> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rocksky.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction

> The Rocksky HTTP API, built on AT Protocol XRPC.

The Rocksky API is an XRPC ([AT Protocol](https://atproto.com)) API. Every
endpoint lives under the `app.rocksky.*` namespace and is reachable at
`https://api.rocksky.app/xrpc/<nsid>`.

## Base URL

```
https://api.rocksky.app
```

## Authentication

Authenticated endpoints expect a **bearer token** in the `Authorization`
header:

```
Authorization: Bearer <your_jwt>
```

You can obtain a token by:

* Signing in at [rocksky.app](https://rocksky.app) and copying the OAuth
  callback JWT
* Running [`rocksky login <handle>`](/cli/login) with the CLI
* Creating an [API key](/cli/create-apikey) for an application
* Creating a personal **Access Token** at
  [rocksky.app/access-tokens](https://rocksky.app/access-tokens) — name it,
  copy the secret once, and use it interchangeably with a JWT (see
  [Personal access tokens](#personal-access-tokens) below)

Read-only endpoints (profiles, charts, public scrobble feeds, search) work
without authentication.

## Personal access tokens

Access tokens are long-lived JWTs you generate from the web UI for scripts,
CLIs, and integrations that can't run an interactive OAuth flow. They behave
exactly like an OAuth-issued JWT — pass them in the `Authorization: Bearer`
header on any authenticated endpoint.

Create / list / revoke them at:

* Web: [rocksky.app/access-tokens](https://rocksky.app/access-tokens)
* Mobile web: [m.rocksky.app/access-tokens](https://m.rocksky.app/access-tokens)

The full secret is shown **once**, at creation — copy it somewhere safe.
Subsequent listings only show the last four characters. Deleting a token
revokes it immediately on the API side (no waiting for expiry).

```http theme={null}
GET https://api.rocksky.app/access-tokens
Authorization: Bearer <jwt-or-access-token>

POST https://api.rocksky.app/access-tokens
Authorization: Bearer <jwt-or-access-token>
Content-Type: application/json

{ "name": "my-laptop" }

DELETE https://api.rocksky.app/access-tokens/{id}
Authorization: Bearer <jwt-or-access-token>
```

## Audioscrobbler endpoints

For Last.fm / ListenBrainz compatibility, Rocksky exposes a separate host:

```
https://audioscrobbler.rocksky.app
```

* [Migrate from Last.fm](/migrations/from-lastfm)
* [Migrate from ListenBrainz](/migrations/from-listenbrainz)

## SDKs

Prefer typed bindings? Use one of the [official SDKs](/sdks/overview) in
TypeScript, Python, Rust, Go, Ruby, Kotlin, Elixir, Clojure, or Gleam — every
endpoint in this reference is wrapped.

## Errors

Non-2xx responses return an XRPC-style error body:

```json theme={null}
{
  "error": "InvalidRequest",
  "message": "actor must be a DID or handle"
}
```

The HTTP status code carries the category (400-class for client errors,
500-class for server errors).

## OpenAPI spec

The endpoint reference below is generated directly from the
[OpenAPI specification](/api-reference/openapi.json) shipped with this site.
