Developer
Alpha build – endpoints may change. All routes use JSON over HTTPS. Standard responses include success or an error object with statusMessage.
Successful login returns a JWT (bearer token) and sets an HTTP-only refresh cookie. All protected endpoints require the header Authorization: Bearer <token>. Access tokens expire after 15 minutes and can be refreshed via /api/service/auth/refresh.
Public endpoints live under /api/service/*.
| Method | Path | Description |
|---|---|---|
| {{ row.method }} | {{ row.path }} | {{ row.description }} |
| Method | Path | Description |
|---|---|---|
| {{ row.method }} | {{ row.path }} | {{ row.description }} |
{
"success": true,
"data": { ... }
}
// Error
{
"statusCode": 401,
"statusMessage": "Authentication required"
}
Additional fields such as joinedAt or invitationStatus are documented per response.