Overview
The High IQ API runs in three distinct environments. Each has its own URL, CORS policy, and behavior characteristics. The API is deployed on Vercel Edge Functions, with preview deployments automatically created for pull requests.Environment URLs
| Environment | Base URL | Use Case |
|---|---|---|
| Production | https://api.thisiswhyimhigh.com | Live traffic, mobile app, website |
| Local | http://localhost:3001 | Development and testing |
| Preview | https://tiwih-api-{hash}-high-ai-labs.vercel.app | PR review and staging |
Production
The production API migrated from
tiwih-api.vercel.app to api.thisiswhyimhigh.com in June 2026. If you have the old domain in any integrations, update it — the legacy .vercel.app domain is deprecated.main. It serves:
- The High IQ mobile app (iOS)
- The This Is Why I’m High website
- The High IQ web app
Local Development
For local development, the API runs on port 3001. Rate limiting and authentication are disabled in development mode for easier testing.Preview Deployments
Every pull request gets an automatic preview deployment on Vercel. Preview URLs follow the pattern:CORS Configuration
The API enforces Cross-Origin Resource Sharing (CORS) to control which domains can make requests from browser-based clients. CORS policies differ by environment.Allowed Origins
- Production
- Development
- Preview Deployments
CORS Headers
For allowed origins, the API responds with these headers:Preflight Requests
The API handles CORS preflight (OPTIONS) requests automatically. For SSE streaming endpoints, preflight includes:
CORS credentials mode is set to
false for streaming endpoints. Cookies and credentials are not sent cross-origin for SSE connections.Environment-Specific Behavior
Several API behaviors change based on the environment:| Behavior | Production | Development |
|---|---|---|
| Rate limiting | Enforced | Disabled |
| Admin auth | Required | Bypassed |
| Bearer auth | Required | Bypassed (if env vars not set) |
| Error stack traces | Hidden | Included in response |
| Cache debug headers | Not sent | X-Endpoint-Type, X-Cache-Strategy, X-Cache-TTL |
| Request logging | Structured JSON | Console with details |
| Database errors | Generic message | Full error details |
Debug Headers (Development Only)
When running locally, the API includes additional debug headers on responses:Vercel Edge Runtime
The API runs on Vercel’s Edge Runtime, which provides:- Global distribution: Requests are served from the edge location closest to the user
- Cold start performance: Edge Functions have near-zero cold start times
- Auto-scaling: Scales automatically with traffic
- Automatic HTTPS: All production and preview URLs use TLS
Limitations
Edge Functions have some constraints to be aware of:- Execution time: 30-second maximum per request (streaming endpoints can run longer via SSE)
- Memory: Limited memory per invocation
- No filesystem: No local file system access (all data comes from Supabase or external APIs)
- Node.js APIs: A subset of Node.js APIs are available (no
fs,child_process, etc.)