API Reference

The hub exposes a REST API on port 4101 with Swagger UI for interactive exploration.

Interactive Documentation

When the hub is running:

Swagger UI: http://localhost:4101/api/docs
OpenAPI spec: http://localhost:4101/api/openapi.json
Health check: http://localhost:4101/api/health

Route Groups

All routes require authentication via Supabase Auth JWT (passed as Authorization: Bearer <token>) unless noted.

Core Platform

Contacts and conversations are surfaced through the unified inbox and contact-timeline endpoints (see Unified Inbox and Contact Timeline & Notes below) rather than dedicated /api/persons or /api/conversations CRUD routes. Rules are managed via templates plus the rules analytics endpoints.

Method	Path	Description
POST	`/api/calling/place`	Place outbound call
POST	`/api/calling/token`	Get Twilio WebRTC access token
GET	`/api/rule-templates`	List rule templates
GET	`/api/rule-templates/:id`	Rule template detail
POST	`/api/rules/from-template/:templateId`	Create rule from template
GET	`/api/rules/:id/executions`	Rule execution log
GET	`/api/rules/:id/stats`	Rule execution stats
GET	`/api/rules/analytics/top`	Top rule analytics
GET	`/api/credentials`	List credential metadata
POST	`/api/credentials`	Add credential to wallet
DELETE	`/api/credentials/:type`	Remove credential
GET	`/api/capabilities`	Active capabilities
GET	`/api/capabilities/schema`	Capability schema catalog
GET	`/api/capabilities/twilio`	Twilio-specific capabilities
GET	`/api/stats`	Dashboard statistics
GET	`/api/status`	Hub status
GET	`/api/version`	Hub version
GET	`/api/audit`	Browse audit log
GET	`/api/audit/summary`	Audit summary
GET	`/api/search?q=`	Full-text search
GET	`/api/suggest`	Search suggestions

Note: Contact CRUD (/api/persons), top-level conversation CRUD (/api/conversations), and dedicated rules CRUD (POST/PATCH/DELETE /api/rules) are aspirational and not yet exposed as REST endpoints at this commit. Messaging inbound flows use /api/messaging/conversations and /api/messaging/sms.

Webhooks (no auth required)

Method	Path	Description
POST	`/webhooks/calling/inbound`	Twilio inbound voice webhook
POST	`/webhooks/calling/status`	Twilio call status callback
POST	`/webhooks/calling/voicemail`	Twilio voicemail status callback
POST	`/webhooks/whatsapp`	WhatsApp Cloud API webhook
GET	`/webhooks/whatsapp`	WhatsApp verification challenge

Note: An MS Graph change-notification webhook (/webhooks/ms-graph) is aspirational — MS Graph sync currently runs via the connector plugin, not an inbound webhook.

Intentions & Sensors

Method	Path	Description
GET	`/api/intentions`	List intentions
POST	`/api/intentions`	Create intention
GET	`/api/intentions/:id`	Intention detail
PUT	`/api/intentions/:id`	Update intention
GET	`/api/intentions/:id/children`	Child intentions
GET	`/api/search`	Enhanced search with filters
POST	`/api/sensor/activity`	Device activity ingestion
POST	`/api/sensor/call-log`	Device call-log ingestion
POST	`/api/sensor/location`	Device location ingestion
POST	`/api/location/batch`	Batch location upload

AI & Agents

Method	Path	Description
POST	`/api/ai/query`	AI chat query
POST	`/api/agent/stream`	Streaming agent response (SSE)
GET	`/api/ai/conversations`	List agent conversations
GET	`/api/ai/conversations/:id`	Agent conversation detail
GET	`/api/ai/tools`	List registered agent tools
POST	`/api/ai/tools/:name/execute`	Execute a registered agent tool
POST	`/api/ai/agent/plan`	Create an agent plan
POST	`/api/ai/agent/run`	Run an agent plan
GET	`/api/ai/agent/sessions/:sid/memory`	Agent session memory
GET	`/api/ai/agent/sessions/:sid/tools`	Agent session tool calls

Note: /api/workflows, /api/workflows/:id/run, /api/ai/routing-rules, and a dedicated multi-agent /api/agent/orchestrate endpoint are aspirational at this commit.

Federation

Method	Path	Description
GET	`/api/federation/inbox`	ActivityPub inbox (server-to-server delivery uses `/ap/actors/:username/inbox`)
GET	`/api/federation/outbox`	ActivityPub outbox
GET	`/ap/actors/:username`	ActivityPub actor profile
GET	`/ap/actors/:username/followers`	Actor followers collection
GET	`/ap/actors/:username/following`	Actor following collection
GET	`/ap/actors/:username/outbox`	Actor outbox
POST	`/ap/actors/:username/inbox`	ActivityPub inbox delivery
POST	`/api/federation/follow`	Follow a remote actor
POST	`/api/federation/unfollow`	Unfollow a remote actor
GET	`/api/federation/follows`	List follows
POST	`/api/federation/notes`	Publish a federated note
GET	`/.well-known/webfinger`	WebFinger discovery
GET	`/.well-known/did.json`	DID document (well-known)
GET	`/api/federation/did`	Current DID document
POST	`/api/federation/did`	Rotate / create DID
GET	`/api/federation/credentials`	List federated verifiable credentials
GET	`/api/federation/hubs`	List subscribed hubs
POST	`/api/federation/hubs/subscribe`	Subscribe to a remote hub
POST	`/api/federation/hubs/:id/sync`	Force-sync a remote hub
DELETE	`/api/federation/hubs/:id`	Unsubscribe from a remote hub
GET	`/api/federation/marketplace`	Federated marketplace feed
GET	`/api/federation/marketplace/search`	Search federated listings
POST	`/api/federation/marketplace/announce/:id`	Announce a listing

Marketplace & Coordination

Method	Path	Description
GET	`/api/marketplace/listings`	List marketplace listings
POST	`/api/marketplace/listings`	Create listing
GET	`/api/marketplace/listings/:id`	Listing detail
PATCH	`/api/marketplace/listings/:id`	Update listing
POST	`/api/marketplace/listings/:id/purchase`	Purchase a listing
GET	`/api/marketplace/data-products`	Data product catalog
POST	`/api/marketplace/data-products`	Create data product
GET	`/api/marketplace/data-products/:id/preview`	Data product preview
GET	`/api/marketplace/data-products/:id/package`	Data product package
PATCH	`/api/marketplace/data-products/:id/privacy`	Update data product privacy
GET	`/api/marketplace/transactions`	Marketplace transactions
GET	`/api/marketplace/transactions/:id`	Transaction detail
PATCH	`/api/marketplace/transactions/:id/status`	Update transaction status
GET	`/api/coordination/declarations`	List offer/need declarations
POST	`/api/coordination/declarations`	Create declaration
PATCH	`/api/coordination/declarations/:id`	Update declaration
DELETE	`/api/coordination/declarations/:id`	Delete declaration
GET	`/api/coordination/declarations/mine`	My declarations
GET	`/api/coordination/matches`	Match offers to needs
GET	`/api/coordination/exchanges`	List exchange workflows
POST	`/api/coordination/exchanges`	Start exchange
GET	`/api/coordination/exchanges/:id`	Exchange detail
PATCH	`/api/coordination/exchanges/:id/status`	Update exchange status
POST	`/api/coordination/exchanges/:id/message`	Post exchange message
GET	`/api/reputation/:userId/scores`	Reputation scores
GET	`/api/reputation/:userId/scores/:domain`	Domain-scoped reputation
GET	`/api/reputation/:userId/contextual/:domain`	Contextual reputation
POST	`/api/reputation/issue`	Issue reputation credential
GET	`/api/reputation/trust`	Trust relationships
POST	`/api/reputation/trust`	Add trust relationship
DELETE	`/api/reputation/trust/:trustedDid`	Remove trust relationship

Governance & Time Bank

Method	Path	Description
GET	`/api/governance/daos`	List DAOs
POST	`/api/governance/daos`	Create DAO
GET	`/api/governance/daos/:id`	DAO detail
PATCH	`/api/governance/daos/:id`	Update DAO
DELETE	`/api/governance/daos/:id/members/:userId`	Remove DAO member
GET	`/api/governance/daos/:id/members`	DAO members
POST	`/api/governance/daos/:id/members`	Add DAO member
GET	`/api/governance/proposals`	List proposals
POST	`/api/governance/proposals`	Create proposal
GET	`/api/governance/proposals/:id`	Proposal detail
GET	`/api/governance/proposals/:id/tally`	Vote tally
GET	`/api/governance/proposals/:id/votes`	Votes cast
POST	`/api/governance/proposals/:id/votes`	Cast a vote
POST	`/api/governance/proposals/:id/activate`	Activate proposal
POST	`/api/governance/proposals/:id/execute`	Execute proposal
POST	`/api/governance/proposals/:id/finalize`	Finalize proposal
GET	`/api/timebank/balance`	Time credit balance
GET	`/api/timebank/transactions`	Time credit transactions
POST	`/api/timebank/credit`	Credit time
POST	`/api/timebank/debit`	Debit time
POST	`/api/timebank/transfer`	Transfer credits
GET	`/api/disputes`	List disputes
POST	`/api/disputes`	Create dispute
GET	`/api/disputes/:id`	Dispute detail
GET	`/api/disputes/moderator/queue`	Moderator queue
POST	`/api/disputes/:id/evidence`	Submit evidence
POST	`/api/disputes/:id/escalate`	Escalate dispute
POST	`/api/disputes/:id/moderator`	Assign moderator
POST	`/api/disputes/:id/resolve`	Resolve dispute

Browser Calling

Method	Path	Description
POST	`/api/calling/token`	Twilio calling access token
POST	`/api/calling/place`	Place outbound call
GET	`/api/calling/history`	Call history

Notifications & Presence

Method	Path	Description
GET	`/api/notifications/subscriptions`	List notification subscriptions
POST	`/api/notifications/subscriptions`	Create notification subscription
DELETE	`/api/notifications/subscriptions/:id`	Delete notification subscription
POST	`/api/notifications/send`	Send a notification
GET	`/api/webhooks`	List outbound webhooks
POST	`/api/webhooks`	Register outbound webhook
PATCH	`/api/webhooks/:id`	Update outbound webhook
DELETE	`/api/webhooks/:id`	Delete outbound webhook
GET	`/api/webhooks/:id/logs`	Webhook delivery logs
GET	`/api/presence/:userId`	User presence status
POST	`/api/presence`	Set presence
POST	`/api/presence/bulk`	Bulk presence query
POST	`/api/presence/heartbeat`	Presence heartbeat
GET	`/api/audit/reports`	Compliance reports
POST	`/api/audit/reports`	Generate compliance report
GET	`/api/audit/alert-rules`	Audit alert rules
POST	`/api/audit/alert-rules`	Create audit alert rule
POST	`/api/audit/check-alerts`	Force alert evaluation

Plugins, Documents & Scheduling

Method	Path	Description
GET	`/api/plugins`	Plugin registry catalog
GET	`/api/plugins/me`	My installed plugins
GET	`/api/plugins/:pluginId`	Plugin detail
POST	`/api/plugins/:pluginId/install`	Install a plugin
DELETE	`/api/plugins/:pluginId/install`	Uninstall a plugin
POST	`/api/plugins/:pluginId/enable`	Enable a plugin
POST	`/api/plugins/:pluginId/disable`	Disable a plugin
POST	`/api/plugins/:pluginId/rate`	Rate a plugin
GET	`/api/plugins/:pluginId/ratings`	Plugin ratings
GET	`/api/plugins/capabilities`	Plugin capability catalog
GET	`/api/plugins/capabilities/find`	Find plugins by capability
POST	`/api/documents/:id/analyze`	Analyze a document
POST	`/api/documents/:id/jobs`	Submit document job
GET	`/api/documents/:id/jobs`	Document jobs
GET	`/api/documents/:id/chunks`	Document chunks
GET	`/api/documents/:id/entities`	Extracted entities
GET	`/api/documents/:id/summary`	Document summary
GET	`/api/documents/entities/search`	Search extracted entities
GET	`/api/rule-templates`	Rule templates
GET	`/api/rules/analytics/top`	Top rule analytics
GET	`/api/schedules`	Scheduled jobs
POST	`/api/schedules`	Create scheduled job
GET	`/api/schedules/:id`	Schedule detail
PATCH	`/api/schedules/:id`	Update schedule
DELETE	`/api/schedules/:id`	Delete schedule
GET	`/api/schedules/:id/runs`	Schedule run history
POST	`/api/schedules/:id/pause`	Pause schedule
POST	`/api/schedules/:id/resume`	Resume schedule
POST	`/api/schedules/:id/trigger`	Trigger schedule now
GET	`/api/scheduler/status`	Scheduler status
POST	`/api/scheduler/digest/generate`	Generate daily digest
POST	`/api/scheduler/presence/sync`	Run presence sync
POST	`/api/scheduler/retention/run`	Run retention sweep

Observability & Streaming

Method	Path	Description
GET	`/metrics`	Prometheus metrics
GET	`/metrics/prometheus`	Prometheus metrics (alias)
GET	`/health`	Liveness probe
GET	`/health/detailed`	Detailed health check
GET	`/api/event-store/streams/:streamId`	Event store stream
POST	`/api/event-store/streams/:streamId/events`	Append events to stream
GET	`/api/event-store/streams/:streamId/snapshot`	Latest snapshot
POST	`/api/event-store/streams/:streamId/snapshot`	Write snapshot
GET	`/api/event-store/types/:eventType`	Events by type
GET	`/api/events`	Event feed
GET	`/api/stream`	SSE stream subscription
GET	`/api/stream/stats`	SSE stream statistics
GET	`/api/activity`	Activity feed
GET	`/api/activity/unread-count`	Unread activity count
POST	`/api/activity/read`	Mark activity as read

Note: /api/cache/stats, /api/events/store, /api/sse/subscribe, and /api/activity/feed as separate paths are aspirational — use the paths above.

Multi-Tenancy & Developer API

Method	Path	Description
GET	`/api/orgs`	List organisations
POST	`/api/orgs`	Create organisation
GET	`/api/orgs/:orgId`	Organisation detail
PUT	`/api/orgs/:orgId`	Update organisation
DELETE	`/api/orgs/:orgId`	Delete organisation
GET	`/api/orgs/:orgId/members`	Org members
PUT	`/api/orgs/:orgId/members/:targetUserId`	Update org member role
DELETE	`/api/orgs/:orgId/members/:targetUserId`	Remove org member
GET	`/api/orgs/:orgId/invites`	Org invites
POST	`/api/orgs/:orgId/invites`	Create org invite
DELETE	`/api/orgs/:orgId/invites/:inviteId`	Revoke org invite
POST	`/api/invites/:token/accept`	Accept invite
GET	`/api/orgs/:orgId/billing`	Org billing info
POST	`/api/orgs/:orgId/billing/plan`	Update org billing plan
GET	`/api/orgs/:orgId/usage`	Org usage metrics
GET	`/api/oauth/:providerId/authorize`	Provider OAuth authorize
GET	`/api/oauth/:providerId/callback`	Provider OAuth callback

Note: Self-hosted OAuth2 authorization server (/api/oauth/apps, /api/oauth/authorize, /api/oauth/token) and the API key (/api/keys) endpoints are aspirational. The /api/oauth/:providerId/* routes are the OAuth2 client flow for third-party providers.

Search, Export & Preferences

Method	Path	Description
POST	`/api/search/hybrid`	Hybrid text + vector search
POST	`/api/search/semantic`	Semantic (vector) search
POST	`/api/search/similar`	Find similar items
GET	`/api/search/similar/:type/:id`	Find similar by entity
GET	`/api/search/saved`	List saved searches
POST	`/api/search/saved`	Create saved search
DELETE	`/api/search/saved/:id`	Delete saved search
PUT	`/api/search/saved/:id/alert`	Toggle saved-search alert
GET	`/api/recommendations`	AI recommendations
POST	`/api/recommendations/generate`	Generate recommendations
DELETE	`/api/recommendations/:id`	Dismiss recommendation
POST	`/api/export`	Export data (JSON/CSV/vCard/iCal)
GET	`/api/export`	List export jobs
GET	`/api/export/:jobId`	Export job status
GET	`/api/export/:jobId/download`	Download export
POST	`/api/import`	Import data
GET	`/api/import`	List import jobs
GET	`/api/import/:jobId`	Import job status
GET	`/api/preferences`	User preferences
PUT	`/api/preferences`	Update preferences
POST	`/api/preferences/reset`	Reset preferences

Monitoring, Billing & Security

Method	Path	Description
POST	`/api/errors`	Report client error
GET	`/api/admin/errors`	Tracked errors
GET	`/api/admin/errors/:id`	Error detail
GET	`/api/admin/errors/stats`	Error statistics
POST	`/api/admin/errors/:id/resolve`	Mark error resolved
GET	`/api/admin/users`	Admin: list users
GET	`/api/admin/orgs`	Admin: list orgs
GET	`/api/admin/stats`	Admin: platform stats
GET	`/api/admin/infrastructure`	Admin: infra status
GET	`/api/admin/clients`	Admin: connected clients
GET	`/api/admin/email/history`	Admin: email history
GET	`/api/admin/email/queue`	Admin: email queue
POST	`/api/admin/email/process`	Admin: drain email queue
POST	`/api/email/send`	Send transactional email
POST	`/api/email/unsubscribe`	Unsubscribe webhook
GET	`/api/privacy/dashboard`	Privacy dashboard
GET	`/api/privacy/consents`	List consents
POST	`/api/privacy/consents`	Record consent
DELETE	`/api/privacy/consents/:purpose`	Revoke consent
GET	`/api/privacy/retention`	Retention policies
POST	`/api/privacy/retention`	Create retention policy
PATCH	`/api/privacy/retention/:id`	Update retention policy
DELETE	`/api/privacy/retention/:id`	Delete retention policy
POST	`/api/privacy/retention/:id/run`	Run retention now
GET	`/api/privacy/export`	Export personal data
DELETE	`/api/privacy/data`	Delete personal data
POST	`/api/privacy/scan`	PII scan

Note: /api/billing/*, /api/feature-flags, /api/sessions, and /api/analytics REST endpoints are aspirational at this commit. Billing today flows through Stripe directly from the web app.

Data Lineage, Tools, Audio & Devices

Method	Path	Description
GET	`/api/contacts/merge-suggestions`	Duplicate contact candidates
POST	`/api/contacts/merge`	Merge contacts
POST	`/api/tools/jobs`	Submit a tool job
GET	`/api/tools/jobs`	List tool jobs
GET	`/api/tools/jobs/:id`	Tool job status
POST	`/api/tools/jobs/:id/cancel`	Cancel tool job
GET	`/api/tools/capabilities`	Tool capabilities
GET	`/api/tools/fonts`	List available fonts
POST	`/api/tools/fonts`	Upload font
DELETE	`/api/tools/fonts/:id`	Delete font
POST	`/api/audio/session/start`	Start audio session
POST	`/api/audio/session/:sessionId/end`	End audio session
POST	`/api/audio/session/cleanup`	Cleanup stale audio sessions
GET	`/api/audio/sessions`	List audio sessions
POST	`/api/audio/transcript`	Ingest transcript chunk
GET	`/api/audio/intelligence`	Extracted audio intelligence
GET	`/api/audio/brief/:date`	Daily audio brief
POST	`/api/audio/command`	Dispatch audio voice command
GET	`/api/audio/commands`	List voice commands
POST	`/api/device/commands`	Send device command
GET	`/api/device/commands`	List device commands
GET	`/api/device/commands/pending`	Pending device commands
POST	`/api/device/commands/:commandId/progress`	Report command progress
POST	`/api/device/commands/:commandId/result`	Report command result

Note: /api/lineage/:entityType/:entityId is aspirational — the lineage route file exists but does not yet register HTTP handlers at this commit.

Unified Inbox

All endpoints require auth. Backed by InboxService.

Method	Path	Description
GET	`/api/inbox`	List inbox items (calls, SMS, email, video, voicemail, calendar)
GET	`/api/inbox/unread-count`	Unread counts per channel type
PUT	`/api/inbox/read`	Bulk mark items as read
PUT	`/api/inbox/starred`	Bulk star or unstar items
PUT	`/api/inbox/archive`	Bulk archive items
GET	`/api/contacts/:id/timeline`	Chronological communication timeline for a contact

GET /api/inbox query params:

Param	Type	Description
`type`	`call\|sms\|email\|video\|calendar_event\|voicemail`	Filter by channel type
`read`	`true\|false`	Filter by read status
`starred`	`true\|false`	Filter by starred status
`archived`	`true\|false`	Include archived items
`contactId`	UUID	Filter by contact
`search`	string	Full-text search
`page`	int (default 1)	Page number
`limit`	int 1-100 (default 20)	Page size

PUT /api/inbox/read / /api/inbox/archive body:

{ "itemIds": ["uuid", "..."] }

PUT /api/inbox/starred body:

{ "itemIds": ["uuid", "..."], "starred": true }

Voice & Phone Lines

All endpoints require auth unless noted. Backed by PhoneLineService, VoicemailService, TranscriptionService.

Method	Path	Description
GET	`/api/calling/lines`	List user's Twilio phone lines
PUT	`/api/calling/lines/:id`	Update phone line settings
POST	`/api/calling/transfer`	Warm or cold transfer an active call
POST	`/api/calling/park`	Park a call in a numbered slot (1-99)
POST	`/api/calling/retrieve`	Retrieve a parked call by slot
GET	`/api/calling/voicemails`	List voicemails
PUT	`/api/calling/voicemails/:id/listened`	Mark voicemail as listened
GET	`/api/calling/recordings/:id`	Get a call recording
GET	`/api/calling/:id/transcript`	Get transcript for a call session
GET	`/api/calling/:id/analysis`	Get AI analysis for a call session
POST	`/api/calling/ivr-flows`	Create an IVR call-flow
GET	`/api/calling/ivr-flows`	List IVR call-flows
PUT	`/api/calling/ivr-flows/:id`	Update an IVR call-flow
DELETE	`/api/calling/ivr-flows/:id`	Delete an IVR call-flow
POST	`/webhooks/calling/voicemail`	Twilio voicemail status callback (no auth)

PUT /api/calling/lines/:id body:

{
  "label": "Office",
  "isDefault": true,
  "settings": {
    "businessHours": { "start": "09:00", "end": "17:00", "timezone": "America/New_York" },
    "voicemailGreetingUrl": "https://...",
    "forwardingNumber": "+1...",
    "recordingEnabled": true,
    "dndSchedule": {
      "enabled": true,
      "days": [6, 7],
      "startTime": "22:00",
      "endTime": "08:00",
      "vipContactIds": []
    }
  }
}

POST /api/calling/transfer body:

{ "callSid": "CA...", "targetNumber": "+1...", "type": "warm|cold", "announceMessage": "..." }

POST /api/calling/park body: { "callSid": "CA...", "slot": 5 } (slot optional, auto-assigned if omitted)

POST /api/calling/ivr-flows body:

{
  "name": "Main Menu",
  "phoneLineId": "uuid",
  "isActive": true,
  "flowDefinition": {
    "entryNodeId": "node-1",
    "nodes": [{ "id": "node-1", "type": "greeting|menu|route_to_number|route_to_voicemail|time_check|play_message", "label": "...", "data": {}, "position": { "x": 0, "y": 0 } }],
    "edges": [{ "id": "edge-1", "source": "node-1", "target": "node-2", "digit": "1" }]
  }
}

Email

All endpoints require auth. Backed by EmailService (MS Graph).

Method	Path	Description
GET	`/api/email/folders`	List folders with unread counts
GET	`/api/email/threads`	List email threads (filterable)
GET	`/api/email/threads/:threadId/messages`	All messages in a thread
PUT	`/api/email/threads/read`	Bulk mark threads as read
PUT	`/api/email/threads/starred`	Bulk star / unstar threads
GET	`/api/email/messages/:id`	Single email with full body
POST	`/api/email/send`	Compose and send email
POST	`/api/email/reply`	Reply or reply-all to a message
POST	`/api/email/forward`	Forward a message
PUT	`/api/email/drafts`	Save / auto-save a draft
DELETE	`/api/email/drafts/:id`	Delete a draft
POST	`/api/email/move`	Move message(s) to a folder
DELETE	`/api/email/:id`	Trash a message
GET	`/api/email/messages/:id/attachments`	List attachments on a message
GET	`/api/email/signatures`	List email signatures
POST	`/api/email/signatures`	Create email signature
PUT	`/api/email/signatures/:id`	Update email signature
DELETE	`/api/email/signatures/:id`	Delete email signature

GET /api/email/threads query params: folderId, unread, starred, search, page, limit

POST /api/email/send body:

{
  "to": [{ "name": "...", "email": "..." }],
  "cc": [], "bcc": [],
  "subject": "...",
  "bodyHtml": "<p>...</p>",
  "bodyText": "...",
  "signatureId": "uuid",
  "attachmentIds": []
}

POST /api/email/reply body:

{ "messageId": "uuid", "bodyHtml": "...", "replyAll": false, "cc": [], "bcc": [], "attachmentIds": [] }

POST /api/email/forward body:

{ "messageId": "uuid", "to": [{ "name": "...", "email": "..." }], "bodyHtml": "..." }

PUT /api/email/threads/starred body: { "threadIds": ["uuid"], "starred": true }

POST /api/email/move body: { "messageIds": ["uuid"], "targetFolderId": "uuid" }

POST /api/email/signatures body: { "name": "Work", "bodyHtml": "<p>...</p>", "isDefault": false }

Email AI

All endpoints require auth. Backed by EmailAIService.

Method	Path	Description
POST	`/api/email/threads/:threadId/summarize`	Summarize thread into key points + action items
POST	`/api/email/threads/:threadId/suggest-replies`	Generate 2-3 AI reply suggestions
GET	`/api/email/threads/:threadId/priority`	AI-scored priority (0-100) with factors
GET	`/api/email/threads/:threadId/follow-ups`	Detect follow-up commitments in outbound messages

Responses:

/summarize → { summary: { keyPoints: string[], actionItems: string[], ... } }

/suggest-replies → { replies: [{ subject: string, bodyHtml: string }, ...] }

/priority → { priority: { score: number, factors: string[] } }

/follow-ups → { followUps: [{ messageId, commitment, dueDate }, ...] }

Video Meetings

All endpoints require auth unless noted. Backed by MeetingService (Twilio Video).

Method	Path	Description
POST	`/api/video/meetings`	Create a meeting
GET	`/api/video/meetings`	List meetings
GET	`/api/video/meetings/:id`	Meeting detail
POST	`/api/video/meetings/:id/join`	Join meeting — returns Twilio Video token
POST	`/api/video/meetings/:id/end`	End meeting for all participants
POST	`/api/video/meetings/:id/invite`	Send email/SMS invites
POST	`/api/video/meetings/:id/recording/start`	Start room recording
POST	`/api/video/meetings/:id/recording/stop`	Stop room recording
GET	`/api/video/meetings/:id/recording`	Get recording details
GET	`/api/video/meetings/:id/analysis`	AI analysis (transcript, action items)
GET	`/api/video/join/:roomName`	Public room info — no auth required

POST /api/video/meetings body:

{
  "title": "Sprint Review",
  "scheduledStart": "2026-04-10T14:00:00Z",
  "scheduledEnd": "2026-04-10T15:00:00Z",
  "calendarEventId": "uuid",
  "settings": { "recording": true, "waitingRoom": false, "maxParticipants": 10, "locked": false }
}

GET /api/video/meetings query params: status (scheduled|active|ended), search, page, limit

POST /api/video/meetings/:id/join body: { "identity": "display-name" } (optional)

POST /api/video/meetings/:id/invite body:

{ "emails": ["alice@example.com"], "phoneNumbers": ["+1..."], "message": "Join us!" }

Contact Timeline & Notes

All endpoints require auth. Backed by ContactTimelineService.

Method	Path	Description
GET	`/api/contacts/:id/timeline`	Full chronological communication timeline
GET	`/api/contacts/:id/notes`	List notes for a contact
POST	`/api/contacts/:id/notes`	Create a note
PUT	`/api/contacts/notes/:noteId`	Update a note body
DELETE	`/api/contacts/notes/:noteId`	Delete a note
POST	`/api/contacts/merge`	Merge two contacts into one
POST	`/api/contacts/unmerge/:mergeId`	Undo a contact merge
GET	`/api/contacts/merge-suggestions`	AI-suggested duplicate contacts
GET	`/api/contacts/:id/merge-history`	Merge audit history for a contact
PUT	`/api/contacts/:id/relationship`	Set relationship label
GET	`/api/contacts/:id/relationship`	Get relationship label
GET	`/api/dashboard/recent-contacts`	Recently communicated contacts
GET	`/api/dashboard/missed-comms`	Missed calls, unread messages, unread emails
GET	`/api/dashboard/comm-stats`	Communication volume statistics

GET /api/contacts/:id/timeline query params: types (comma-separated: call,sms,email,video,voicemail,note), startDate, endDate, limit, offset

POST /api/contacts/:id/notes body: { "body": "Met at conference..." }

PUT /api/contacts/notes/:noteId body: { "body": "Updated text" }

POST /api/contacts/merge body: { "primaryId": "uuid", "mergedId": "uuid" }

PUT /api/contacts/:id/relationship body: { "label": "partner|close_friend|friend|colleague|acquaintance|family|vip|blocked" }

GET /api/dashboard/recent-contacts query: limit (default 5)

Push Notifications

All endpoints require auth. Backed by PushNotificationService (Firebase Cloud Messaging).

Method	Path	Description
POST	`/api/push/register`	Register a device FCM token
DELETE	`/api/push/unregister`	Deactivate a device FCM token
GET	`/api/push/tokens`	List active FCM tokens for the user

POST /api/push/register body:

{
  "deviceId": "device-uuid",
  "fcmToken": "FCM_TOKEN_STRING",
  "platform": "android",
  "deviceName": "Pixel 8"
}

Response 201: full token record.

DELETE /api/push/unregister body: { "deviceId": "device-uuid" } — returns 204.

Projects & Tasks

All endpoints require auth. Backed by ProjectService.

Method	Path	Description
POST	`/api/projects`	Create a project
GET	`/api/projects`	List projects (filterable by status, area)
GET	`/api/projects/:id`	Get project detail
PUT	`/api/projects/:id`	Update project
POST	`/api/projects/:id/milestones`	Add milestone to project
PUT	`/api/projects/:id/milestones/:milestoneId`	Update milestone
GET	`/api/projects/:id/tasks`	List tasks for a project
POST	`/api/projects/:id/tasks`	Add task to project
PUT	`/api/projects/:id/tasks/:taskId/status`	Update task status
POST	`/api/projects/:id/time-entries`	Log time entry against project

POST /api/projects body:

{
  "title": "Q2 Marketing Campaign",
  "description": "...",
  "status": "active",
  "area": "work",
  "targetDate": "2026-06-30T00:00:00Z",
  "tags": ["marketing"]
}

POST /api/projects/:id/milestones body:

{ "title": "Launch email blast", "dueDate": "2026-05-01T00:00:00Z", "description": "..." }

POST /api/projects/:id/tasks body:

{ "title": "Write copy", "status": "todo", "priority": "high", "dueDate": "2026-04-20T00:00:00Z", "assignedTo": "uuid" }

PUT /api/projects/:id/tasks/:taskId/status body: { "status": "todo|in_progress|done|cancelled" }

POST /api/projects/:id/time-entries body:

{ "taskId": "uuid", "durationMinutes": 90, "notes": "Wrote first draft", "loggedAt": "2026-04-10T14:00:00Z" }

Authentication

All authenticated endpoints expect a Supabase Auth JWT:

curl -H "Authorization: Bearer <supabase-jwt>" \
     http://localhost:4101/api/persons

For the demo user (demo@made-open.dev), obtain a token via:

curl -X POST http://localhost:54321/auth/v1/token?grant_type=password \
  -H "apikey: <supabase-anon-key>" \
  -H "Content-Type: application/json" \
  -d '{"email":"demo@made-open.dev","password":"demopassword"}'