> ## Documentation Index
> Fetch the complete documentation index at: https://docs.launchtoday.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# API

> Create tokens and send push notifications

## Create a Push API Token

Push API tokens let you send notifications without exposing your primary auth session. They are intended for internal use, such as CLI tools or server-side scripts.

Endpoint:

```
POST /api/push/token
```

Required headers:

* `Authorization: Bearer <PUSH_TOKEN_ADMIN_SECRET>`

Request body:

```
{
  "userId": "USER_ID",
  "name": "cli",
  "expiresInDays": 30
}
```

Response:

```
{
  "token": "<raw_token>",
  "expiresAt": "2026-02-16T10:00:00.000Z"
}
```

### Create token via curl

```
curl -X POST "http://localhost:3001/api/push/token" \
  -H "Authorization: Bearer <PUSH_TOKEN_ADMIN_SECRET>" \
  -H "Content-Type: application/json" \
  -d '{
    "userId": "<USER_ID>",
    "name": "cli",
    "expiresInDays": 30
  }'
```

## Send a Push

The send endpoint accepts a token and routes the message through APNs (iOS) or FCM (Android).

Endpoint:

```
POST /api/push/send
```

Required headers:

* `Authorization: Bearer <raw_token>`

How it works:

* The API token is looked up in `push_api_tokens`.
* Device tokens are loaded from `device_tokens` and filtered by user and notification preferences.
* If no `userId` is provided, it sends to the token owner.
* iOS tokens are sent via APNs and Android tokens via FCM.

Request body:

```
{
  "title": "Hello",
  "body": "Test push",
  "data": { "screen": "settings" }
}
```

Options:

* `userId`: send to a specific user
* `all: true`: broadcast to all iOS and Android tokens
* If neither is set, it sends to the token owner

### Send push via curl

```
curl -X POST "http://localhost:3001/api/push/send" \
  -H "Authorization: Bearer <RAW_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Hello",
    "body": "Test push",
    "data": { "screen": "settings" }
  }'
```
