API Overview¶

Base URL¶

Use {BASE_URL} in local and shared examples. When you need a concrete example, use https://api.example.com.

{BASE_URL}/health
{BASE_URL}/api/v1/ping

Note

This backend does not define a canonical production domain in the docs. Keep examples generic.

Field	Value
Auth	No
Success	`200` `{ "status": "ok", "postgres": "ok", "redis": "ok" }`
Errors	`503` with the same shape and failed dependencies marked `error`
Notes	Uses a short dependency timeout

Field	Value
Auth	No
Success	None
Errors	`500` via recovery middleware
Notes	Intentional panic route for recovery testing

Field	Value
Auth	No
Success	`400` error envelope
Errors	`BAD_REQUEST` with `details.path`
Notes	Sample structured error response

The router adds CORS headers only when the request Origin is allowed.

If the origin is not allowed, the response still completes, but it does not add CORS headers.

All JSON errors use the same envelope.

{
  "error": {
    "code": "BAD_REQUEST",
    "message": "Bad request",
    "details": {
      "path": "/api/v1/error"
    }
  }
}

{
  "status": "ok"
}

{
  "message": "pong"
}

{
  "status": "ok",
  "postgres": "ok",
  "redis": "ok"
}

When a dependency check fails, the handler returns 503 and marks the failing service as error.

GET / returns 404 in the backend only deployment.
GET /files/pdfs/* serves generated PDF bytes from public object storage.
The API uses bearer tokens for protected routes.
API requests and key user-flow actions are recorded in activity_events for audit/debug and usage analytics.