API client
The front end does not implement its own API. It calls node-backend through two client patterns. Query names and parameters are documented in the backend query catalogs — this page covers how the client invokes them.
Endpoints
From src/config/index.js:
| Config key | Backend handler | Auth |
|---|---|---|
API_ENDPOINT_OPEN |
/query |
None |
API_ENDPOINT_AUTH |
/authQuery |
Cognito user JWT |
Bot queries (/botQuery) are not used by the browser client; see Bot framework.
Open queries (GET)
Unauthenticated reads use a GET with query parameters:
GET {API_ENDPOINT_OPEN}?query=<name>&<param>=<value>&…
Example from Skeleton.js:
const url = new URL(API_ENDPOINT_OPEN);
url.searchParams.append("query", "user_names");
const res = await fetch(url);
const result = await res.json();
Common open queries used by the client:
| Query | Used by |
|---|---|
user_names |
Skeleton, many list views |
meta_games |
Explore, Customize |
games |
ListGames, Explore |
get_game |
GameMove |
ratings |
Ratings |
standing_challenges |
StandingChallenges |
get_events |
Events |
get_tournaments |
Tournaments |
Full catalog: Public queries.
Auth queries (POST)
Authenticated actions use callAuthApi:
import { callAuthApi } from "../lib/api";
const res = await callAuthApi("me", { size: "small" });
if (!res) return; // redirected to login
const result = await res.json();
Request shape:
POST {API_ENDPOINT_AUTH}
Authorization: Bearer <jwt>
Content-Type: application/json
{ "query": "<name>", "pars": { … } }
callAuthApi:
- Obtains the JWT via
Auth.currentAuthenticatedUser(). - If no token and
requireAuthis true (default), callsAuth.federatedSignIn()and returnsundefined. - On HTTP 401/403, redirects to login.
Full catalog: Auth queries.
Response envelope
API Gateway often wraps responses as:
{ "statusCode": 200, "body": "<JSON string>" }
Components typically:
const result = await res.json();
if (result.statusCode !== 200) { /* handle error */ }
const data = JSON.parse(result.body);
botApi.js centralizes this parsing in parseAuthResponse() for bot management calls.
Direct fetch for auth queries
Some code posts directly (e.g. push subscription in subscription.js) using the same envelope shape instead of callAuthApi.
WebSocket
Real-time updates use a separate WebSocket endpoint (WS_ENDPOINT). See WebSockets and Backend WebSockets.
External static APIs
Not part of node-backend:
| URL | Purpose |
|---|---|
https://records.abstractplay.com/_summary.json |
Site statistics (Skeleton) |
https://thumbnails.abstractplay.com/{metaGame}.json |
Board thumbnail presets (Customize) |
Related
- Authentication — obtaining the JWT
- API overview
- Architecture