API Overview
Base URL (local): http://localhost:4000
Authentication model
- Public endpoints: login bootstrap (
request-otp,verify-otp, settings public/logo, health). - Protected endpoints: require
Authorization: Bearer <token>. - Developer-only endpoints: enforced via RBAC middleware.
Main route groups
/api/auth/api/tickets/api/dev-tasks/api/projects/api/users/api/settings
Common response patterns
- Validation errors:
400 { error: "validation_error", details: [...] } - Auth errors:
401 { error: "unauthorized" } - RBAC/ownership errors:
403 { error: "forbidden" } - Missing resources:
404 { error: "..._not_found" }