Skip to main content

Base URL

https://api.comparebench.com

Authentication

The CompareBench API uses session cookies for authentication. There is no API key or Bearer token flow for end-user requests — authentication is handled via Auth0 and exchanged for a server-side Flask session.

Login flow

  1. The client authenticates with Auth0 (domain: auth.comparebench.com, client ID: FlPRwtekp1NM7W1UwvsH4r5M5z0TUKSv).
  2. The raw Auth0 ID token is sent to the backend:
POST /login/yardstick
Content-Type: application/json

{ "token": "<auth0_id_token>" }
  1. The backend validates the token and responds with a Set-Cookie header. Extract the name=value pair and send it as a Cookie header on all subsequent authenticated requests.

Rate limiting

Only unauthenticated, non-GET requests are rate limited. Authenticated requests and all GET requests are exempt.

HTTP status codes

CodeMeaning
200Success
400Bad request / validation error
401Not authenticated
402Feature requires a paid tier
403Forbidden — also triggers session logout
429Rate limit exceeded

Request conventions

  • Most endpoints accept and return JSON. The exception is POST /benchmarks/add, which uses multipart/form-data.
  • List endpoints accept a POST body and return { results: [], total: number }.
  • CORS is allowed from comparebench.com, admin.comparebench.com, and localhost:4200/4201.

Billing tiers

Some endpoints enforce per-feature limits based on the authenticated user’s billing tier.
TierType
freeDefault
enthusiastOne-time purchase
professionalSubscription
A 402 response indicates the requested action requires a higher tier.