# API usage

This document describes how a client uses buthd's API once he's [logged in](auth) (has a session cookie).

An example: adding an item to the shopping cart.
- Client `GET`s `shop./foo.html`
	- Includes session cookie in request
- httpd returns static page and scripts
- Client interacts with page, e.g. presses "add to cart"
- htmx `POST`s a form to `api./cart` containing `<sku>` and `<quantity>`
	- Includes the session cookie in the request
- `buthd` receives the request, extracts the session ID from the session cookie
- `buthd` uses the session ID to look up the user's username by reading `/sessions/<id>/user` from [[authfs]]
- `buthd` adds `<quantity>` units of `<sku>` to `<username>`'s cart using [[shopfs]]

Other parts of the API behave similarly: client posts to buthd, buthd uses 9P servers to complete the request.

TODO: define and document all of buthd's HTTP endpoints