All 20 API endpoints with their methods, permissions, and descriptions.
| Endpoint | Methods | Permission | Description |
|---|
/api/access/role | GET | All authenticated | Returns caller’s role, permissions, assigned sites, first/last name, onboarded status |
/api/access | GET, POST | page:access (admin) | User/role/team CRUD. GET actions: me, users, roles, teams, team-requests. POST actions: upsert-user, delete-user, upsert-role, approve-team-request, deny-team-request |
/api/onboarding | GET, POST | All authenticated | GET: onboarding status + teams. POST: submit first/last name + optional team request |
/api/setup | GET, POST | page:setup (admin) | Database migration system (v1–v10). GET: current version. POST: run pending migrations |
/api/sites | GET | All authenticated | List active sites filtered by user’s team/role assignments |
/api/config | GET | Varies by type | App configuration (links, infrastructure info). ?type=links = all, ?type=infra = admin only |
/api/dashboard-config | GET, POST | All authenticated | Per-user dashboard widget layout (profile-based) |
/api/logs | GET, POST | page:logs / All | Activity logging. GET: view logs (admin). POST: write log entry (all) |
| Endpoint | Methods | Permission | Description |
|---|
/api/operations | GET | page:operations | TUGA RPi proxy. ?endpoint=status|alerts|events|occupancy|stats & &rpi=rpi1|all |
/api/api-health | GET | page:api-health | Comprehensive health check (17+ endpoints: tunnels, doors, back offices, Azure, UniFi) |
/api/unifi | GET | page:network | UniFi Cloud API proxy (devices, clients, traffic stats) |
/api/trigger-settings | GET, POST | page:trigger-settings | Configurable alert thresholds with severity levels (critical/warning/info) |
/api/trigger-alerts | GET | All authenticated | Active alerts evaluated by cron worker against trigger settings |
/api/history | GET | page:mon | Historical snapshots and alert history from cron worker |
/api/secrets | GET | Admin only | Retrieve stored credentials (SSH passwords, service tokens) |
| Endpoint | Methods | Permission | Description |
|---|
/api/langflow | POST | page:ai | Proxy to Langflow AI agent. Input: { input_value }. Saves response to D1 |
/api/messages | GET, POST, DELETE | page:ai | AI conversation persistence. Per-user message history in D1 |
| Endpoint | Methods | Permission | Description |
|---|
/api/receipt-api/logs | GET, POST | GET: admin. POST: X-Api-Key | Receipt processing metrics. POST from Azure (real-time push) |
/api/receipt-api/stats | GET | page:operations | Aggregated receipt analytics (success rate, latency, error breakdown) |
