Skip to main content
The Rocksky API is an XRPC (AT Protocol) API. Every endpoint lives under the app.rocksky.* namespace and is reachable at https://api.rocksky.app/xrpc/<nsid>.

Base URL

https://api.rocksky.app

Authentication

Authenticated endpoints expect a bearer token in the Authorization header: 
Authorization: Bearer <your_jwt>
You can obtain a token by: Read-only endpoints (profiles, charts, public scrobble feeds, search) work without authentication.

Personal access tokens

Access tokens are long-lived JWTs you generate from the web UI for scripts, CLIs, and integrations that can’t run an interactive OAuth flow. They behave exactly like an OAuth-issued JWT — pass them in the Authorization: Bearer header on any authenticated endpoint. Create / list / revoke them at: The full secret is shown once, at creation — copy it somewhere safe. Subsequent listings only show the last four characters. Deleting a token revokes it immediately on the API side (no waiting for expiry). 
GET https://api.rocksky.app/access-tokens
Authorization: Bearer <jwt-or-access-token>

POST https://api.rocksky.app/access-tokens
Authorization: Bearer <jwt-or-access-token>
Content-Type: application/json

{ "name": "my-laptop" }

DELETE https://api.rocksky.app/access-tokens/{id}
Authorization: Bearer <jwt-or-access-token>

Audioscrobbler endpoints

For Last.fm / ListenBrainz compatibility, Rocksky exposes a separate host: 
https://audioscrobbler.rocksky.app

SDKs

Prefer typed bindings? Use one of the official SDKs in TypeScript, Python, Rust, Go, Ruby, Kotlin, Elixir, Clojure, or Gleam — every endpoint in this reference is wrapped.

Errors

Non-2xx responses return an XRPC-style error body: 
{
  "error": "InvalidRequest",
  "message": "actor must be a DID or handle"
}
The HTTP status code carries the category (400-class for client errors, 500-class for server errors).

OpenAPI spec

The endpoint reference below is generated directly from the OpenAPI specification shipped with this site.