API Reference

Last generated 2026-07-13 · window 2026-07-12T18:02:00Z–2026-07-13T18:01:03Z

All API routes mount under /api. Registration: apps/web/routes/api.php includes public, protected, mobile, external, and webhook groups.

Public API #

File: routes/api/public.php. No session auth; widget routes use ResolveWidgetEmbedToken.

MethodPathNotes
POST/api/v1/tenant-journey/configJourney config for embedded RapidStor; DetectUserAgent
GET/api/v1/tenant-journey/translationsResolved translation overrides for RapidStor v2 frontend (corp, location, language query params); CORS-enabled
GET/api/v1/public/content/embedCMS embed
POST/api/v1/public/widget/chat/startWidget chat session
POST/api/v1/public/widget/chat/authReverb channel auth
GET/api/v1/public/widget/chat/locationsWidget locations list
POST/GET/api/v1/public/widget/chat/conversations/{id}/messages|historyWidget messaging
GET/api/v1/public/widget/chat/tool-results/{message}Agent tool results (legacy Laravel path; mono widget now uses agent-runtime)

Cross-repo note: The RapidStor mono chat widget (rapidstor-chat) now calls the agent-runtime service directly at POST /widget/conversations, POST /widget/conversations/:id/messages (SSE response), GET /widget/conversations/:id/history, and watch WebSocket /ws?token= — not the Laravel /api/v1/public/widget/chat/* routes. Laravel widget routes remain for legacy deployments. Embed token is sent as X-Widget-Token with credentials: omit.

Agent runtime — widget API #

Service: apps/agent-runtime/src/http/api.ts. Auth: X-Widget-Token header (public embed token); CORS scoped to token allowedOrigins. Mounted at service origin (e.g. agents.r6automate.com).

MethodPathNotes
POST/widget/conversationsStart session; returns conversationId, secret, visitorId, control, short-lived streamToken
POST/widget/conversations/:id/messagesSend turn; streams reply as SSE on same response
GET/widget/conversations/:id/historyTranscript with folded tool outputs
POST/widget/conversations/:id/stream-tokenRe-mint watch WebSocket token (~5 min TTL)
WS/ws?token=Passive watch stream (operator/takeover, backgrounded turns)

Cross-product: Widget agent tools call RapidStor MCP (/api/v1/mcp) for locations, unit types, reservations, and enquiries. See RapidStor docs for MCP tool shapes.

Protected API (session auth) #

Middleware: cookies, session, CSRF, Inertia, auth. File: routes/api/protected.php.

Dashboard #

MethodPath
POST/api/v1/dashboard/ — fetch widget data
GET/api/v1/dashboard/metrics, /widgets, /config
POST/PATCH/DELETE/api/v1/dashboard/config[/{id}] — CRUD dashboards

Tenant Journey #

MethodPath
POST/api/v1/reporting
GET/POST/PUT/DELETE/api/v1/campaigns[/{id}]
PUT/api/v1/campaigns/config — save journey snippet config (includes snippet-level translations)
POST/api/v1/campaigns/metrics, /campaigns/{name}/metrics
GET/api/v1/campaigns/translations/catalog — enabled languages + translation key catalog
GET/api/v1/campaigns/translations?scope_type=&scope_id=&language= — overrides + inherited defaults at language/corp/location scope
PUT/api/v1/campaigns/translations — batch upsert translation overrides
GET/POST/PUT/DELETE/api/v1/experiments[/{id}]
GET/POST/PUT/api/v1/admin/languages[/{language}] — manage enabled languages (internal admin)

Revenue Management #

Requires ensure.rev-mgmt.flag — resolves access from revenue_management_entitled (not the legacy visibility flag). Suite proxies to the rev-mgmt engine with JWT-scoped corporation context.

MethodPathNotes
GET/api/v1/revenue-management/rules/{facilityCode}Facility rules bundle (includes active explorations)
POST/api/v1/revenue-management/rules/{facilityCode}Save facility rules
POST/api/v1/revenue-management/engine/{facilityCode}/runOn-demand engine run (only engine_connected facilities)
POST/api/v1/revenue-management/explorations/startStart Layer 1 exploration
POST/api/v1/revenue-management/explorations/{id}/endEnd exploration
GET/api/v1/revenue-management/activity?facility={code}&limit=Approval Centre / Home recent-activity feed (proxies engine GET /api/activity); operator events only (approve/reject/revert/flip)
GET/api/v1/revenue-management/bulk-pricingCorp-wide pending recommendations; scoped to active corporation. Corp-wide path includes live inventory fields (units_total, units_available, occupancy_pct, base_rate) joined fresh from site_units
POST/api/v1/revenue-management/recommendations/bulk-approveBatch approve
GET/api/v1/revenue-management/rule-setsList rule sets (corp-scoped via JWT)
POST/api/v1/revenue-management/rule-set-assignments/bulkBulk-assign facilities to rule sets

Engine direct API (Go service, JWT auth): GET /api/portfolio-page/:facility (Home/Portfolio bundle — health, facilityTable, occupancyTrend, value_report), GET /api/activity, GET /api/explorations/active, approve/reject endpoints, rules CRUD. Internal telemetry (engine.run, config.edit, etc.) is filtered from the operator activity feed at the SQL layer.

Helpdesk (Confluence) #

File: ConfluenceController. Backed by ConfluenceClient against the configured Helpdesk folder (CONFLUENCE_HELPDESK_FOLDER_ID). Responses cached 12h via tagged Redis cache.

MethodPathResponse
GET/api/v1/helpdesk/articles{ results: [{ id, title }] } — full article index (id + title only); paginated CQL fetch server-side
GET/api/v1/helpdesk/search?q={ results: [{ id, title }] } — server-side CQL full-text search (legacy; Articles tab now uses /articles + client filter)
GET/api/v1/helpdesk/page/{id}Rendered HTML body for drill-in view
GET/api/v1/helpdesk/{key}Metric/widget-linked help content by key

Other protected resources #

ResourcePrefixAuth extras
Help Center/api/v1/help-center/*
Admin/api/v1/admin/*internal.admin
Finance/api/v1/finance/*
RapidStor proxyPOST /api/v1/rapidstor/reservation
Tasks/api/v1/tasks/*, /task-categories/*
Chat assistant/api/v1/chat/*assistant.enabled
Profile/api/v1/profile/*
Contacts, Activity, Corporation settingsvarious /api/v1/...

Mobile API #

File: routes/api/mobile.php. Auth: auth:sanctum + SetCorporationFromRequest.

MethodPath
POST/api/v1/mobile/login, /google-auth
POST/GET/DELETE/api/v1/mobile/logout, /me, /dashboard/*, /tasks/*

External & webhooks #

MethodPathAuth
POST/api/v1/external/contentAuthenticateApiKey (Bearer)
POST/api/v1/webhooks/rev-mgmt/unit-type-syncVerifyRevMgmtWebhookSignature

Web routes (Inertia) #

File: routes/web.php. Session auth; admin at /admin/* with internal.admin.

Notable: GET /admin/stats — Admin Stats page (Application Interest, System Alerts, Benchmarks). Optional query from, to for benchmark date range.

Revenue Management: GET /revenue-management/home/{facility?} (nav landing), /portfolio/{facility?}, /bulk-pricing, /rules/{facility?}, /my-facility/{facility?} — gated by RM entitlement / application flags. Portfolio shares the Home Pennant key via relatedRoutes.

RapidStor Settings: GET /rapidstor-settings/{site?}, PATCH /rapidstor-settings/site/{site}, PATCH /rapidstor-settings/corporation/{corporation} — native schema-driven settings screen (gated by rapidstor_internal_settings global flag).

Tenant Journey: GET /tenant-journey/{site}/editor, GET /tenant-journey/{site}/translations — journey editor and translation management UI.

MCP analytics #

POST /mcp/analytics — auth + assistant.enabled, throttled 60/min (routes/ai.php).