Skip to main content

Overview

The High IQ API runs in three distinct environments. Each has its own URL, CORS policy, and behavior characteristics. The API is deployed on Vercel Edge Functions, with preview deployments automatically created for pull requests.

Environment URLs

EnvironmentBase URLUse Case
Productionhttps://tiwih-api.vercel.appLive traffic, mobile app, website
Localhttp://localhost:3001Development and testing
Previewhttps://tiwih-api-{hash}-high-ai-labs.vercel.appPR review and staging

Production

The production API is deployed on Vercel Edge Functions with automatic deployments on every merge to main. It serves: 
curl "https://tiwih-api.vercel.app/api/v1/strains/popular"

Local Development

For local development, the API runs on port 3001. Rate limiting and authentication are disabled in development mode for easier testing. 
# Start the API locally
cd apps/api && pnpm dev

# Test locally
curl "http://localhost:3001/api/v1/strains/search?q=kush"

Preview Deployments

Every pull request gets an automatic preview deployment on Vercel. Preview URLs follow the pattern: 
https://tiwih-api-{branch-slug}-high-ai-labs.vercel.app
These deployments are useful for testing API changes before merging to production.

CORS Configuration

The API enforces Cross-Origin Resource Sharing (CORS) to control which domains can make requests from browser-based clients. CORS policies differ by environment.

Allowed Origins

https://thisiswhyimhigh.com
https://www.thisiswhyimhigh.com
https://highiq.app
https://www.highiq.app
https://api.highiq.app
https://highiq-web-app.vercel.app
https://tiwih-website.vercel.app
https://tiwih-api.vercel.app

CORS Headers

For allowed origins, the API responds with these headers: 
Access-Control-Allow-Origin: https://thisiswhyimhigh.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type, Authorization, Accept

Preflight Requests

The API handles CORS preflight (OPTIONS) requests automatically. For SSE streaming endpoints, preflight includes: 
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type, Authorization, Accept
CORS credentials mode is set to false for streaming endpoints. Cookies and credentials are not sent cross-origin for SSE connections.

Environment-Specific Behavior

Several API behaviors change based on the environment:
BehaviorProductionDevelopment
Rate limitingEnforcedDisabled
Admin authRequiredBypassed
Bearer authRequiredBypassed (if env vars not set)
Error stack tracesHiddenIncluded in response
Cache debug headersNot sentX-Endpoint-Type, X-Cache-Strategy, X-Cache-TTL
Request loggingStructured JSONConsole with details
Database errorsGeneric messageFull error details

Debug Headers (Development Only)

When running locally, the API includes additional debug headers on responses: 
X-Endpoint-Type: catalog
X-Cache-Strategy: enabled
X-Cache-TTL: 300
X-Cache-MaxAge: 300
These headers are stripped in production.

Vercel Edge Runtime

The API runs on Vercel’s Edge Runtime, which provides:
  • Global distribution: Requests are served from the edge location closest to the user
  • Cold start performance: Edge Functions have near-zero cold start times
  • Auto-scaling: Scales automatically with traffic
  • Automatic HTTPS: All production and preview URLs use TLS

Limitations

Edge Functions have some constraints to be aware of:
  • Execution time: 30-second maximum per request (streaming endpoints can run longer via SSE)
  • Memory: Limited memory per invocation
  • No filesystem: No local file system access (all data comes from Supabase or external APIs)
  • Node.js APIs: A subset of Node.js APIs are available (no fs, child_process, etc.)

Health Check

Verify the API is running and responsive: 
curl "https://tiwih-api.vercel.app/health"

{
  "status": "ok",
  "timestamp": "2026-02-16T12:00:00.000Z"
}
The streaming service has its own health endpoint: 
curl "https://tiwih-api.vercel.app/api/v1/reports/stream/health"

{
  "available": true,
  "service": "section-streaming",
  "timestamp": "2026-02-16T12:00:00.000Z",
  "aiSectionsCount": 12
}