ErasureDocs
API Reference

Platform API

Organizations, projects, Anumati, billing, notifications, evidence publish.

Platform API

Session-authenticated routes under /api/platform.
Source: app_docs/api.md, app_docs/guide/api.md, app_docs/billing.md (billing table).

Organizations

POST /api/platform/orgs

Requires session. Creates organization + Membership with role OWNER for the current user.

Body (Zod): { name } (1–120 chars)

Slug auto-generated from name; collision retries with random suffix.

201: { organization: { id, name, slug, createdAt } }
401: unauthorized

Not implemented (as documented in api.md): list, get, patch, delete, invites, roles API.

Org create may accept optional planId for marketing deep-links (#/register?plan=starter).


Projects

MethodPathNotes
GET / POST/api/platform/orgs/:orgId/projectsList / create (read / write capability)

Anumati (project-scoped)

Session + project access. Groups documented in the product API summary:

  • Consent configuration, categories, purposes, notice, publish
  • Publishable keys create/list/revoke (Owner for create/revoke) — see SDK API key table
  • Receipts list (cursor pagination), export
  • Webhook get/put, regenerate secret (Owner), test
  • Publish evidence

Console routes (HashRouter):
#/:projectSlug/consent · …/versions · …/receipts · …/develop · …/settings


Publish evidence (Anumati)

MethodPathNotes
GET/api/platform/projects/:projectId/evidence/publishPublish evidence summaries
GET/api/platform/projects/:projectId/evidence/publish/:versionIdPublish evidence package
GETsame ?format=…&download=1Export download

Notifications

Session user inbox.

MethodPathNotes
GET/api/platform/notificationsList + unreadCount
POST/api/platform/notifications/:id/readMark one read
POST/api/platform/notifications/read-allMark all read

In-app, poll-based operator alerts (bell). Not chat. Not push. Grouped by product (anumati, rights, systems, …) per concepts guide.


Billing

MethodPathNotes
GET/api/platform/billing/plansCatalog (public)
GET/api/platform/orgs/:orgId/billingPlan + subscription + entitlements
POST/api/platform/orgs/:orgId/billing/trial{ planId: starter|growth }
POST/api/platform/orgs/:orgId/billing/checkout{ planId, interval } → Razorpay or mock
POST/api/platform/orgs/:orgId/billing/cancelCancel / downgrade
POST/api/platform/billing/webhooks/razorpayPublic; signature required

Owner for org billing mutations. UI: #/billing.

Entitlements are limits from plan (projects, connectors, cases)—not hard-coded plan names inside feature logic.


Ops probes

GET /api/health

No auth. DB connectivity + migration table smoke + deployment metadata.
200 / 503 JSON includes status, checks.database, checks.migrations, version, gitCommit, environment, startedAt, uptimeSeconds.

GET /api/ready

No auth. 200 { ready: true } if DB accepts queries; 503 otherwise.


RBAC

RoleCan
OwnerAll + billing, publishable keys, secret rotation
AdminRead + write (projects, consent, rights, systems, maps)
ViewerRead only

Non-members: 404. Wrong role: 403.


API index · Rights API · Security