Nutri-E API Reference¶
Nutri-E uses three Cloudflare Workers for its backend.
Workers Overview¶
| Worker | Purpose | Production URL |
|---|---|---|
| OpenAI | GPT-4 Vision for food/supplement analysis | https://nutrie-openai-worker-v2.invotekas.workers.dev |
| DSLD | NIH supplement database proxy | https://nutrie-dsld-worker-v2.invotekas.workers.dev |
| Apple Webhook | App Store subscription lifecycle | https://nutrie-apple-webhook-worker-v2.invotekas.workers.dev |
Authentication¶
All API requests (except Apple Webhook) require device authentication:
X-Device-ID: <device-uuid>
X-Device-Secret: <hmac-sha256-signature>
The device secret is HMAC-SHA256(deviceId + serverSalt). The salt is stored only on the server.
Environments¶
| Worker | URL |
|---|---|
| OpenAI | https://nutrie-openai-worker-v2.invotekas.workers.dev |
| DSLD | https://nutrie-dsld-worker-v2.invotekas.workers.dev |
| Apple Webhook | https://nutrie-apple-webhook-worker-v2.invotekas.workers.dev |
| Worker | URL |
|---|---|
| OpenAI | https://nutrie-openai-worker-sandbox-v2.invotekas.workers.dev |
| DSLD | https://nutrie-dsld-worker-sandbox-v2.invotekas.workers.dev |
| Apple Webhook | https://nutrie-apple-webhook-worker-sandbox-v2.invotekas.workers.dev |
| Worker | URL | Notes |
|---|---|---|
| OpenAI | https://nutrie-openai-worker.invotekas.workers.dev |
Supports iOS v1.0.1-1.0.2 |
| DSLD | https://nutrie-dsld-worker.invotekas.workers.dev |
Do NOT modify |
OpenAI Worker¶
GET / -- Health Check¶
{
"status": "ok",
"worker": "nutrie-openai-worker-v2",
"environment": "PRODUCTION_V2"
}
GET /api/quota -- Check AI Quota¶
Returns daily AI usage quota. Tracks device activity but does not increment the usage counter.
Response:
{
"quota": 50,
"used": 12,
"remaining": 38,
"tier": "pro",
"resetDate": "2025-10-25T00:00:00.000Z"
}
POST /api/openai -- Single Image Analysis¶
GPT-4 Vision request for food or supplement analysis.
Request:
{
"prompt": "Analyze this food image and provide nutritional information",
"image": "data:image/jpeg;base64,/9j/4AAQ...",
"model": "gpt-4o",
"temperature": 0
}
| Field | Type | Required | Description |
|---|---|---|---|
prompt |
string | Yes | Instruction for GPT-4 Vision |
image |
string | Yes | Base64-encoded JPEG (max 20MB) |
model |
string | No | OpenAI model (default: gpt-4o) |
temperature |
number | No | 0-1 (default: 0) |
POST /api/openai/multi -- Multi Image Analysis¶
Same as single image but accepts an array of images for comparing multiple supplements.
DSLD Worker¶
Proxies requests to the NIH Dietary Supplement Label Database.
GET /api/dsld/search -- Search Supplements¶
| Parameter | Type | Description |
|---|---|---|
query |
string | Search term |
limit |
number | Max results (default: 20) |
GET /api/dsld/product/:id -- Product Details¶
Returns full supplement label data including ingredients, serving size, and nutrient amounts.
GET /api/dsld/barcode/:upc -- Barcode Lookup¶
Looks up a supplement by UPC barcode. Supports barcode normalization (UPC-A to UPC-E conversion).
Apple Webhook Worker¶
Handles App Store subscription lifecycle events. No authentication required (called by Apple servers).
POST /api/webhook -- Subscription Event¶
Processes subscription events: INITIAL_BUY, DID_RENEW, DID_FAIL_TO_RENEW, CANCEL, REFUND.
Rate Limits¶
| Tier | Daily AI Quota |
|---|---|
| Free | 5 requests |
| Pro | 50 requests |
Rate limits are enforced per device ID.
Error Responses¶
All errors follow a consistent format:
{
"error": "Error description",
"code": "ERROR_CODE"
}
| Code | Status | Description |
|---|---|---|
UNAUTHORIZED |
401 | Invalid device authentication |
QUOTA_EXCEEDED |
429 | Daily AI quota reached |
INVALID_REQUEST |
400 | Missing or invalid parameters |
INTERNAL_ERROR |
500 | Server error |