API Reference
This reference covers every REST endpoint exposed by Audra Flow. All endpoints return JSON and follow a consistent response envelope.
Base URL
| Environment | Base URL |
|---|---|
| Development | http://localhost:3001/api |
| Production | https://your-domain.com/api |
Authentication
All endpoints (except the authentication endpoints themselves) require a valid JWT bearer token in the Authorization header:
Authorization: Bearer <token>Tokens are obtained by calling the login endpoint and include the user's roles and permissions. Audra Flow also supports Azure AD SSO for enterprise environments.
Authentication Endpoints
| Method | Endpoint | Description |
|---|---|---|
POST | /api/auth | Authenticate with email and password. Returns a JWT token and user profile. |
POST | /api/auth/azure | Authenticate with an Azure AD access token. Returns the same response format. |
Projects
Projects are the top-level containers in Audra Flow. Each project has its own workspace with isolated artifacts, members, and permissions.
| Method | Endpoint | Description |
|---|---|---|
GET | /api/projects | List projects. Supports page, pageSize, status, type, and search query parameters. |
POST | /api/projects | Create a new project with name, description, type, and deadline. |
GET | /api/projects/:projectId | Retrieve a single project with member and artifact counts. |
PATCH | /api/projects/:projectId | Update project fields (name, description, status, deadline). |
DELETE | /api/projects/:projectId | Delete a project and all associated data. |
Discovery Artifacts
Discovery is the first phase of the delivery playbook. These endpoints manage goals, stakeholder interviews, and competitor analysis.
| Method | Endpoint | Description |
|---|---|---|
GET / POST | /api/projects/:projectId/goals | List or create project goals with priorities and KPIs. |
GET / PATCH / DELETE | /api/projects/:projectId/goals/:id | Retrieve, update, or delete a specific goal. |
GET / POST | /api/projects/:projectId/interviews | List or create stakeholder interview records. |
GET / PATCH / DELETE | /api/projects/:projectId/interviews/:id | Manage a single interview. |
GET / POST | /api/projects/:projectId/competitors | List or create competitor analysis entries. |
GET / PATCH / DELETE | /api/projects/:projectId/competitors/:id | Manage a single competitor entry. |
Definition Artifacts
Definition artifacts capture user personas, use cases, journeys, service maps, and storyboards.
| Method | Endpoint | Description |
|---|---|---|
GET / POST | /api/projects/:projectId/personas | List or create user personas with demographics and behaviours. |
GET / POST | /api/projects/:projectId/usecases | List or create use cases with flows and exception paths. |
GET / POST | /api/projects/:projectId/journeys | List or create user journey maps with phases. |
GET / POST | /api/projects/:projectId/servicemaps | List or create service blueprint maps. |
GET / POST | /api/projects/:projectId/storyboards | List or create visual storyboard frames. |
Each artifact type also supports GET, PATCH, and DELETE on the /:id sub-path for individual record management.
Design & Delivery Artifacts
These endpoints cover user stories, knowledge-base documents, and the delivery workflow.
| Method | Endpoint | Description |
|---|---|---|
GET / POST | /api/projects/:projectId/stories | List or create user stories with acceptance criteria. |
GET / PATCH / DELETE | /api/projects/:projectId/stories/:id | Manage a single story. |
GET / POST | /api/projects/:projectId/documents | List or upload knowledge-base documents for AI context. |
GET / DELETE | /api/projects/:projectId/documents/:id | Retrieve or remove a document. |
AI & Product Guru
The AI endpoints power conversations, document processing, and automated project analysis through the Product Guru.
| Method | Endpoint | Description |
|---|---|---|
GET / POST | /api/projects/:projectId/conversations | List or start RAG-powered conversations within a project. |
GET / DELETE | /api/projects/:projectId/conversations/:id | Retrieve or delete a conversation with its message history. |
GET | /api/projects/:projectId/recommendations | Retrieve Product Guru recommendations. Filter by type, priority, or status. |
POST | /api/projects/:projectId/recommendations | Trigger a new Product Guru analysis. Returns recommendations with coverage scores across delivery phases. |
Administration
Users
| Method | Endpoint | Description |
|---|---|---|
GET | /api/users | List users. Supports page, pageSize, and search. |
POST | /api/users | Invite a new user with an email, name, and role. |
GET / PATCH / DELETE | /api/users/:id | Retrieve, update, or remove a user account. |
Roles & Permissions
| Method | Endpoint | Description |
|---|---|---|
GET / POST | /api/roles | List or create roles with associated permission sets. |
GET / PATCH / DELETE | /api/roles/:id | Manage a single role definition. |
GET | /api/permissions | List all available permissions, grouped by resource (project, document, artifact). |
Templates
| Method | Endpoint | Description |
|---|---|---|
GET / POST | /api/templates | List or create versioned artifact templates. Filter by category, search, or isActive. |
GET / PATCH / DELETE | /api/templates/:id | Manage a single template. |
GET / POST | /api/templates/:id/versions | List or create new versions for a template. |
Response Format
All successful responses use a consistent envelope:
{
"success": true,
"data": { ... },
"meta": {
"pagination": {
"total": 100,
"page": 1,
"pageSize": 20,
"totalPages": 5
}
}
}The meta.pagination field is included on list endpoints that support pagination.
Error Format
Errors follow the same envelope with an error object:
{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "Human-readable description of the error",
"details": { ... }
}
}Error Codes
| Code | HTTP Status | Description |
|---|---|---|
BAD_REQUEST | 400 | The request is malformed or missing required fields. |
UNAUTHORIZED | 401 | Authentication is required or the token is invalid. |
FORBIDDEN | 403 | The authenticated user lacks permission for this action. |
NOT_FOUND | 404 | The requested resource does not exist. |
CONFLICT | 409 | A resource with the same identifier already exists. |
VALIDATION_ERROR | 422 | One or more fields failed validation. |
RATE_LIMITED | 429 | Too many requests. Retry after the reset window. |
INTERNAL_ERROR | 500 | An unexpected server error occurred. |
Rate Limiting
API requests are rate-limited to protect service stability:
| Context | Limit |
|---|---|
| Authenticated users | 100 requests per minute |
| Unauthenticated requests | 10 requests per minute |
Rate limit status is communicated via response headers:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1640995200Next Steps
- Quick Start — get a local environment running to test API calls.
- System Architecture — see how the API fits into the overall system.
- Developer Guide — learn about branching, testing, and contributing code.