Overview
The BeePass API provides programmatic access to your breeding data: queens, evaluations, estimated breeding values (EBV), pedigrees, and exports. All operations available in the web interface are accessible via the REST API.
Base URL
https://beepass.io/api/
All routes are relative to this base. For example, the F0 queen list is accessible via GET https://beepass.io/api/queens/f0.
Authentication
All routes require an authenticated session via Supabase Auth (SSR cookies). Admin routes additionally require an HMAC cookie beepass-admin-token.
See the Authentication page for full details.
Format
- Requests:
Content-Type: application/json - Responses: JSON
- Encoding: UTF-8
Pagination
List endpoints support pagination via query parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
limit | integer | 20 | Number of items per page (max 100) |
offset | integer | 0 | Number of items to skip |
Error Codes
| Code | Description |
|---|---|
400 | Bad Request — invalid parameters or malformed request body |
401 | Unauthorized — missing or expired session |
403 | Forbidden — insufficient permissions (e.g., admin access required) |
404 | Not Found — resource does not exist or is not owned by you |
429 | Too Many Requests — rate limit exceeded |
500 | Internal Server Error — server-side error |
Errors return a JSON object:
{
"error": "Description of the problem"
}
Rate Limiting
Request limits are enforced via Upstash Redis:
| Action | Limit |
|---|---|
| Login | 10 attempts / 15 minutes |
| Registration | 3 / hour |
| Verification code send | 5 / 10 minutes |
| Verification code check | 10 / minute |
RLS (Row Level Security)
All data is scoped to the authenticated user via owner_id = auth.uid(). You can only access your own queens, evaluations, and results. Reference data (BeePass Index) is read-only for all authenticated users.
See also: Authentication | API Keys | Queens | Evaluations | EBV | Export