> ## Documentation Index
> Fetch the complete documentation index at: https://learn.nexudus.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Public API

> A comprehensive guide to the Nexudus Members Portal API

The Nexudus Members Portal is a front-end only application that connects to the Nexudus API backend. This API provides comprehensive access to all the functionality available in the portal interface, enabling developers to integrate portal features into custom applications, mobile apps, or third-party systems.

<Note>
  This portal application does not have its own backend - it connects directly to the Nexudus API infrastructure for all data operations using a
  client-side architecture.
</Note>

## Base URL Structure

The API endpoints follow two primary URL patterns:

* **API Endpoints**: `https://[your-space].spaces.nexudus.com/api/public/...`
* **Localized Endpoints**: `https://[your-space].spaces.nexudus.com/{lang}/...`

### HTTP Methods

The API primarily uses these HTTP methods:

* `GET` - Retrieve data (most common)
* `POST` - Create resources and submit data
* `PUT` - Update existing resources
* `DELETE` - Remove resources
* `PATCH` - Update resources partially

### Response Format

API responses return JSON with consistent structures. List endpoints follow the `ApiListResult<T>` pattern:

```json theme={null}
{
  "Records": [
    /* array of items */
  ],
  "CurrentPageSize": 20,
  "CurrentPage": 1,
  "CurrentOrderField": "Name",
  "CurrentSortDirection": "ASC",
  "FirstItem": 1,
  "HasNextPage": true,
  "HasPreviousPage": false,
  "LastItem": 20,
  "PageNumber": 1,
  "PageSize": 20,
  "TotalItems": 150,
  "TotalPages": 8
}
```

### Single-record Responses

For single-record endpoints.

```json theme={null}
{
  "Resource": {
    ...
  }
}
```

### Error Handling

Error responses generally use HTTP 400 status code with and error code:

```json theme={null}
{
  "Invalid booking date - start date cannot be in the past"
}
```

When authentication fails or the user does not have permission to make a specific request, the API returns a 401 status code;

## API Client Implementation

The portal uses a custom HTTP client based on Axios with these characteristics:

* Bearer token authentication
* Timezone-aware requests (`X-Use-Timezone` header).
* JSON content type by default

## Request Shaping

The API supports request shaping to optimize response size:

```typescript theme={null}
// Example of request shaping
const shape = ['BlogPost.Id', 'BlogPost.Title', 'BlogPost.AllowComments', 'BlogPost.UpdatedOn', 'BlogPost.Comments.Id', 'BlogPost.Comments.Text']

// URL with shape parameter
const url = `${endpoint}?_shape=${shape.join(',')}`
```

```javascript theme={null}

GET /api/public/blogPosts?page=1&top=10&featured=true&_shape=BlogPosts.Records.Id,BlogPosts.Records.Business.Id,BlogPosts.Records.Business.WebAddress,BlogPosts.Records.Business.Name,BlogPosts.Records.Title,BlogPosts.Records.BlogCategories.Id,BlogPosts.Records.BlogCategories.Title,BlogPosts.Records.SummaryText,BlogPosts.Records.PublishDateUtc,BlogPosts.Records.UpdatedOn,BlogPosts.Records.PostedBy.FullName,BlogPosts.HasNextPage,Category.Id,Category.Title,Categories.Id,Categories.Title

```

## Multi-tenancy Support

The application supports multi-tenancy through dynamic domain resolution:

* Each location has its own subdomain (`your-space.spaces.Nexudus.com`)

## API Throttling Limits

The API enforces throttling rules to prevent abuse and ensure fair usage.\
Limits apply per client (based on request signature) and vary depending on method, endpoint, and time window.

### General Limits

| Scope                    | Methods           | Limit            | Window   |
| ------------------------ | ----------------- | ---------------- | -------- |
| Per second               | Any               | 10 requests      | 1 sec    |
| Per minute               | Any               | 120 requests     | 1 min    |
| Per hour                 | Any               | 5000 requests    | 1 hour   |
| Per day                  | Any               | 200,000 requests | 24 hours |
| POST/PUT/DELETE (minute) | POST, PUT, DELETE | 60 requests      | 1 min    |
| POST/PUT/DELETE (day)    | POST, PUT, DELETE | 5000 requests    | 24 hours |

### Public API Limits

| Endpoint              | Methods | Limit       | Window |
| --------------------- | ------- | ----------- | ------ |
| `/api/public*`        | Any     | 10 requests | 5 sec  |
| `/api/public/checkin` | Any     | 60 requests | 1 min  |

### Endpoint-Specific Limits

| Endpoint                                    | Methods   | Limit       | Window |
| ------------------------------------------- | --------- | ----------- | ------ |
| `/api/Spaces/CoworkerPricePlanHistories`    | Any       | 1 request   | 10 sec |
| `/api/Sys/AuditTrailEntries`                | Any       | 1 request   | 60 sec |
| `/api/spaces/coworkerDataFiles`             | POST, PUT | 5 requests  | 1 min  |
| `/api/spaces/coworkerMessages`              | POST, PUT | 5 requests  | 1 min  |
| `/api/billing/proposals/runcommand`         | Any       | 10 requests | 1 min  |
| `/api/billing/coworkercontracts/runcommand` | Any       | 10 requests | 1 min  |
| `/api/billing/coworkerinvoices/runcommand`  | Any       | 10 requests | 1 min  |
| `/api/nexpos/validatepin`                   | Any       | 60 requests | 1 min  |
| `*/bigquery/pushall`                        | Any       | 1 request   | 12 min |
| `/api/integrations/textract`                | Any       | 12 requests | 1 min  |
| `/api/integrations/openai`                  | Any       | 12 requests | 1 min  |
| `/api/sys/users/sendmagiclink`              | Any       | 12 requests | 1 min  |

***