API Reference

Docs

This is the product-facing reference for the public API. The same identity, tenant, style version, avatar family, style options, size, and WebP output are intended to remain stable within a major release.

Core Endpoints

  • GET /v1/avatar: returns an avatar asset directly
  • GET /v1/avatar/link: stores the generated avatar in configured object storage and returns signed-link metadata
  • GET /avatar/<kind>/<identity>/webp: path-style public avatar URL
  • GET /docs/openapi.json: machine-readable API description

Operational Endpoints

GET /healthz is public for load balancers and uptime checks. GET /metrics is loopback-only and returns 404 to non-local peers.

Namespace Support

Use tenant and style_version to keep visual identity spaces separate between products or rollout phases.

GET https://hashavatar.app/v1/[email protected]&tenant=acme&style_version=v2&algorithm=sha512&kind=wizard&background=white&accessory=hat&color=deep-sea-blue&expression=cool&shape=squircle&format=webp&size=256

Anonymous IDs

Send an internal stable id or a one-way application hash instead of raw personal data.

printf '%s' '[email protected]' | sha256sum | cut -d' ' -f1

Rate Limits

The public service applies origin-side rate limits, with stricter limits on /v1/avatar/link, direct avatar requests with persist=true, and /og.png because object storage writes and Open Graph image rendering are more expensive than direct rendering.

Timeouts

Avatar generation and storage operations are bounded by server-side timeouts so expensive requests cannot monopolise the origin indefinitely.

Errors

  • 400: invalid kind, unsupported algorithm or format, size, or missing identity
  • 408: generation or storage timeout
  • 429: rate limit exceeded
  • 500: rendering or storage failure

OpenAPI

For generated clients or tooling, use /docs/openapi.json.