API overview

Abstract Play's HTTP API is RPC-style: every call names a query (or bot verb) and passes parameters in pars.

Endpoints

Public: /query

Authenticated: /authQuery

Bots: /botQuery

Response shape

Successful handlers return API Gateway objects:

{
  "statusCode": 200,
  "body": "<JSON string>",
  "headers": { "Access-Control-Allow-Origin": "*", ... }
}

Errors use formatReturnError() with statusCode 500 (or 400 for validation) and a JSON message.

Source of truth

Endpoint Switch in code
Public module.exports.query in api/abstractplay.ts
Auth module.exports.authQuery
Bots module.exports.botQuery

TypeScript types (FullChallenge, FullUser, Game, etc.) are defined in the same file. Docs list query names and intent; field-level contracts live in code.

Auth vs public overlap

Some query names exist on both endpoints with different behavior:

Query Public Auth
standing_challenges Lists all open challenges for a metaGame Same list, but filters out challenges from players who have blocked the requester
get_game Read game (no user context) Read game with user-specific fields

Prefer the auth endpoint when the client is logged in.

Query catalogs

Maintenance

When adding a query, update the relevant catalog page and any subsystem doc in the same PR.