Skip to main content
The public API powers the CLI and the hosted MCP transport.

Base URL

https://api.nylio.app/api/public/v1

OpenAPI

  • OpenAPI JSON: https://api.nylio.app/api/public/v1/openapi.json
  • HTML docs: https://api.nylio.app/api/public/v1/docs
  • Markdown guide JSON: https://api.nylio.app/api/public/v1/markdown-guide
The API reference section in this site is generated from the hosted OpenAPI document.

Authentication

The public API supports two authentication methods. Each request must use exactly one. Sending both a bearer token and an API key in the same request returns 400 invalid_request.

OAuth bearer tokens

The public REST API expects bearer tokens for this audience: 
https://api.nylio.app/api/public/v1
Available scopes:
  • workspace:read
  • document:read
  • document:write
  • search:read

API keys

For scripts and direct API usage, you can create API keys in the developer settings. Send the key in the x-api-key header: 
curl https://api.nylio.app/api/public/v1/workspaces \
  -H "x-api-key: nylio_YOUR_KEY"
When you create an API key, you choose which scopes it has. If a key lacks the scope required by an endpoint, the server returns 403 insufficient_scope.

Rate limits

All public API rate limits are enforced per IP address.
RulePath prefixMethodsRequestsWindow
public-api-search/api/public/v1/searchGET3060 s
public-api-mcp/api/public/v1/mcpall6060 s
public-api-read/api/public/v1GET12060 s
oauth-discovery/.well-known/GET30060 s
Responses include these headers:
HeaderDescription
x-ratelimit-limitMaximum requests in the current window
x-ratelimit-remainingRequests remaining in the current window
x-ratelimit-resetUnix timestamp in milliseconds when the window resets
x-ratelimit-ruleIdentifier of the matched rule
retry-afterPresent on 429 responses, in seconds

Covered endpoints

  • GET /markdown-guide
  • GET /workspaces
  • GET /workspaces/current
  • GET /documents
  • GET /documents/{id}
  • POST /documents
  • POST /documents/edit
  • POST /documents/replace
  • POST /documents/export
  • GET /search

Write semantics

  • Read endpoints can access workspaces and documents available to the authenticated user.
  • Create, edit, and replace endpoints are limited to personal documents owned by the authenticated user.
  • Document write endpoints use Nylio enhanced markdown.
  • Create, edit, and replace responses return compact document summaries. Call GET /documents/{id} to read the full body.
  • Export returns standard markdown text or base64-encoded binary payloads for PDF and DOCX.
Read the Nylio markdown guide before constructing write payloads. Plain markdown is not accepted by write endpoints.