API Route Map (v1)

All endpoints are prefixed /api/v1 unless noted. JWT authentication required unless marked [public] or [api-key].

Auth

POST   /api/v1/auth/login                              [public]
POST   /api/v1/auth/refresh                            [public]
POST   /api/v1/auth/logout

SAML (SSO)

GET    /api/v1/auth/saml/{agencySlug}/metadata         [public]
GET    /api/v1/auth/saml/{agencySlug}/login            [public]
POST   /api/v1/auth/saml/{agencySlug}/acs              [public]
GET    /api/v1/auth/saml/config
PUT    /api/v1/auth/saml/config                        [psap_admin]

Me (current user)

GET    /api/v1/me
PATCH  /api/v1/me
GET    /api/v1/me/notifications
GET    /api/v1/me/notifications/pending-count
GET    /api/v1/me/push-tokens
POST   /api/v1/me/push-tokens
DELETE /api/v1/me/push-tokens/{tokenId}
GET    /api/v1/me/transport-channels
GET    /api/v1/me/transport-preferences

Health

GET    /api/v1/health                                  [public]

Response: {"status":"ok","version":"x.x.x","db":"ok"}

Dashboard

GET    /api/v1/dashboard/psap                          [psap roles]
GET    /api/v1/dashboard/agent                         [company roles]
GET    /api/v1/dashboard/map

Incidents

GET    /api/v1/incidents
POST   /api/v1/incidents
GET    /api/v1/incidents/search
GET    /api/v1/incidents/{id}
PATCH  /api/v1/incidents/{id}
POST   /api/v1/incidents/{id}/notifications            dispatch: notify companies
GET    /api/v1/incidents/{id}/notifications            list notifications
GET    /api/v1/incidents/{id}/communications           append-only event log
POST   /api/v1/incidents/{id}/acknowledge              TCO ACKs all company replies
POST   /api/v1/incidents/{id}/mass-acknowledge         ACK all pending notifications
POST   /api/v1/incidents/{id}/close                    PSAP closes incident
POST   /api/v1/incidents/{id}/company-close            company side close
POST   /api/v1/incidents/{id}/tco-reply                TCO sends a reply to company
POST   /api/v1/incidents/{id}/agencies                 add company agency to incident
DELETE /api/v1/incidents/{id}/agencies/{agencyId}      remove company agency
POST   /api/v1/incidents/bulk-action
POST   /api/v1/incidents/bulk-company-close
GET    /api/v1/incidents/{id}/report                   incident report (export)

Notifications & Deliveries

GET    /api/v1/notifications/{id}
POST   /api/v1/notifications/{id}/ack                  company user ACKs
POST   /api/v1/notifications/{id}/read
POST   /api/v1/notifications/{id}/ack-closure
GET    /api/v1/notifications/{id}/deliveries
POST   /api/v1/deliveries/{id}/retry                   retry failed delivery

Replies

POST   /api/v1/incidents/{incidentId}/replies          company user posts reply
GET    /api/v1/incidents/{incidentId}/replies
POST   /api/v1/replies/{id}/ack                        TCO ACKs a company reply

CFS (Call For Service)

GET    /api/v1/cfs-incidents                           parsed CAD incidents (CfsImport)
GET    /api/v1/cfs-incidents/picker                    lightweight list for incident form
GET    /api/v1/cfs-imports                             raw CFS import records [psap_admin]

GET    /api/v1/cfs-configurations
POST   /api/v1/cfs-configurations
GET    /api/v1/cfs-configurations/{id}
PATCH  /api/v1/cfs-configurations/{id}
DELETE /api/v1/cfs-configurations/{id}
POST   /api/v1/cfs-configurations/{id}/test-poll       trigger manual poll
POST   /api/v1/cfs-configurations/{id}/validate-mapping
POST   /api/v1/cfs-configurations/{id}/preview-mapping
POST   /api/v1/cfs-configurations/{id}/reparse         re-parse all files with updated mappings

Transport Channels & Types

GET    /api/v1/transport-channels
POST   /api/v1/transport-channels
GET    /api/v1/transport-channels/{id}
PATCH  /api/v1/transport-channels/{id}
DELETE /api/v1/transport-channels/{id}
POST   /api/v1/transport-channels/{id}/test            send test message
PUT    /api/v1/transport-channels/upsert

GET    /api/v1/transport-types                         read-only; managed by superadmin

Users & Transport Preferences

GET    /api/v1/users
GET    /api/v1/users/agent-users                       company users only
POST   /api/v1/users
GET    /api/v1/users/{id}
PATCH  /api/v1/users/{id}
DELETE /api/v1/users/{id}
GET    /api/v1/users/{id}/transport-preferences
POST   /api/v1/users/{id}/transport-preferences
PATCH  /api/v1/users/{id}/transport-preferences/{prefId}
DELETE /api/v1/users/{id}/transport-preferences/{prefId}

Agencies

GET    /api/v1/agencies
POST   /api/v1/agencies                                [superadmin]
GET    /api/v1/agencies/{id}
PATCH  /api/v1/agencies/{id}
PATCH  /api/v1/agencies/{id}/profile                   public-facing profile fields
GET    /api/v1/agencies/psap/map-pins                  PSAP map pin data
GET    /api/v1/agencies/company/map-pins               company map pin data

API Keys

GET    /api/v1/api-keys
POST   /api/v1/api-keys
DELETE /api/v1/api-keys/{id}

Escalation & Notification Rules

GET    /api/v1/escalation-rules
POST   /api/v1/escalation-rules
PATCH  /api/v1/escalation-rules/{id}
DELETE /api/v1/escalation-rules/{id}
POST   /api/v1/escalation-rules/{id}/preview

GET    /api/v1/escalation-templates
POST   /api/v1/escalation-templates
GET    /api/v1/escalation-templates/{id}
PATCH  /api/v1/escalation-templates/{id}
DELETE /api/v1/escalation-templates/{id}

GET    /api/v1/notification-rules
POST   /api/v1/notification-rules
PATCH  /api/v1/notification-rules/{id}
DELETE /api/v1/notification-rules/{id}

GET    /api/v1/agent-escalation-rules                  company-side escalation rules
POST   /api/v1/agent-escalation-rules
PATCH  /api/v1/agent-escalation-rules/{id}
DELETE /api/v1/agent-escalation-rules/{id}
POST   /api/v1/agent-escalation-rules/{id}/preview

Incident Templates

GET    /api/v1/incident-templates
POST   /api/v1/incident-templates
GET    /api/v1/incident-templates/{id}
PATCH  /api/v1/incident-templates/{id}
DELETE /api/v1/incident-templates/{id}
GET    /api/v1/incident-templates/{id}/prefill         pre-filled values for new incident form

Canned Messages

GET    /api/v1/canned-messages
POST   /api/v1/canned-messages
PATCH  /api/v1/canned-messages/{id}
DELETE /api/v1/canned-messages/{id}

CAD Unit Mappings

GET    /api/v1/cad-unit-mappings
POST   /api/v1/cad-unit-mappings
PATCH  /api/v1/cad-unit-mappings/{id}
DELETE /api/v1/cad-unit-mappings/{id}

PSAP Access Requests

GET    /api/v1/psap-access-requests
POST   /api/v1/psap-access-requests
PATCH  /api/v1/psap-access-requests/{id}/approve       [psap_admin]
PATCH  /api/v1/psap-access-requests/{id}/reject        [psap_admin]

Communications & Audit

GET    /api/v1/communications                          incident communication log
GET    /api/v1/audit-logs                              agency-scoped audit log
GET    /api/v1/audit-logs/all                          [superadmin] cross-agency audit log

Priorities

GET    /api/v1/priorities                              list incident priority levels
PATCH  /api/v1/superadmin/priorities/{id}              [superadmin] update priority label/config

Real-Time & Tracking

GET    /api/v1/realtime/subscribe-key                  Mercure subscriber JWT
GET    /api/v1/track/{deliveryId}/pixel                [public] email open pixel tracking
GET    /metrics                                        [public] Prometheus metrics (no /api/v1 prefix)

Inbound Transport Webhooks

These endpoints receive inbound callbacks from transport providers. Each validates a provider-specific signature before processing.

POST   /api/v1/inbound/sms                             Twilio inbound SMS reply
POST   /api/v1/inbound/sms/status                      Twilio delivery status callback
POST   /api/v1/inbound/email                           inbound email ACK/reply
POST   /api/v1/inbound/webhook                         generic webhook ACK callback
POST   /api/v1/inbound/ntfy                            ntfy ACK callback

Superadmin Routes

All require superadmin role.

Users

GET    /api/v1/superadmin/users
POST   /api/v1/superadmin/users
PATCH  /api/v1/superadmin/users/{id}
POST   /api/v1/superadmin/users/{id}/masquerade        log in as another user

Transport Types

GET    /api/v1/superadmin/transport-types
POST   /api/v1/superadmin/transport-types
PATCH  /api/v1/superadmin/transport-types/{id}
DELETE /api/v1/superadmin/transport-types/{id}

Command Connections (PSAP registrations)

GET    /api/v1/superadmin/command-connections
POST   /api/v1/superadmin/command-connections
PATCH  /api/v1/superadmin/command-connections/{id}
DELETE /api/v1/superadmin/command-connections/{id}
POST   /api/v1/superadmin/command-connections/{id}/rotate-key

API Keys

GET    /api/v1/superadmin/api-keys
POST   /api/v1/superadmin/api-keys
DELETE /api/v1/superadmin/api-keys/{id}

Agency Links

GET    /api/v1/superadmin/agency-links
POST   /api/v1/superadmin/agency-links
PATCH  /api/v1/superadmin/agency-links/{id}
DELETE /api/v1/superadmin/agency-links/{id}

PII Rules

GET    /api/v1/superadmin/pii-rules
POST   /api/v1/superadmin/pii-rules
PATCH  /api/v1/superadmin/pii-rules/{id}
DELETE /api/v1/superadmin/pii-rules/{id}

Maintenance

GET    /api/v1/superadmin/maintenance/health
GET    /api/v1/superadmin/maintenance/key-status
POST   /api/v1/superadmin/maintenance/generate-key
POST   /api/v1/superadmin/maintenance/rotate-keys
GET    /api/v1/superadmin/maintenance/db-status
POST   /api/v1/superadmin/maintenance/db-backup
GET    /api/v1/superadmin/maintenance/backups
GET    /api/v1/superadmin/maintenance/backups/{filename}/download
POST   /api/v1/superadmin/maintenance/backups/upload
POST   /api/v1/superadmin/maintenance/backups/{filename}/restore
DELETE /api/v1/superadmin/maintenance/backups/{filename}
GET    /api/v1/superadmin/maintenance/security-audit
GET    /api/v1/superadmin/maintenance/settings
PATCH  /api/v1/superadmin/maintenance/settings
POST   /api/v1/superadmin/maintenance/run-retention    trigger manual retention sweep

Core Routes (PSAP → Cloud Hub)

These endpoints are called by PSAPLink PSAP instances, authenticated with a CommandConnection API key (Authorization: ApiKey <key>).

POST   /api/v1/core/incident-ingest                    PSAP pushes a new incident
POST   /api/v1/core/cfs-ingest                         PSAP pushes a CFS file
POST   /api/v1/core/events/incident                    PSAP incident event stream
POST   /api/v1/core/events/incident-closed             PSAP incident closed event
GET    /api/v1/core/ack-queue/{psapId}                 PSAP polls pending ACKs (poll mode)
GET    /api/v1/core/psap-config                        PSAP fetches its agency config
POST   /api/v1/core/relay/incident                     PSAP relays a peer mutual aid incident

Auth​

SAML (SSO)​

Me (current user)​

Health​

Dashboard​

Incidents​

Notifications & Deliveries​

Replies​

CFS (Call For Service)​

Transport Channels & Types​

Users & Transport Preferences​

Agencies​

API Keys​

Escalation & Notification Rules​

Incident Templates​

Canned Messages​

CAD Unit Mappings​

PSAP Access Requests​

Communications & Audit​

Priorities​

Real-Time & Tracking​

Inbound Transport Webhooks​

Superadmin Routes​

Users​

Transport Types​

Command Connections (PSAP registrations)​

API Keys​

Agency Links​

PII Rules​

Maintenance​

Core Routes (PSAP → Cloud Hub)​

Auth

SAML (SSO)

Me (current user)

Health

Dashboard

Incidents

Notifications & Deliveries

Replies

CFS (Call For Service)

Transport Channels & Types

Users & Transport Preferences

Agencies

API Keys

Escalation & Notification Rules

Incident Templates

Canned Messages

CAD Unit Mappings

PSAP Access Requests

Communications & Audit

Priorities

Real-Time & Tracking

Inbound Transport Webhooks

Superadmin Routes

Users

Transport Types

Command Connections (PSAP registrations)

API Keys

Agency Links

PII Rules

Maintenance

Core Routes (PSAP → Cloud Hub)