# Wish List API, Full LLM Context Wish List helps people share thoughtful gift ideas with their trusted network. The API exposes account onboarding, profiles, wish lists, wish items, reservations, events, attendance, stories, comments, reactions, notifications, media uploads, friendships, blocks, search, feed delivery, support reports, and administrative metrics. ## Discovery - OpenAPI JSON: https://wishlist.bz/openapi.json - OpenAPI YAML: https://wishlist.bz/openapi.yaml - Swagger UI: https://wishlist.bz/api/docs/swagger/ - ReDoc: https://wishlist.bz/api/docs/redoc/ - API catalog: https://wishlist.bz/.well-known/api-catalog - AI catalog: https://wishlist.bz/.well-known/ai-catalog.json - MCP endpoint: https://wishlist.bz/mcp/ - Agent service declaration: https://wishlist.bz/agents.txt - Agent actions: https://wishlist.bz/docs/ai-actions.md ## Authentication - OAuth authorization server metadata: https://wishlist.bz/.well-known/oauth-authorization-server - OAuth protected resource metadata: https://wishlist.bz/.well-known/oauth-protected-resource - Dynamic client registration: https://wishlist.bz/o/register/ - Token endpoint: https://wishlist.bz/o/token/ Authenticated API requests use `Authorization: Bearer `. The service supports OAuth2 access tokens and application JWT access tokens. Wish List does not publish OpenID Connect discovery metadata. ## High Value API Areas - `/api/auth/`: registration, login, refresh, logout, password reset, email verification. - `/api/me/profile/`: authenticated user profile management. - `/api/me/wishlists/`: wish list and wish item management. - `/api/users/{username}/profile/`: public profile lookup with visibility enforcement. - `/api/me/events/`: event management, organizers, exclusions, comments, reactions. - `/api/users/{username}/events/{event_id}/attendance/`: event attendance. - `/api/me/stories/`: story creation, related assets, comments, reactions. - `/api/me/friends/`: friends, invitations, blocks, and friendship requests. - `/api/search/`: global search across people and content. - `/api/media/images/`: image upload for reusable media assets. ## Agent Safety Notes - Do not bypass visibility decisions. If an endpoint returns 403 or 404, treat the resource as unavailable. - Do not infer hidden profile data from missing fields. - Ask the user before creating, modifying, deleting, reserving, or sending content. - Use stable IDs and OpenAPI schemas rather than scraping frontend pages.