diff --git a/CLAUDE.md b/CLAUDE.md
index e4f209e..80fc800 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -992,3 +992,116 @@ Admin features always work; frontend requires valid license.
 - Metrics should be cached or computed efficiently as they're scraped frequently
 - Dashboard registration requires file path, title, description, icon, and plugin name
 - Settings tab detection uses `$prometheus_active` to show WP Prometheus status
+
+### 2026-02-03 - Version 0.10.0/0.10.1 (REST API Endpoints)
+
+**Completed:**
+
+- Created `src/Api/RestApi.php` main registration class
+  - Namespace constant: `wp-bnb/v1`
+  - Controller initialization and route registration
+  - Integration with Plugin class via `rest_api_init` hook
+- Created `src/Api/RateLimiter.php`
+  - Transient-based rate limiting per client (user ID or IP)
+  - Tiered limits: public (60/min), availability (30/min), booking (10/min), admin (120/min)
+  - Configurable via WordPress options with fallback defaults
+  - `check()`, `get_retry_after()`, `get_rate_limit_info()` methods
+- Created `src/Api/ResponseFormatter.php`
+  - Standardized success/error responses
+  - `success()`, `collection()`, `created()` methods
+  - Error helpers: `validation_error()`, `not_found()`, `forbidden()`, `conflict()`, `rate_limit_error()`
+- Created `src/Api/Controllers/AbstractController.php`
+  - Base class extending `WP_REST_Controller`
+  - Rate limit checking and header injection
+  - Client IP detection (supports Cloudflare, proxies)
+  - Common permission callbacks: `public_permission()`, `admin_permission()`, `manage_bookings_permission()`
+  - Helper methods: `validate_date()`, `validate_future_date()`, `get_pagination_params()`, `get_sorting_params()`
+  - Image formatting: `format_featured_image()`, `format_image()`
+  - HATEOAS links via `add_links()`
+- Created `src/Api/Controllers/BuildingsController.php`
+  - GET /buildings - List with pagination, search, orderby
+  - GET /buildings/{id} - Single building with address, contact, rooms count
+  - GET /buildings/{id}/rooms - Rooms in building
+- Created `src/Api/Controllers/RoomsController.php`
+  - GET /rooms - List with filters (building, room_type, amenities, capacity, status)
+  - GET /rooms/{id} - Full room data with gallery, pricing, amenities
+  - GET /rooms/{id}/availability - Check availability using `Availability::check_availability_with_price()`
+  - GET /rooms/{id}/calendar - Monthly calendar using `Availability::get_calendar_data()`
+- Created `src/Api/Controllers/AvailabilityController.php`
+  - POST /availability/search - Search available rooms with date range, capacity, filters
+- Created `src/Api/Controllers/BookingsController.php`
+  - POST /bookings - Create booking with guest auto-creation, conflict check
+  - GET /bookings - Admin list with filters (status, room, date range)
+  - GET /bookings/{id} - Full booking with room, guest, services
+  - PATCH /bookings/{id} - Update booking details
+  - DELETE /bookings/{id} - Cancel booking (sets status to cancelled)
+  - POST /bookings/{id}/confirm - Status transition
+  - POST /bookings/{id}/check-in - Status transition
+  - POST /bookings/{id}/check-out - Status transition
+- Created `src/Api/Controllers/GuestsController.php`
+  - GET /guests - Admin list with search, status filter
+  - GET /guests/{id} - Guest data (excludes encrypted ID numbers)
+  - GET /guests/search - Quick search by name/email
+  - GET /guests/{id}/bookings - Guest's booking history
+- Created `src/Api/Controllers/ServicesController.php`
+  - GET /services - List active services with categories
+  - GET /services/{id} - Service details with pricing info
+- Created `src/Api/Controllers/PricingController.php`
+  - POST /pricing/calculate - Full price breakdown with room, dates, services
+- Updated `src/Plugin.php`
+  - Added API tab to settings page with subtabs (General, Rate Limits, Endpoints)
+  - Enable/disable API toggle
+  - Configurable rate limiting with per-endpoint-type limits
+  - Time window configuration (10-300 seconds)
+  - Full endpoint documentation with HTTP method badges
+- Updated `README.md` with comprehensive REST API documentation
+  - Endpoint reference tables (public and admin)
+  - Authentication examples (Application Passwords)
+  - Rate limiting configuration and response headers
+  - Code examples for common operations
+
+**Files Created:**
+
+- `src/Api/RestApi.php` - Main API registration
+- `src/Api/RateLimiter.php` - Rate limiting
+- `src/Api/ResponseFormatter.php` - Response formatting
+- `src/Api/Controllers/AbstractController.php` - Base controller
+- `src/Api/Controllers/BuildingsController.php` - Buildings endpoints
+- `src/Api/Controllers/RoomsController.php` - Rooms endpoints
+- `src/Api/Controllers/AvailabilityController.php` - Availability search
+- `src/Api/Controllers/BookingsController.php` - Bookings CRUD
+- `src/Api/Controllers/GuestsController.php` - Guests endpoints
+- `src/Api/Controllers/ServicesController.php` - Services endpoints
+- `src/Api/Controllers/PricingController.php` - Pricing calculation
+- `MARKETING.md` - Marketing texts for shops (gitignored)
+
+**Files Changed:**
+
+- `src/Plugin.php` - API settings tab with subtabs, RestApi initialization
+- `wp-bnb.php` - Version bump to 0.10.0, then 0.10.1
+- `CHANGELOG.md` - Added v0.10.0 and v0.10.1 release notes
+- `PLAN.md` - Marked Phase 10 as complete, reorganized roadmap
+- `README.md` - Added REST API documentation section
+- `.gitignore` - Added MARKETING.md to exclusions
+
+**Learnings:**
+
+- WordPress REST API uses `WP_REST_Controller` as base class with `register_routes()` method
+- Route registration via `register_rest_route()` with namespace, route pattern, and args
+- Permission callbacks return bool; use `current_user_can('edit_posts')` for admin endpoints
+- Rate limiting with transients: store count and start time, check against limits
+- Transient key should include client identifier and endpoint type hash
+- X-RateLimit headers (Limit, Remaining, Reset) provide rate limit info to clients
+- Application Passwords (WordPress 5.6+) recommended for external API access
+- HATEOAS links added via `_links` key in response
+- Conflict detection reuses existing `Availability::check_availability()` method
+- Settings subtabs use query parameters (`subtab=general`) with conditional rendering
+- Configurable options should have sensible defaults via `get_option($key, $default)`
+- Marketing content (MARKETING.md) should be gitignored to keep repo focused on code
+
+**Released:**
+
+- v0.10.0: Committed `81c97c3` - Base REST API implementation
+- v0.10.1: Committed `3f5adfb` - Configurable rate limiting with settings subtabs
+- Tags: `v0.10.0`, `v0.10.1`
+- Pushed to origin: dev, main, both tags