Early access API

Bluby API

Build against Bluby nutrition data through a token-gated public API. Apps connect with Bluby by sending users through a QR, deep link, or manual-code approval flow in the Bluby app.

Open Swagger Docs Download OpenAPI JSON Health Check

How Connect Works

Your app opens /v1/connect with a client id, redirect URI, scopes, and state.
The user scans the QR, opens Bluby, or enters the manual code in Profile.
Bluby shows the app name and requested permissions.
After approval, your callback receives an authorization code.
Your server exchanges the code at /v1/token for Bluby API tokens.

Privacy Model

Connected apps never receive a user's Bluby password, Google login, Apple login, or Convex Auth session. They receive opaque Bluby API tokens scoped to the permissions approved in the app.

Food search is not public during early access. It requires an approved token just like user data routes.

Start A Connect Request

https://api.blubyai.com/v1/connect?client_id=early-access-client&client_name=Example%20App&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&scope=food%3Aread%20profile%3Aread&state=random-state

Token-Gated Routes

Pass Authorization: Bearer <bluby_access_token> to every data route.

GET/v1/food/search?q=apple
GET/v1/food/barcode/{barcode}
GET/v1/me
GET/v1/me/profile
GET/v1/me/meals
GET/v1/me/pantry
GET/v1/me/micronutrients

Operator Deploy Notes

The Worker deploys with Wrangler and calls Convex protected HTTP actions behind a shared service secret.

npm install --prefix api
npx convex env set BLUBY_API_SERVICE_SECRET "<secret>" --prod
npm --prefix api exec -- wrangler secret put BLUBY_API_SERVICE_SECRET
npm --prefix api exec -- wrangler secret put CONVEX_SITE_URL
npm run convex:deploy
npm run api:typecheck
npm run api:test
npm run api:deploy

Use https://fleet-hare-527.convex.site for production CONVEX_SITE_URL.