Conduit
Conduit
Docsllms.txtHostingGitHubIntroduction

Getting Started

OverviewInstall ConduitMCP SetupYour First AppStart with AI

Learn

ArchitectureClient vs Admin APIConfiguration

Modules

OverviewAuthenticationAuthorizationDatabaseStorageCommunicationsChatRouterFunctions

Guides

Next.js IntegrationReBAC Team ScopingGitOps State Export

Deployment

Deployment OverviewDocker ComposeKubernetes and HelmLocal from SourceContainer Images

Reference

CLI ReferenceClient APIAdmin APIEnvironment VariablesMCP Tools

Resources

Migration v0.16 → v0.17Legacy DocumentationChangelogFAQGlossaryContributing

Client API

REST and GraphQL surface on the router — user-scoped application runtime.

The Client API runs on the router module (default CLIENT_BASE_URL → port 3000). All application runtime code — web apps, mobile backends, server actions — calls this surface with user bearer tokens from the authentication module.

For AI agents

Provisioning (schemas, config, admin users) uses the Admin API (:3030) or MCP — not the Client API. See Client vs Admin API.

Comparison

Client APIAdmin API
HostRouter (:3000)Core (:3030)
ConsumersWeb/mobile apps, user-scoped server routesAdmin panel, MCP, CI
AuthUser access/refresh tokensmasterkey, admin JWT, cdt_ tokens
Database/database/{Schema}, /database/function/{name}Schema/endpoint/index admin
RealtimeSocket.io on :3001 (/chat/ namespace)Admin WebSockets where registered

Authentication

Obtain tokens via login or register flows:

MethodPathNotes
POST/authentication/local/newRegister — returns user, not tokens
POST/authentication/localLogin — returns accessToken, refreshToken
POST/authentication/renewRotate refresh token
POST/authentication/logoutInvalidate session
GET/authentication/userCurrent user profile

Store tokens server-side (Redis vault + iron-session cookie). See Next.js guide.

Database

IntentMethodPath
List (unfiltered)GET/database/{Schema}?skip&limit&sort&populate&scope
Get by idGET/database/{Schema}/{id}
CreatePOST/database/{Schema}?scope=Team:id
UpdatePATCH/database/{Schema}/{id}
DeleteDELETE/database/{Schema}/{id}
Custom endpointGET/POST/…/database/function/{name}

GET /database/{Schema} has no filter parameter. Use provisioned custom endpoints for filtered queries.

GraphQL: POST /graphql when modules register types.

Authorization

MethodPath
GET/authorization/check?action=edit&resource=Document:id&scope=Team:tid
GET/authorization/role/:resource?scope=Team:tid

Pass scope on database creates for team-owned records. See ReBAC guide.

Storage

MethodPathAuth
POST/storage/uploadRequired
PATCH/storage/upload/:idRequired
GET/storage/getFileUrl/:idOptional
GET/storage/file/:idOptional (metadata)
GET/storage/file/data/:idRequired (transform-only)
DELETE/storage/file/:idRequired

Use getFileUrl server-side for preview proxy; stream bytes without exposing presigned URLs to browsers.

Chat

MethodPath
POST/chat/rooms
GET/chat/rooms?skip&limit
GET/chat/messages?roomId&skip&limit
PATCH/chat/messages/:messageId
DELETE/chat/messages/:messageId

Socket.io: connect to SOCKET_BASE_URL/chat/ with path /realtime and Authorization: Bearer header. Default socket port 3001.

Communications

MethodPathPurpose
POST/tokenRegister push device token
DELETE/tokenClear push tokens
GET/notificationsIn-app notification inbox
PATCH/notificationsMark notifications read

Sending email/SMS/push uses Admin API or grpc-sdk from server-side workers — not with admin credentials in the browser.

Teams

Team routes under /authentication/teams (list, create, invite, join) require user authentication. Team membership drives ReBAC inheritance on team-scoped documents.

Environment

VariableDefaultMeaning
CLIENT_HTTP_PORT3000REST/GraphQL
CLIENT_SOCKET_PORT3001WebSockets
CLIENT_BASE_URLhttp://localhost:3000App server target

Rules

  1. Never call Admin API from user-facing code paths
  2. Never store tokens in browser storage
  3. Never fetch whole collections and filter client-side — use custom endpoints
  4. Never expose presigned storage URLs to clients
  5. Provision schemas and endpoints at dev/deploy time via MCP

Module reference

ModuleDoc
Authentication/docs/modules/authentication
Authorization/docs/modules/authorization
Database/docs/modules/database
Storage/docs/modules/storage
Chat/docs/modules/chat
Communications/docs/modules/communications
Router/docs/modules/router

CLI Reference

Conduit CLI install and deploy commands.

Admin API

REST, GraphQL, and WebSocket admin surface on core — auth, scope, and MCP relationship.

On this page

ComparisonAuthenticationDatabaseAuthorizationStorageChatCommunicationsTeamsEnvironmentRulesModule reference