\"}],\" field) map to HTTP URL query parameters. Only certain Lexicon types can be included in params, as specified by the \",[\"$\",\"$L6\",null,{\"children\":\"params\"}],\" type. Multiple query parameters with the same name can be used to represent an array of parameters. When encoding \",[\"$\",\"$L6\",null,{\"children\":\"boolean\"}],\" parameters, the strings \",[\"$\",\"$L6\",null,{\"children\":\"true\"}],\" and \",[\"$\",\"$L6\",null,{\"children\":\"false\"}],\" should be used. Strings should not be quoted. If a \",[\"$\",\"$L6\",null,{\"children\":\"default\"}],\" value is included in the schema, it should be included in every request to ensure consistent caching behavior.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"Request and response body content types can be specified in Lexicon. The schema can require an exact MIME type, or a blob pattern indicating a range of acceptable types (eg, \",[\"$\",\"$L6\",null,{\"children\":\"image/*\"}],\").\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"JSON body schemas are specified in Lexicon using the usual atproto data model. Full validation by the server or client requires knowledge of the Lexicon, but partial validation against the abstract data model is always possible.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"CORS support is encouraged but not required.\"}],\"\\n\",[\"$\",\"h3\",null,{\"children\":\"Error Responses\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"All unsuccessful responses should follow a standard error response schema. The \",[\"$\",\"$L6\",null,{\"children\":\"Content-Type\"}],\" should be \",[\"$\",\"$L6\",null,{\"children\":\"application/json\"}],\", and the payload should be a JSON object with the following fields:\"]}],\"\\n\",[\"$\",\"ul\",null,{\"children\":[\"\\n\",[\"$\",\"li\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"error\"}],\" (string, required): type name of the error (generic ASCII constant, no whitespace)\"]}],\"\\n\",[\"$\",\"li\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"message\"}],\" (string, optional): description of the error, appropriate for display to humans\"]}],\"\\n\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"The error type should map to an error name defined in the endpoint's Lexicon schema. This enables more specific error-handling by client software. This is particularly encouraged on \",[\"$\",\"$L6\",null,{\"children\":\"400\"}],\", \",[\"$\",\"$L6\",null,{\"children\":\"500\"}],\", and \",[\"$\",\"$L6\",null,{\"children\":\"502\"}],\" status codes, where further information will be useful.\"]}],\"\\n\",[\"$\",\"h3\",null,{\"children\":\"Blob Upload and Download\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"Blobs are something of a special case because they can have any MIME type and are not stored directly in repositories, and thus are not directly associated with an NSID or Lexicon (though they do end up referenced from Lexicons).\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"The convention for working with blobs is for clients to upload them via the \",[\"$\",\"$L6\",null,{\"children\":\"com.atproto.repo.uploadBlob\"}],\" endpoint, which returns a \",[\"$\",\"$L6\",null,{\"children\":\"blob\"}],\" JSON object containing a CID and basic metadata about the blob. Client can then include this \",[\"$\",\"$L6\",null,{\"children\":\"blob\"}],\" data in future requests (eg, include in new records). Constraints like MIME type and file size are only validated at this second step. The server may implement content type sniffing at the upload step and return a MIME type different from any \",[\"$\",\"$L6\",null,{\"children\":\"Content-Type\"}],\" header provided, but a \",[\"$\",\"$L6\",null,{\"children\":\"Content-Type\"}],\" header is still expected on the upload HTTP request.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"Blobs for a specific account can be listed and downloaded using endpoints in the \",[\"$\",\"$L6\",null,{\"children\":\"com.atproto.sync.*\"}],\" NSID space. These endpoints give access to the complete original blob, as uploaded. A common pattern is for applications to mirror both the original blob and any downsized thumbnail or preview versions via separate URLs (eg, on a CDN), instead of deep-linking to the \",[\"$\",\"$L6\",null,{\"children\":\"getBlob\"}],\" endpoint on the original PDS.\"]}],\"\\n\",[\"$\",\"h3\",null,{\"children\":\"Cursors and Pagination\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"A common pattern in Lexicon design is to include a \",[\"$\",\"$L6\",null,{\"children\":\"cursor\"}],\" parameter for pagination. The client should not include the \",[\"$\",\"$L6\",null,{\"children\":\"cursor\"}],\" parameter in the first request, and should keep all other parameters fixed between requests. If a cursor is included in a response, the next batch of responses can be fetched by including that value in a follow-on, continuing until the cursor is not included any longer, indicating the end of the result set has been reached.\"]}],\"\\n\",[\"$\",\"$L5\",null,{\"level\":2,\"id\":\"authentication\",\"children\":\"Authentication\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"The primary client/server authentication and authorization scheme for XRPC is OAuth, described in the \",[\"$\",\"$L4\",null,{\"href\":\"./oauth\",\"children\":\"Auth Specification\"}],\".\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"Not all endpoints require authentication, but there is not yet a consistent way to enumerate which endpoints do or do not.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"There is also a legacy authentication scheme using HTTP Bearer auth with JWT tokens, including refresh tokens, described here. Initial login uses the \",[\"$\",\"$L6\",null,{\"children\":\"com.atproto.server.createSession\"}],\" endpoint, including the password and an account identifier (eg, handle or registered email address). This returns a \",[\"$\",\"$L6\",null,{\"children\":\"refreshJwt\"}],\" (as well as an initial \",[\"$\",\"$L6\",null,{\"children\":\"accessJwt\"}],\").\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"Most requests should be authenticated using an access JWT, but the validity lifetime for these tokens is short. Every couple minutes, a new access JWT can be requested by hitting the \",[\"$\",\"$L6\",null,{\"children\":\"com.atproto.server.refreshSession\"}],\" endpoint, using the refresh JWT instead of an access JWT.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"Clients should treat the tokens as opaque string tokens: the JWT fields and semantics are not a stable part of the specification.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"Servers (eg, PDS implementations) which generate and valiate auth JWTs should implement domain separation between access and refresh tokens, using the \",[\"$\",\"$L6\",null,{\"children\":\"typ\"}],\" header field: access tokens should use \",[\"$\",\"$L6\",null,{\"children\":\"at+jwt\"}],\", and refresh tokens should use \",[\"$\",\"$L6\",null,{\"children\":\"refresh+jwt\"}],\". Note that \",[\"$\",\"$L6\",null,{\"children\":\"at+jwt\"}],\" (defined in \",[\"$\",\"$L4\",null,{\"href\":\"https://www.rfc-editor.org/rfc/rfc9068.html\",\"children\":\"RFC 9068\"}],\") is short for \\\"access token\\\", and is not a reference to the \\\"at\\\" in atproto.\"]}],\"\\n\",[\"$\",\"h3\",null,{\"children\":\"App Passwords\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"App Passwords are a mechanism to reduce security risks when logging in to third-party clients and web applications. Accounts can create and revoke app passwords separate from their primary password. They are used to log in the same way as the primary password, but grant slightly restricted permissions to the client application, preventing destructive actions like account or changes to authentication settings (including app passwords themselves).\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"Clients and apps themselves do not need to do anything special to use app passwords. It is a best practice for most clients and apps to include a reminder to use an app password when logging in. App passwords usually have the form \",[\"$\",\"$L6\",null,{\"children\":\"xxxx-xxxx-xxxx-xxxx\"}],\", and clients can check against this format to prevent accidental logins with primary passwords (unless the primary password itself has this format).\"]}],\"\\n\",[\"$\",\"h3\",null,{\"children\":\"Admin Token (Temporary Specification)\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"Some administrative XRPC endpoints require authentication with admin privileges. The current scheme for this is to use HTTP Basic authentication with user \\\"admin\\\" and a fixed token in the password field, instead of HTTP Bearer auth with a JWT. This means that admin requests do not have a link to the account or identity of the client beyond \\\"admin\\\".\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"As a reminder, HTTP Basic authentication works by joining the username and password together with a colon (\",[\"$\",\"$L6\",null,{\"children\":\":\"}],\"), and encoding the resulting string using \",[\"$\",\"$L6\",null,{\"children\":\"base64\"}],\" (\\\"standard\\\" version). The encoded string is included in the \",[\"$\",\"$L6\",null,{\"children\":\"Authorization\"}],\" header, prefixed with \",[\"$\",\"$L6\",null,{\"children\":\"Basic \"}],\" (with separating space).\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"As an example, if the admin token was \",[\"$\",\"$L6\",null,{\"children\":\"secret-token\"}],\", the header would look like:\"]}],\"\\n\",[\"$\",\"$L7\",null,{\"code\":\"Authorization: Basic YWRtaW46c2VjcmV0LXRva2Vu\\n\",\"children\":[\"$\",\"$L6\",null,{\"children\":\"Authorization: Basic YWRtaW46c2VjcmV0LXRva2Vu\\n\"}]}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"The set of endpoints requiring admin auth is likely to get out of date in this specification, but currently includes:\"}],\"\\n\",[\"$\",\"ul\",null,{\"children\":[\"\\n\",[\"$\",\"li\",null,{\"children\":[\"$\",\"$L6\",null,{\"children\":\"com.atproto.admin.*\"}]}],\"\\n\",[\"$\",\"li\",null,{\"children\":[\"$\",\"$L6\",null,{\"children\":\"com.atproto.server.createInviteCode\"}]}],\"\\n\",[\"$\",\"li\",null,{\"children\":[\"$\",\"$L6\",null,{\"children\":\"com.atproto.server.createInviteCodes\"}]}],\"\\n\"]}],\"\\n\",[\"$\",\"h3\",null,{\"children\":\"Inter-Service Authentication (JWT)\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"This section describes a mechanism for authentication between services using signed JWTs.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"The current mechanism is to use short-lived JWTs signed by the account's atproto signing key. The receiving service can validate the signature by checking this key against the account's DID document.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"The JWT parameters are:\"}],\"\\n\",[\"$\",\"ul\",null,{\"children\":[\"\\n\",[\"$\",\"li\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"alg\"}],\" header field (string, required): indicates the signing key type (see \",[\"$\",\"$L4\",null,{\"href\":\"/specs/cryptography\",\"children\":\"Cryptography\"}],\")\",\"\\n\",[\"$\",\"ul\",null,{\"children\":[\"\\n\",[\"$\",\"li\",null,{\"children\":[\"use \",[\"$\",\"$L6\",null,{\"children\":\"ES256K\"}],\" for \",[\"$\",\"$L6\",null,{\"children\":\"k256\"}],\" keys\"]}],\"\\n\",[\"$\",\"li\",null,{\"children\":[\"use \",[\"$\",\"$L6\",null,{\"children\":\"ES256\"}],\" for \",[\"$\",\"$L6\",null,{\"children\":\"p256\"}],\" keys\"]}],\"\\n\"]}],\"\\n\"]}],\"\\n\",[\"$\",\"li\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"typ\"}],\" header field (string, required): currently \",[\"$\",\"$L6\",null,{\"children\":\"JWT\"}],\", but intend to update to a more specific value.\"]}],\"\\n\",[\"$\",\"li\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"iss\"}],\" body field (string, required): account DID that the request is being sent on behalf of. This may include a suffix service identifier; see below\"]}],\"\\n\",[\"$\",\"li\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"aud\"}],\" body field (string, required): service DID associated with the service that the request is being sent to\"]}],\"\\n\",[\"$\",\"li\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"exp\"}],\" body field (number, required): token expiration time, as a UNIX timestamp with seconds precision. Should be a short time window, as revocation is not implemented. 60 seconds is a good token lifetime.\"]}],\"\\n\",[\"$\",\"li\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"iat\"}],\" body field (number, required): token creation time, as a UNIX timestamp with seconds precision.\"]}],\"\\n\",[\"$\",\"li\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"lxm\"}],\" body field (string, optional): short for \\\"lexicon method\\\". NSID syntax. Indicates the endpoint that this token authorizes. Servers must always validate this field if included, and should require it for security-sensitive operations. May become required in the future.\"]}],\"\\n\",[\"$\",\"li\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"jti\"}],\" body field (string, required): unique random string nonce. May be used by receiving services to prevent reuse of token and replay attacks.\"]}],\"\\n\",[\"$\",\"li\",null,{\"children\":\"JWT signature (string, required): base64url-encoded signature using the account DID's signing key.\"}],\"\\n\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"When the token is generated in the context of a specific service in the issuer's DID document, the issuer field may have the corresponding \",[\"$\",\"em\",null,{\"children\":\"service\"}],\" identifier in the \",[\"$\",\"$L6\",null,{\"children\":\"iss\"}],\" field, separated by a \",[\"$\",\"$L6\",null,{\"children\":\"#\"}],\" character. For example, \",[\"$\",\"$L6\",null,{\"children\":\"did:web:label.example.com#atproto_labeler\"}],\" for a labeler service. When this is included the appropriate signing key is determined based on a fixed mapping of service identifiers to key identifiers:\"]}],\"\\n\",[\"$\",\"ul\",null,{\"children\":[\"\\n\",[\"$\",\"li\",null,{\"children\":[\"service identifier \",[\"$\",\"$L6\",null,{\"children\":\"atproto_labeler\"}],\" maps to key identifier \",[\"$\",\"$L6\",null,{\"children\":\"atproto_label\"}]]}],\"\\n\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"If the service identifier is not included, the scope is general purpose and the \",[\"$\",\"$L6\",null,{\"children\":\"atproto\"}],\" key identifier should be used.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"The receiving service may require or prohibit specific service identifiers for access to specific resources or endpoints.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"The signature is computed using the regular JWT process, using the account's signing key (the same used to sign repo commits). As Typescript pseudo-code, this looks like:\"}],\"\\n\",[\"$\",\"$L7\",null,{\"code\":\"const headerPayload = utf8ToBase64Url(jsonStringify(header)) + '.' + utf8ToBase64Url(jsonString(body))\\nconst signature = hashAndSign(accountSigningKey, utf8Bytes(headerPayload))\\nconst jwt = headerPayload + '.' + bytesToBase64Url(signature)\\n\",\"children\":[\"$\",\"$L6\",null,{\"children\":\"const headerPayload = utf8ToBase64Url(jsonStringify(header)) + '.' + utf8ToBase64Url(jsonString(body))\\nconst signature = hashAndSign(accountSigningKey, utf8Bytes(headerPayload))\\nconst jwt = headerPayload + '.' + bytesToBase64Url(signature)\\n\"}]}],\"\\n\",[\"$\",\"$L5\",null,{\"level\":2,\"id\":\"service-proxying\",\"children\":\"Service Proxying\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"The PDS acts as a generic proxy between clients and other atproto services. Clients can use an HTTP header to specify which service in the network they want the request forwarded to (eg, a specific AppView or Labeler service). The PDS will do some safety checks, then forward the request on with an inter-service authentication token (JWT, described above) issued and signed by the user's identity.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"The HTTP header is \",[\"$\",\"$L6\",null,{\"children\":\"atproto-proxy\"}],\", and the value is a DID (identifying a service), followed by a service endpoint identifier, joined by a \",[\"$\",\"$L6\",null,{\"children\":\"#\"}],\" character. The PDS resolves the service DID, extracts a service endpoint URL from the DID document, and proxies the request on to the identified server.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"An example request header, to proxy to a labeling service, is:\"}],\"\\n\",[\"$\",\"$L7\",null,{\"code\":\"atproto-proxy: did:web:labeler.example.com#atproto_labeler\\n\",\"children\":[\"$\",\"$L6\",null,{\"children\":\"atproto-proxy: did:web:labeler.example.com#atproto_labeler\\n\"}]}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"A few requirements must be met for proxying to happen. These conditions may be extended in the future to address network abuse concerns.\"}],\"\\n\",[\"$\",\"ul\",null,{\"children\":[\"\\n\",[\"$\",\"li\",null,{\"children\":\"the target service must have a resolvable DID, a well-formed DID document, and a corresponding service entry with a matching identifier\"}],\"\\n\",[\"$\",\"li\",null,{\"children\":[\"only atproto endpoint paths are supported. This means an \",[\"$\",\"$L6\",null,{\"children\":\"/xrpc/\"}],\" prefix, followed by a valid NSID and endpoint name. Note that the \",[\"$\",\"$L6\",null,{\"children\":\"/xrpc/\"}],\" prefix may become configurable in the future\"]}],\"\\n\",[\"$\",\"li\",null,{\"children\":\"the request must be from an authenticated user with an active account on the PDS\"}],\"\\n\",[\"$\",\"li\",null,{\"children\":\"rate-limits at the PDS still apply\"}],\"\\n\"]}],\"\\n\",[\"$\",\"$L5\",null,{\"level\":2,\"id\":\"summary-of-http-headers\",\"children\":\"Summary of HTTP Headers\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"Clients can use the following request headers:\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"Content-Type\"}],\": If a request body is present, this header should be included and indicate the content type.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"Authorization\"}],\": Contains auth information. See \\\"Authentication\\\" section of this specification for details.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"atproto-proxy\"}],\": used for proxying to other atproto services. See \\\"Service Proxying\\\" section of this document for details.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"atproto-accept-labelers\"}],\": used by clients to request labels from specific labelers to be included and applied in the response. See \",[\"$\",\"$L4\",null,{\"href\":\"/specs/label\",\"children\":\"Label\"}],\" specification for details.\"]}],\"\\n\",[\"$\",\"$L5\",null,{\"level\":2,\"id\":\"summary-of-http-status-codes\",\"children\":\"Summary of HTTP Status Codes\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"200 OK\"}],\": The request was successful. If there is a response body (optional), there should be a \",[\"$\",\"$L6\",null,{\"children\":\"Content-Type\"}],\" header.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"400 Bad Request\"}],\": Request was invalid, and was not processed\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"401 Unauthorized\"}],\": Authentication is required for this endpoint. There should be a \",[\"$\",\"$L6\",null,{\"children\":\"WWW-Authenticate\"}],\" header.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"403 Forbidden\"}],\": The client lacks permission for this endpoint\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"404 Not Found\"}],\": Can indicate a missing resource. This can also indicate that the server does not support atproto, or does not support this endpoint. See response error message (or lack thereof) to clairfy.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"413 Payload Too Large\"}],\": Request body was too large. If possible, split in to multiple smaller requests.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"429 Too Many Requests\"}],\": A resource limit has been exceeded, client should back off. There may be a \",[\"$\",\"$L6\",null,{\"children\":\"Retry-After\"}],\" header indicating a specific back-off time period.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"500 Internal Server Error\"}],\": Generic internal service error. Client may retry after a delay.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"501 Not Implemented\"}],\": The specified endpoint is known, but not implemented. Client should \",[\"$\",\"em\",null,{\"children\":\"not\"}],\" retry. In particular, returned when WebSockets are requested by not implemented by server.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":[[\"$\",\"$L6\",null,{\"children\":\"502 Bad Gateway\"}],\", \",[\"$\",\"$L6\",null,{\"children\":\"503 Service Unavailable\"}],\", or \",[\"$\",\"$L6\",null,{\"children\":\"504 Gateway Timeout\"}],\": These all usually indicate temporary or permanent service downtime. Clients may retry after a delay.\"]}],\"\\n\",[\"$\",\"$L5\",null,{\"level\":2,\"id\":\"usage-and-implementation-guidelines\",\"children\":\"Usage and Implementation Guidelines\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"Clients are encouraged to implement timeouts, limited retries, and randomized exponential backoff. This increases robustness in the inevitable case of sporadic downtime, while minimizing load on struggling servers.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"Servers \",[\"$\",\"em\",null,{\"children\":\"should\"}],\" implement custom JSON error responses for all requests with an \",[\"$\",\"$L6\",null,{\"children\":\"/xrpc/\"}],\" path prefix, but realistically, many services will return generic load-balancer or reverse-proxy HTML error pages. Clients should be robust to non-JSON error responses.\"]}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"HTTP servers and client libraries usually limit the overall size of URLs, including query parameters, and these limits constrain the use of parameters in XRPC.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"PDS implementations are free to restrict blob uploads as they see fit. For example, they may have a global maximum size or restricted set of allowed MIME types. These should be a superset of blob constraints for all supported Lexicons.\"}],\"\\n\",[\"$\",\"$L5\",null,{\"level\":2,\"id\":\"security-and-privacy-considerations\",\"children\":\"Security and Privacy Considerations\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"Only HTTPS should be used over the open internet.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"Care should be taken with personally identifiable information in blobs, such as EXIF metadata. It is currently the \",[\"$\",\"em\",null,{\"children\":\"client's\"}],\" responsibility to strip any sensitive EXIF metadata from blobs before uploading. It would be reasonable for a PDS to help prevent accidental metadata leakage as well; see future changes section below.\"]}],\"\\n\",[\"$\",\"$L5\",null,{\"level\":2,\"id\":\"possible-future-changes\",\"children\":\"Possible Future Changes\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"The auth system is likely to be entirely overhauled.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"Lexicons should be able to indicate whether auth is required.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"The role of the PDS as a generic gateway may be formalized and extended. A generic mechanism for proxying specific XRPC endpoints on to other network services may be added. Generic caching of queries and blobs may be specified. Mutation of third-party responses by the PDS might be explicitly allowed.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"An explicit decision about whether HTTP redirects are supported.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"Cursor pagination behavior should be clarified when a cursor is returned but the result list is empty, and when a cursor value is repeated.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":\"To help prevent accidental publishing of sensitive metadata embedded in media blobs, a query parameter may be added to the upload blob endpoint to opt-out of metadata stripping, and default to either blocking upload or auto-striping such metadata for all blobs.\"}],\"\\n\",[\"$\",\"p\",null,{\"children\":[\"The \",[\"$\",\"$L6\",null,{\"children\":\"lxm\"}],\" JWT field for inter-service auth may become required.\"]}]]}]}]],null],null]},[\"$\",\"$L8\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"$9\",\"children\",\"specs\",\"children\",\"xrpc\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$La\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\",\"styles\":null}],null]},[\"$\",\"$L8\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"$9\",\"children\",\"specs\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$La\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\",\"styles\":null}],null]},[\"$Lb\",null],null]},[\"$\",\"$L8\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$La\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":[[\"$\",\"title\",null,{\"children\":\"404: This page could not be found.\"}],[\"$\",\"div\",null,{\"style\":{\"fontFamily\":\"system-ui,\\\"Segoe UI\\\",Roboto,Helvetica,Arial,sans-serif,\\\"Apple Color Emoji\\\",\\\"Segoe UI Emoji\\\"\",\"height\":\"100vh\",\"textAlign\":\"center\",\"display\":\"flex\",\"flexDirection\":\"column\",\"alignItems\":\"center\",\"justifyContent\":\"center\"},\"children\":[\"$\",\"div\",null,{\"children\":[[\"$\",\"style\",null,{\"dangerouslySetInnerHTML\":{\"__html\":\"body{color:#000;background:#fff;margin:0}.next-error-h1{border-right:1px solid rgba(0,0,0,.3)}@media (prefers-color-scheme:dark){body{color:#fff;background:#000}.next-error-h1{border-right:1px solid rgba(255,255,255,.3)}}\"}}],[\"$\",\"h1\",null,{\"className\":\"next-error-h1\",\"style\":{\"display\":\"inline-block\",\"margin\":\"0 20px 0 0\",\"padding\":\"0 23px 0 0\",\"fontSize\":24,\"fontWeight\":500,\"verticalAlign\":\"top\",\"lineHeight\":\"49px\"},\"children\":\"404\"}],[\"$\",\"div\",null,{\"style\":{\"display\":\"inline-block\"},\"children\":[\"$\",\"h2\",null,{\"style\":{\"fontSize\":14,\"fontWeight\":400,\"lineHeight\":\"49px\",\"margin\":0},\"children\":\"This page could not be found.\"}]}]]}]}]],\"notFoundStyles\":[],\"styles\":[[\"$\",\"link\",\"0\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/e527f0089f600c10.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}]]}],null],\"couldBeIntercepted\":false,\"initialHead\":[null,\"$Lc\"],\"globalErrorComponent\":\"$d\",\"missingSlots\":\"$We\"}]]\n"])</script><script>self.__next_f.push([1,"c:[[\"$\",\"meta\",\"0\",{\"name\":\"viewport\",\"content\":\"width=device-width, initial-scale=1\"}],[\"$\",\"meta\",\"1\",{\"charSet\":\"utf-8\"}],[\"$\",\"title\",\"2\",{\"children\":\"HTTP API (XRPC) - AT Protocol\"}],[\"$\",\"meta\",\"3\",{\"name\":\"description\",\"content\":\"Cross-system queries and procedures over HTTP\"}],[\"$\",\"meta\",\"4\",{\"property\":\"og:title\",\"content\":\"HTTP API (XRPC) - AT Protocol\"}],[\"$\",\"meta\",\"5\",{\"property\":\"og:description\",\"content\":\"Cross-system queries and procedures over HTTP\"}],[\"$\",\"meta\",\"6\",{\"property\":\"og:url\",\"content\":\"https://atproto.com/\"}],[\"$\",\"meta\",\"7\",{\"property\":\"og:site_name\",\"content\":\"AT Protocol\"}],[\"$\",\"meta\",\"8\",{\"property\":\"og:image\",\"content\":\"https://atproto.com/default-social-card.png\"}],[\"$\",\"meta\",\"9\",{\"property\":\"og:image:secure_url\",\"content\":\"https://atproto.com/default-social-card.png\"}],[\"$\",\"meta\",\"10\",{\"property\":\"og:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"11\",{\"property\":\"og:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"12\",{\"property\":\"og:type\",\"content\":\"website\"}],[\"$\",\"meta\",\"13\",{\"name\":\"twitter:card\",\"content\":\"summary_large_image\"}],[\"$\",\"meta\",\"14\",{\"name\":\"twitter:title\",\"content\":\"HTTP API (XRPC) - AT Protocol\"}],[\"$\",\"meta\",\"15\",{\"name\":\"twitter:description\",\"content\":\"Cross-system queries and procedures over HTTP\"}],[\"$\",\"meta\",\"16\",{\"name\":\"twitter:image\",\"content\":\"https://atproto.com/default-social-card.png\"}]]\n3:null\n"])</script><script>self.__next_f.push([1,"f:I[5148,[\"231\",\"static/chunks/231-181ea92841931ecc.js\",\"1364\",\"static/chunks/1364-c5ca11b1c706d695.js\",\"2533\",\"static/chunks/2533-375920c1c2b49e69.js\",\"902\",\"static/chunks/902-72f88913c77b5544.js\",\"7915\",\"static/chunks/7915-4e4e4521ff2dd284.js\",\"1953\",\"static/chunks/1953-6d7c09a02aa0c5ee.js\",\"1203\",\"static/chunks/app/%5Blocale%5D/layout-312c13a570617719.js\"],\"Providers\"]\n10:I[2808,[\"231\",\"static/chunks/231-181ea92841931ecc.js\",\"1364\",\"static/chunks/1364-c5ca11b1c706d695.js\",\"2533\",\"static/chunks/2533-375920c1c2b49e69.js\",\"902\",\"static/chunks/902-72f88913c77b5544.js\",\"7915\",\"static/chunks/7915-4e4e4521ff2dd284.js\",\"1953\",\"static/chunks/1953-6d7c09a02aa0c5ee.js\",\"1203\",\"static/chunks/app/%5Blocale%5D/layout-312c13a570617719.js\"],\"Layout\"]\n"])</script><script>self.__next_f.push([1,"b:[\"$\",\"html\",null,{\"lang\":\"en\",\"className\":\"h-full\",\"suppressHydrationWarning\":true,\"children\":[\"$\",\"body\",null,{\"className\":\"flex min-h-full bg-white antialiased dark:bg-zinc-900\",\"children\":[\"$\",\"$Lf\",null,{\"children\":[\"$\",\"div\",null,{\"className\":\"w-full\",\"children\":[\"$\",\"$L10\",null,{\"allSections\":{\"/en.mdx\":[],\"/ja.mdx\":[],\"/pt.mdx\":[],\"/explorer\":[],\"/sdks\":[{\"title\":\"Official libraries\",\"id\":\"official-libraries\"},{\"title\":\"Community libraries\",\"id\":\"community-libraries\"}],\"/articles/atproto-for-distsys-engineers/en.mdx\":[{\"title\":\"Scaling the traditional Web backend\",\"id\":\"scaling-the-traditional-web-backend\"},{\"title\":\"Decentralizing our high-scale backend\",\"id\":\"decentralizing-our-high-scale-backend\"},{\"title\":\"Unifying the data model\",\"id\":\"unifying-the-data-model\"},{\"title\":\"Charting the flow of data\",\"id\":\"charting-the-flow-of-data\"},{\"title\":\"Building practical open systems\",\"id\":\"building-practical-open-systems\"}],\"/articles/atproto-for-distsys-engineers/ja.mdx\":[{\"title\":\"従来の Web バックエンドのスケーリング\",\"id\":\"web\"},{\"title\":\"大規模バックエンドの分散化\",\"id\":\"\"},{\"title\":\"データモデルの統合\",\"id\":\"\"},{\"title\":\"データの流れを図に表す\",\"id\":\"\"},{\"title\":\"実用的なオープンシステムの構築\",\"id\":\"\"}],\"/articles/atproto-for-distsys-engineers/pt.mdx\":[{\"title\":\"Escalando o backend tradicional da Web\",\"id\":\"escalando-o-backend-tradicional-da-web\"},{\"title\":\"Descentralizando nosso backend de alta escala\",\"id\":\"descentralizando-nosso-backend-de-alta-escala\"},{\"title\":\"Unificando o modelo de dados\",\"id\":\"unificando-o-modelo-de-dados\"},{\"title\":\"Mapeando o fluxo de dados\",\"id\":\"mapeando-o-fluxo-de-dados\"},{\"title\":\"Construindo sistemas abertos práticos\",\"id\":\"construindo-sistemas-abertos-praticos\"}],\"/articles/why-atproto\":[],\"/guides/account-lifecycle/en.mdx\":[],\"/guides/account-migration/en.mdx\":[{\"title\":\"Creating New Account\",\"id\":\"creating-new-account\"},{\"title\":\"Migrating Data\",\"id\":\"migrating-data\"},{\"title\":\"Updating Identity\",\"id\":\"updating-identity\"},{\"title\":\"Finalizing Account Status\",\"id\":\"finalizing-account-status\"}],\"/guides/applications/en.mdx\":[{\"title\":\"Introduction\",\"id\":\"introduction\"},{\"title\":\"Step 1. Starting with our ExpressJS app\",\"id\":\"step-1-starting-with-our-express-js-app\"},{\"title\":\"Step 2. Signing in with OAuth\",\"id\":\"step-2-signing-in-with-o-auth\"},{\"title\":\"Step 3. Fetching the user's profile\",\"id\":\"step-3-fetching-the-users-profile\"},{\"title\":\"Step 4. Reading \u0026 writing records\",\"id\":\"step-4-reading-and-writing-records\"},{\"title\":\"Step 5. Creating a custom \\\"status\\\" schema\",\"id\":\"step-5-creating-a-custom-status-schema\"},{\"title\":\"Step 6. Listening to the firehose\",\"id\":\"step-6-listening-to-the-firehose\"},{\"title\":\"Step 7. Listing the latest statuses\",\"id\":\"step-7-listing-the-latest-statuses\"},{\"title\":\"Step 8. Optimistic updates\",\"id\":\"step-8-optimistic-updates\"},{\"title\":\"Thinking in AT Proto\",\"id\":\"thinking-in-at-proto\"},{\"title\":\"Next steps\",\"id\":\"next-steps\"}],\"/guides/applications/ja.mdx\":[{\"title\":\"はじめに\",\"id\":\"\"},{\"title\":\"ステップ 1. ExpressJS アプリから始める\",\"id\":\"1-express-js\"},{\"title\":\"ステップ 2. OAuth でサインイン\",\"id\":\"2-o-auth\"},{\"title\":\"ステップ 3. ユーザーのプロファイルを取得する\",\"id\":\"3\"},{\"title\":\"ステップ 4. レコードの読み取りと書き込み\",\"id\":\"4\"},{\"title\":\"ステップ 5. カスタムの「ステータス」スキーマの作成\",\"id\":\"5\"},{\"title\":\"ステップ 6. ファイアホースをリッスン\",\"id\":\"6\"},{\"title\":\"ステップ 7. 最新のステータスを一覧表示する\",\"id\":\"7\"},{\"title\":\"ステップ 8. 楽観的更新\",\"id\":\"8\"},{\"title\":\"AT Proto で考える\",\"id\":\"at-proto\"},{\"title\":\"次のステップ\",\"id\":\"\"}],\"/guides/applications/pt.mdx\":[{\"title\":\"Introdução\",\"id\":\"introducao\"},{\"title\":\"Etapa 1. Começando com nosso aplicativo ExpressJS\",\"id\":\"etapa-1-comecando-com-nosso-aplicativo-express-js\"},{\"title\":\"Etapa 2. Entrando com OAuth\",\"id\":\"etapa-2-entrando-com-o-auth\"},{\"title\":\"Etapa 3. Obtendo o perfil do usuário\",\"id\":\"etapa-3-obtendo-o-perfil-do-usuario\"},{\"title\":\"Etapa 4. Lendo e escrevendo registros\",\"id\":\"etapa-4-lendo-e-escrevendo-registros\"},{\"title\":\"Etapa 5. Criando um esquema de \\\"status\\\" personalizado\",\"id\":\"etapa-5-criando-um-esquema-de-status-personalizado\"},{\"title\":\"Etapa 6. Ouvindo o firehose\",\"id\":\"etapa-6-ouvindo-o-firehose\"},{\"title\":\"Etapa 7. Listando os status mais recentes\",\"id\":\"etapa-7-listando-os-status-mais-recentes\"},{\"title\":\"Etapa 8. Atualizações otimistas\",\"id\":\"etapa-8-atualizacoes-otimistas\"},{\"title\":\"Pensando em AT Proto\",\"id\":\"pensando-em-at-proto\"},{\"title\":\"Próximos passos\",\"id\":\"proximos-passos\"}],\"/guides/data-repos/en.mdx\":[{\"title\":\"Data Layout\",\"id\":\"data-layout\"},{\"title\":\"Identifier Types\",\"id\":\"identifier-types\"}],\"/guides/data-repos/ja.mdx\":[{\"title\":\"データレイアウト\",\"id\":\"\"},{\"title\":\"識別子の種類\",\"id\":\"\"}],\"/guides/data-repos/pt.mdx\":[{\"title\":\"Layout de dados\",\"id\":\"layout-de-dados\"},{\"title\":\"Tipos de Identificadores\",\"id\":\"tipos-de-identificadores\"}],\"/guides/faq/en.mdx\":[{\"title\":\"Is the AT Protocol a blockchain?\",\"id\":\"is-the-at-protocol-a-blockchain\"},{\"title\":\"Why not use ActivityPub?\",\"id\":\"why-not-use-activity-pub\"},{\"title\":\"Why create Lexicon instead of using JSON-LD or RDF?\",\"id\":\"why-create-lexicon-instead-of-using-json-ld-or-rdf\"},{\"title\":\"What is “XRPC,” and why not use ___?\",\"id\":\"what-is-xrpc-and-why-not-use\"}],\"/guides/faq/ja.mdx\":[{\"title\":\"AT プロトコルはブロックチェーンですか?\",\"id\":\"at\"},{\"title\":\"ActivityPub を使用しないのはなぜですか?\",\"id\":\"activity-pub\"},{\"title\":\"JSON-LD や RDF を使用する代わりに Lexicon を作成する理由\",\"id\":\"json-ld-rdf-lexicon\"},{\"title\":\"「XRPC」とは何ですか。なぜ ___ を使用しないのですか?\",\"id\":\"xrpc\"}],\"/guides/faq/pt.mdx\":[{\"title\":\"O Protocolo AT é uma blockchain?\",\"id\":\"o-protocolo-at-e-uma-blockchain\"},{\"title\":\"Por que não usar o ActivityPub?\",\"id\":\"por-que-nao-usar-o-activity-pub\"},{\"title\":\"Por que criar o Lexicon em vez de usar JSON-LD ou RDF?\",\"id\":\"por-que-criar-o-lexicon-em-vez-de-usar-json-ld-ou-rdf\"},{\"title\":\"O que é “XRPC” e por que não usar ___?\",\"id\":\"o-que-e-xrpc-e-por-que-nao-usar\"}],\"/guides/glossary/en.mdx\":[{\"title\":\"Atmosphere\",\"id\":\"atmosphere\"},{\"title\":\"AT Protocol\",\"id\":\"at-protocol\"},{\"title\":\"PDS (Personal Data Server)\",\"id\":\"pds-personal-data-server\"},{\"title\":\"AppView\",\"id\":\"app-view\"},{\"title\":\"Relay\",\"id\":\"relay\"},{\"title\":\"Lexicon\",\"id\":\"lexicon\"},{\"title\":\"Data Repo\",\"id\":\"data-repo\"},{\"title\":\"Collection\",\"id\":\"collection\"},{\"title\":\"Record\",\"id\":\"record\"},{\"title\":\"Blob\",\"id\":\"blob\"},{\"title\":\"Label\",\"id\":\"label\"},{\"title\":\"Handle\",\"id\":\"handle\"},{\"title\":\"DID (Decentralized ID)\",\"id\":\"did-decentralized-id\"},{\"title\":\"NSID (Namespaced ID)\",\"id\":\"nsid-namespaced-id\"},{\"title\":\"TID (Timestamp ID)\",\"id\":\"tid-timestamp-id\"},{\"title\":\"CID (Content ID)\",\"id\":\"cid-content-id\"},{\"title\":\"DAG-CBOR\",\"id\":\"dag-cbor\"},{\"title\":\"XRPC\",\"id\":\"xrpc\"}],\"/guides/glossary/ja.mdx\":[{\"title\":\"Atmosphere\",\"id\":\"atmosphere\"},{\"title\":\"AT プロトコル\",\"id\":\"at\"},{\"title\":\"PDS (パーソナルデータサーバー)\",\"id\":\"pds\"},{\"title\":\"AppView\",\"id\":\"app-view\"},{\"title\":\"リレー\",\"id\":\"\"},{\"title\":\"Lexicon\",\"id\":\"lexicon\"},{\"title\":\"データリポジトリ\",\"id\":\"\"},{\"title\":\"コレクション\",\"id\":\"\"},{\"title\":\"レコード\",\"id\":\"\"},{\"title\":\"BLOB\",\"id\":\"blob\"},{\"title\":\"ラベル\",\"id\":\"\"},{\"title\":\"ハンドル\",\"id\":\"\"},{\"title\":\"DID (分散 ID)\",\"id\":\"did-id\"},{\"title\":\"NSID (名前空間 ID)\",\"id\":\"nsid-id\"},{\"title\":\"TID (タイムスタンプ ID)\",\"id\":\"tid-id\"},{\"title\":\"CID (コンテンツ ID)\",\"id\":\"cid-id\"},{\"title\":\"DAG-CBOR\",\"id\":\"dag-cbor\"},{\"title\":\"XRPC\",\"id\":\"xrpc\"}],\"/guides/glossary/pt.mdx\":[{\"title\":\"Atmosphere\",\"id\":\"atmosphere\"},{\"title\":\"AT Protocol\",\"id\":\"at-protocol\"},{\"title\":\"PDS (Personal Data Server)\",\"id\":\"pds-personal-data-server\"},{\"title\":\"AppView\",\"id\":\"app-view\"},{\"title\":\"Relay\",\"id\":\"relay\"},{\"title\":\"Lexicon\",\"id\":\"lexicon\"},{\"title\":\"Data Repo\",\"id\":\"data-repo\"},{\"title\":\"Collection\",\"id\":\"collection\"},{\"title\":\"Record\",\"id\":\"record\"},{\"title\":\"Blob\",\"id\":\"blob\"},{\"title\":\"Label\",\"id\":\"label\"},{\"title\":\"Handle\",\"id\":\"handle\"},{\"title\":\"DID (Decentralized ID)\",\"id\":\"did-decentralized-id\"},{\"title\":\"NSID (Namespaced ID)\",\"id\":\"nsid-namespaced-id\"},{\"title\":\"TID (Timestamp ID)\",\"id\":\"tid-timestamp-id\"},{\"title\":\"CID (Content ID)\",\"id\":\"cid-content-id\"},{\"title\":\"DAG-CBOR\",\"id\":\"dag-cbor\"},{\"title\":\"XRPC\",\"id\":\"xrpc\"}],\"/guides/identity/en.mdx\":[{\"title\":\"Identifiers\",\"id\":\"identifiers\"},{\"title\":\"DID Methods\",\"id\":\"did-methods\"},{\"title\":\"Handle Resolution\",\"id\":\"handle-resolution\"}],\"/guides/identity/ja.mdx\":[{\"title\":\"識別子\",\"id\":\"\"},{\"title\":\"DID メソッド\",\"id\":\"did\"},{\"title\":\"ハンドル解決\",\"id\":\"\"}],\"/guides/identity/pt.mdx\":[{\"title\":\"Identificadores\",\"id\":\"identificadores\"},{\"title\":\"Métodos DID\",\"id\":\"metodos-did\"},{\"title\":\"Resolução de identificadores\",\"id\":\"resolucao-de-identificadores\"}],\"/guides/lexicon/en.mdx\":[{\"title\":\"Why is Lexicon needed?\",\"id\":\"why-is-lexicon-needed\"},{\"title\":\"HTTP API methods\",\"id\":\"http-api-methods\"},{\"title\":\"Record types\",\"id\":\"record-types\"},{\"title\":\"Tokens\",\"id\":\"tokens\"},{\"title\":\"Versioning\",\"id\":\"versioning\"},{\"title\":\"Schema distribution\",\"id\":\"schema-distribution\"}],\"/guides/lexicon/ja.mdx\":[{\"title\":\"Lexicon が必要な理由\",\"id\":\"lexicon\"},{\"title\":\"HTTP API メソッド\",\"id\":\"http-api\"},{\"title\":\"レコードタイプ\",\"id\":\"\"},{\"title\":\"トークン\",\"id\":\"\"},{\"title\":\"バージョン管理\",\"id\":\"\"},{\"title\":\"スキーマの配布\",\"id\":\"\"}],\"/guides/lexicon/pt.mdx\":[{\"title\":\"Por que o Lexicon é necessário?\",\"id\":\"por-que-o-lexicon-e-necessario\"},{\"title\":\"Métodos de API HTTP\",\"id\":\"metodos-de-api-http\"},{\"title\":\"Tipos de registro\",\"id\":\"tipos-de-registro\"},{\"title\":\"Tokens\",\"id\":\"tokens\"},{\"title\":\"Versionamento\",\"id\":\"versionamento\"},{\"title\":\"Distribuição de esquema\",\"id\":\"distribuicao-de-esquema\"}],\"/guides/overview/en.mdx\":[{\"title\":\"Identity\",\"id\":\"identity\"},{\"title\":\"Data Repositories\",\"id\":\"data-repositories\"},{\"title\":\"Network Architecture\",\"id\":\"network-architecture\"},{\"title\":\"Interoperation\",\"id\":\"interoperation\"},{\"title\":\"Achieving Scale\",\"id\":\"achieving-scale\"},{\"title\":\"Algorithmic choice\",\"id\":\"algorithmic-choice\"},{\"title\":\"Account portability\",\"id\":\"account-portability\"},{\"title\":\"Speech, reach, and moderation\",\"id\":\"speech-reach-and-moderation\"},{\"title\":\"Specifications\",\"id\":\"specifications\"}],\"/guides/overview/ja.mdx\":[{\"title\":\"アイデンティティ\",\"id\":\"\"},{\"title\":\"データリポジトリ\",\"id\":\"\"},{\"title\":\"フェデレーション\",\"id\":\"\"},{\"title\":\"相互運用\",\"id\":\"\"},{\"title\":\"スケールの実現\",\"id\":\"\"},{\"title\":\"アルゴリズムの選択\",\"id\":\"\"},{\"title\":\"アカウントの移植性\",\"id\":\"\"},{\"title\":\"スピーチ、リーチ、モデレーション\",\"id\":\"\"},{\"title\":\"仕様\",\"id\":\"\"}],\"/guides/overview/pt.mdx\":[{\"title\":\"Identidade\",\"id\":\"identidade\"},{\"title\":\"Repositórios de dados\",\"id\":\"repositorios-de-dados\"},{\"title\":\"Federação\",\"id\":\"federacao\"},{\"title\":\"Interoperação\",\"id\":\"interoperacao\"},{\"title\":\"Alcançando escala\",\"id\":\"alcancando-escala\"},{\"title\":\"Escolha algorítmica\",\"id\":\"escolha-algoritmica\"},{\"title\":\"Portabilidade de conta\",\"id\":\"portabilidade-de-conta\"},{\"title\":\"Fala, alcance e moderação\",\"id\":\"fala-alcance-e-moderacao\"},{\"title\":\"Especificações\",\"id\":\"especificacoes\"}],\"/guides/self-hosting/en.mdx\":[{\"title\":\"Table of Contents\",\"id\":\"table-of-contents\"},{\"title\":\"Preparation for self-hosting PDS\",\"id\":\"preparation-for-self-hosting-pds\"},{\"title\":\"Open your cloud firewall for HTTP and HTTPS\",\"id\":\"open-your-cloud-firewall-for-http-and-https\"},{\"title\":\"Configure DNS for your domain\",\"id\":\"configure-dns-for-your-domain\"},{\"title\":\"Check that DNS is working as expected\",\"id\":\"check-that-dns-is-working-as-expected\"},{\"title\":\"Installer on Ubuntu 20.04/22.04 and Debian 11/12\",\"id\":\"installer-on-ubuntu-20-04-22-04-and-debian-11-12\"},{\"title\":\"Verifying that your PDS is online and accessible\",\"id\":\"verifying-that-your-pds-is-online-and-accessible\"},{\"title\":\"Creating an account using pdsadmin\",\"id\":\"creating-an-account-using-pdsadmin\"},{\"title\":\"Creating an account using an invite code\",\"id\":\"creating-an-account-using-an-invite-code\"},{\"title\":\"Using the Bluesky app with your PDS\",\"id\":\"using-the-bluesky-app-with-your-pds\"},{\"title\":\"Updating your PDS\",\"id\":\"updating-your-pds\"},{\"title\":\"Getting help\",\"id\":\"getting-help\"}],\"/guides/self-hosting/ja.mdx\":[{\"title\":\"目次\",\"id\":\"\"},{\"title\":\"セルフホスティング PDS の準備\",\"id\":\"pds\"},{\"title\":\"クラウドファイアウォールを HTTP および HTTPS 用に開く\",\"id\":\"http-https\"},{\"title\":\"ドメインの DNS を構成する\",\"id\":\"dns\"},{\"title\":\"DNS が期待どおりに動作していることを確認します\",\"id\":\"dns-2\"},{\"title\":\"Ubuntu 20.04/22.04 および Debian 11/12 のインストーラー\",\"id\":\"ubuntu-20-04-22-04-debian-11-12\"},{\"title\":\"PDS がオンラインでアクセス可能であることを確認する\",\"id\":\"pds-2\"},{\"title\":\"pdsadmin を使用してアカウントを作成する\",\"id\":\"pdsadmin\"},{\"title\":\"招待コードを使用してアカウントを作成する\",\"id\":\"\"},{\"title\":\"PDS で Bluesky アプリを使用する\",\"id\":\"pds-bluesky\"},{\"title\":\"PDS の更新\",\"id\":\"pds-3\"},{\"title\":\"ヘルプの取得\",\"id\":\"\"}],\"/guides/self-hosting/pt.mdx\":[{\"title\":\"Índice\",\"id\":\"indice\"},{\"title\":\"Preparação para auto-hospedagem de PDS\",\"id\":\"preparacao-para-auto-hospedagem-de-pds\"},{\"title\":\"Abra seu firewall de nuvem para HTTP e HTTPS\",\"id\":\"abra-seu-firewall-de-nuvem-para-http-e-https\"},{\"title\":\"Configure o DNS para seu domínio\",\"id\":\"configure-o-dns-para-seu-dominio\"},{\"title\":\"Verifique se o DNS está funcionando conforme o esperado\",\"id\":\"verifique-se-o-dns-esta-funcionando-conforme-o-esperado\"},{\"title\":\"Instalador no Ubuntu 20.04/22.04 e Debian 11/12\",\"id\":\"instalador-no-ubuntu-20-04-22-04-e-debian-11-12\"},{\"title\":\"Verificando se seu PDS está online e acessível\",\"id\":\"verificando-se-seu-pds-esta-online-e-acessivel\"},{\"title\":\"Criando uma conta usando pdsadmin\",\"id\":\"criando-uma-conta-usando-pdsadmin\"},{\"title\":\"Criando uma conta usando um código de convite\",\"id\":\"criando-uma-conta-usando-um-codigo-de-convite\"},{\"title\":\"Usando o aplicativo Bluesky com seu PDS\",\"id\":\"usando-o-aplicativo-bluesky-com-seu-pds\"},{\"title\":\"Atualizando seu PDS\",\"id\":\"atualizando-seu-pds\"},{\"title\":\"Obtendo ajuda\",\"id\":\"obtendo-ajuda\"}],\"/specs/account\":[{\"title\":\"Hosting Status\",\"id\":\"hosting-status\"},{\"title\":\"PDS Account Migration\",\"id\":\"pds-account-migration\"},{\"title\":\"Usage and Implementation Guidelines\",\"id\":\"usage-and-implementation-guidelines\"},{\"title\":\"Security Considerations\",\"id\":\"security-considerations\"},{\"title\":\"Future Work\",\"id\":\"future-work\"}],\"/specs/at-uri-scheme\":[],\"/specs/atp\":[{\"title\":\"Protocol Structure\",\"id\":\"protocol-structure\"},{\"title\":\"Protocol Extension and Applications\",\"id\":\"protocol-extension-and-applications\"},{\"title\":\"What Is Missing?\",\"id\":\"what-is-missing\"},{\"title\":\"Future Work\",\"id\":\"future-work\"}],\"/specs/blob\":[{\"title\":\"Blob Metadata\",\"id\":\"blob-metadata\"},{\"title\":\"Blob Lifecycle\",\"id\":\"blob-lifecycle\"},{\"title\":\"Usage and Implementation Guidelines\",\"id\":\"usage-and-implementation-guidelines\"},{\"title\":\"Security Considerations\",\"id\":\"security-considerations\"},{\"title\":\"Possible Future Changes\",\"id\":\"possible-future-changes\"}],\"/specs/cryptography\":[{\"title\":\"ECDSA Signature Malleability\",\"id\":\"ecdsa-signature-malleability\"},{\"title\":\"Public Key Encoding\",\"id\":\"public-key-encoding\"},{\"title\":\"Usage and Implementation Guidelines\",\"id\":\"usage-and-implementation-guidelines\"},{\"title\":\"Possible Future Changes\",\"id\":\"possible-future-changes\"}],\"/specs/data-model\":[{\"title\":\"Relationship With IPLD\",\"id\":\"relationship-with-ipld\"},{\"title\":\"Data Types\",\"id\":\"data-types\"},{\"title\":\"blob Type\",\"id\":\"blob-type\"},{\"title\":\"JSON Representation\",\"id\":\"json-representation\"},{\"title\":\"Link and CID Formats\",\"id\":\"link-and-cid-formats\"},{\"title\":\"Usage and Implementation Guidelines\",\"id\":\"usage-and-implementation-guidelines\"},{\"title\":\"Security and Privacy Considerations\",\"id\":\"security-and-privacy-considerations\"},{\"title\":\"Possible Future Changes\",\"id\":\"possible-future-changes\"}],\"/specs/did\":[{\"title\":\"Blessed DID Methods\",\"id\":\"blessed-did-methods\"},{\"title\":\"AT Protocol DID Identifier Syntax\",\"id\":\"at-protocol-did-identifier-syntax\"},{\"title\":\"DID Documents\",\"id\":\"did-documents\"},{\"title\":\"Representation of Public Keys\",\"id\":\"representation-of-public-keys\"},{\"title\":\"Usage and Implementation Guidelines\",\"id\":\"usage-and-implementation-guidelines\"},{\"title\":\"Possible Future Changes\",\"id\":\"possible-future-changes\"}],\"/specs/event-stream\":[{\"title\":\"Streaming Wire Protocol (v0)\",\"id\":\"streaming-wire-protocol-v0\"},{\"title\":\"Usage and Implementation Guidelines\",\"id\":\"usage-and-implementation-guidelines\"},{\"title\":\"Security and Privacy Considerations\",\"id\":\"security-and-privacy-considerations\"},{\"title\":\"Possible Future Changes\",\"id\":\"possible-future-changes\"}],\"/specs/handle\":[{\"title\":\"Handle Identifier Syntax\",\"id\":\"handle-identifier-syntax\"},{\"title\":\"Additional Non-Syntax Restrictions\",\"id\":\"additional-non-syntax-restrictions\"},{\"title\":\"Identifier Examples\",\"id\":\"identifier-examples\"},{\"title\":\"Handle Resolution\",\"id\":\"handle-resolution\"},{\"title\":\"Usage and Implementation Guidelines\",\"id\":\"usage-and-implementation-guidelines\"},{\"title\":\"Possible Future Changes\",\"id\":\"possible-future-changes\"}],\"/specs/label\":[{\"title\":\"Schema and Data Model\",\"id\":\"schema-and-data-model\"},{\"title\":\"Value\",\"id\":\"value\"},{\"title\":\"Label Lifecycle: Negation and Expiration\",\"id\":\"label-lifecycle-negation-and-expiration\"},{\"title\":\"Signatures\",\"id\":\"signatures\"},{\"title\":\"Self-Labels in Records\",\"id\":\"self-labels-in-records\"},{\"title\":\"Labeler Service Identity\",\"id\":\"labeler-service-identity\"},{\"title\":\"Label Distribution Endpoints\",\"id\":\"label-distribution-endpoints\"},{\"title\":\"Labeler HTTP Headers\",\"id\":\"labeler-http-headers\"},{\"title\":\"Security Considerations\",\"id\":\"security-considerations\"},{\"title\":\"Usage and Implementation Guidelines\",\"id\":\"usage-and-implementation-guidelines\"},{\"title\":\"Possible Future Changes\",\"id\":\"possible-future-changes\"}],\"/specs/lexicon\":[{\"title\":\"Overview of Types\",\"id\":\"overview-of-types\"},{\"title\":\"Lexicon Files\",\"id\":\"lexicon-files\"},{\"title\":\"Primary Type Definitions\",\"id\":\"primary-type-definitions\"},{\"title\":\"Field Type Definitions\",\"id\":\"field-type-definitions\"},{\"title\":\"String Formats\",\"id\":\"string-formats\"},{\"title\":\"When to use $type\",\"id\":\"when-to-use-type\"},{\"title\":\"Lexicon Evolution\",\"id\":\"lexicon-evolution\"},{\"title\":\"Authority and Control\",\"id\":\"authority-and-control\"},{\"title\":\"Usage and Implementation Guidelines\",\"id\":\"usage-and-implementation-guidelines\"},{\"title\":\"Possible Future Changes\",\"id\":\"possible-future-changes\"}],\"/specs/nsid\":[],\"/specs/oauth\":[{\"title\":\"Clients\",\"id\":\"clients\"},{\"title\":\"Identity Authentication\",\"id\":\"identity-authentication\"},{\"title\":\"Authorization Scopes\",\"id\":\"authorization-scopes\"},{\"title\":\"Authorization Requests\",\"id\":\"authorization-requests\"},{\"title\":\"Tokens and Session Lifetime\",\"id\":\"tokens-and-session-lifetime\"},{\"title\":\"Demonstrating Proof of Possession (DPoP)\",\"id\":\"demonstrating-proof-of-possession-d-po-p\"},{\"title\":\"Authorization Servers\",\"id\":\"authorization-servers\"},{\"title\":\"Summary of Authorization Flow\",\"id\":\"summary-of-authorization-flow\"},{\"title\":\"Security Considerations\",\"id\":\"security-considerations\"},{\"title\":\"Possible Future Changes\",\"id\":\"possible-future-changes\"}],\"/specs/record-key\":[],\"/specs/repository\":[{\"title\":\"Repo Data Structure (v3)\",\"id\":\"repo-data-structure-v3\"},{\"title\":\"CAR File Serialization\",\"id\":\"car-file-serialization\"},{\"title\":\"Repository Diffs\",\"id\":\"repository-diffs\"},{\"title\":\"Security Considerations\",\"id\":\"security-considerations\"},{\"title\":\"Possible Future Changes\",\"id\":\"possible-future-changes\"}],\"/specs/sync\":[{\"title\":\"Synchronization Primitives\",\"id\":\"synchronization-primitives\"},{\"title\":\"Firehose\",\"id\":\"firehose\"},{\"title\":\"Reliable Synchronization\",\"id\":\"reliable-synchronization\"},{\"title\":\"Bootstrapping a Live Mirror\",\"id\":\"bootstrapping-a-live-mirror\"},{\"title\":\"Usage and Implementation Guidelines\",\"id\":\"usage-and-implementation-guidelines\"},{\"title\":\"Security Concerns\",\"id\":\"security-concerns\"},{\"title\":\"Future Work\",\"id\":\"future-work\"}],\"/specs/tid\":[{\"title\":\"TID Structure\",\"id\":\"tid-structure\"},{\"title\":\"TID Syntax\",\"id\":\"tid-syntax\"}],\"/specs/xrpc\":[{\"title\":\"Lexicon HTTP Endpoints\",\"id\":\"lexicon-http-endpoints\"},{\"title\":\"Authentication\",\"id\":\"authentication\"},{\"title\":\"Service Proxying\",\"id\":\"service-proxying\"},{\"title\":\"Summary of HTTP Headers\",\"id\":\"summary-of-http-headers\"},{\"title\":\"Summary of HTTP Status Codes\",\"id\":\"summary-of-http-status-codes\"},{\"title\":\"Usage and Implementation Guidelines\",\"id\":\"usage-and-implementation-guidelines\"},{\"title\":\"Security and Privacy Considerations\",\"id\":\"security-and-privacy-considerations\"},{\"title\":\"Possible Future Changes\",\"id\":\"possible-future-changes\"}]},\"children\":[\"$\",\"$L8\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"$9\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$La\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":[[\"$\",\"div\",null,{\"className\":\"absolute inset-0 -z-10 mx-0 max-w-none overflow-hidden\",\"children\":[\"$\",\"div\",null,{\"className\":\"absolute left-1/2 top-0 ml-[-38rem] h-[25rem] w-[81.25rem] dark:[mask-image:linear-gradient(white,transparent)]\",\"children\":[\"$\",\"div\",null,{\"className\":\"absolute inset-0 bg-gradient-to-r from-[#6fa5ff] to-[#9dc0fb] opacity-40 [mask-image:radial-gradient(farthest-side_at_top,white,transparent)] dark:from-[#0090f2]/30 dark:to-[#7588ff]/30 dark:opacity-100\",\"children\":[\"$\",\"svg\",null,{\"aria-hidden\":\"true\",\"className\":\"absolute inset-x-0 inset-y-[-50%] h-[200%] w-full fill-black/40 stroke-black/50 mix-blend-overlay dark:fill-white/2.5 dark:stroke-white/5\",\"children\":[[\"$\",\"defs\",null,{\"children\":[\"$\",\"pattern\",null,{\"id\":\":S1:\",\"width\":72,\"height\":56,\"patternUnits\":\"userSpaceOnUse\",\"x\":-12,\"y\":4,\"children\":[\"$\",\"path\",null,{\"d\":\"M.5 56V.5H72\",\"fill\":\"none\"}]}]}],[\"$\",\"rect\",null,{\"width\":\"100%\",\"height\":\"100%\",\"strokeWidth\":0,\"fill\":\"url(#:S1:)\"}],[\"$\",\"svg\",null,{\"x\":-12,\"y\":4,\"className\":\"overflow-visible\",\"children\":[]}]]}]}]}]}],[\"$\",\"div\",null,{\"className\":\"mx-auto flex h-full max-w-xl flex-col items-center justify-center py-16 text-center\",\"children\":[[\"$\",\"p\",null,{\"className\":\"text-sm font-semibold text-zinc-900 dark:text-white\",\"children\":\"404\"}],[\"$\",\"h1\",null,{\"className\":\"mt-2 text-2xl font-bold text-zinc-900 dark:text-white\",\"children\":\"Page not found\"}],[\"$\",\"p\",null,{\"className\":\"mt-2 text-base text-zinc-600 dark:text-zinc-400\",\"children\":\"Sorry, we couldn’t find the page you’re looking for.\"}],[\"$\",\"$L4\",null,{\"className\":\"inline-flex gap-0.5 justify-center overflow-hidden text-sm font-medium transition rounded-full bg-zinc-900 py-1 px-3 text-white hover:bg-zinc-700 dark:bg-blue-400/10 dark:text-blue-400 dark:ring-1 dark:ring-inset dark:ring-blue-400/20 dark:hover:bg-blue-400/10 dark:hover:text-blue-300 dark:hover:ring-blue-300 mt-8\",\"href\":\"/\",\"children\":[false,\"Back to docs\",[\"$\",\"svg\",null,{\"viewBox\":\"0 0 20 20\",\"fill\":\"none\",\"aria-hidden\":\"true\",\"className\":\"mt-0.5 h-5 w-5 -mr-1\",\"children\":[\"$\",\"path\",null,{\"stroke\":\"currentColor\",\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"d\":\"m11.5 6.5 3 3.5m0 0-3 3.5m3-3.5h-9\"}]}]]}]]}]],\"notFoundStyles\":[],\"styles\":null}]}]}]}]}]}]\n"])</script></body></html>