API Reference

REST API. Well documented. Honest with you.

Every SOFI endpoint listed with method, path, description, and schema. JWT in Bearer header, httpOnly cookies in production, multi-tenant by default.

curl

Base URL

https://api.sofi.io

Use Authorization: Bearer <token> on every request.

Authentication

JWT HS256: 15min access, 7-day refresh. Tokens in httpOnly cookies.

POST

/api/v1/auth/login

Authenticate via email/password

POST

/api/v1/auth/refresh

Renew access token

POST

/api/v1/auth/logout

Invalidate session

GET

/api/v1/auth/me

Current authenticated user

Data sources

GET

/api/v1/datasources

List sources for the tenant

POST

/api/v1/datasources

PATCH

/api/v1/datasources/:id

Update credentials

POST

/api/v1/datasources/:id/test

Test connection (15s timeout)

DELETE

/api/v1/datasources/:id

Soft-delete source

Virtual Databases

Provision, manage, and expire VDBs on shared cluster pools.

GET

/api/v1/vdbs

List VDBs for the tenant

POST

/api/v1/vdbs

Provision new VDB

GET

/api/v1/vdbs/:id

VDB details

POST

/api/v1/vdbs/:id/refresh

Re-apply masking + CDC

DELETE

/api/v1/vdbs/:id

Destroy VDB and free storage

Masking

Define rules, fire jobs, and inspect masking history.

GET

/api/v1/masking/rules

Catalog of available rules

POST

/api/v1/masking/jobs

Trigger a masking job

GET

/api/v1/masking/jobs/:id

Job status and progress

POST

/api/v1/masking/detect

Automatic PII detection

CDC

Continuous change streams via WAL, binlog, or LogMiner.

GET

/api/v1/cdc/streams

List active streams

POST

/api/v1/cdc/streams

Create a new stream

POST

/api/v1/cdc/streams/:id/pause

Pause replication

GET

/api/v1/cdc/streams/:id/dlq

Rejected events (DLQ)

RBAC

Manage users, roles, and permissions inside the tenant.

GET

/api/v1/users

List tenant users

POST

/api/v1/users/invite

Invite user by email

GET

/api/v1/roles

List roles (default + custom)

POST

/api/v1/roles

Create custom role

Want to see the full OpenAPI?

Get started Back to docs