API Inventory¶

40 endpoints total. All path-style; no apiVersion prefix.

`routes/auth.js` (mounted at `/auth/`, all behind `auth` middleware)¶

Verb	Path	Purpose
GET	`/auth/getAllOwnerList?page=&plan=&role=&status=`	Paginated list of accounts; role/plan/status filter
GET	`/auth/getallRoles`	All available `role_type` rows
POST	`/auth/updateUser`	Update a user record (full row update)
POST	`/auth/deleteAccount`	Soft-delete an account (cascades into linked rows)
POST	`/auth/deleteUser`	Soft-delete a user
POST	`/auth/searchAccountUser`	Search across users by name / email / org
GET	`/auth/AccountManagersuserlist/:pId/:rId`	Users assigned to an account manager (pId=plan, rId=role)
GET	`/auth/AccountManagersaccountlist/:pId/:rId`	Accounts assigned to an account manager
POST	`/auth/searchUser`	Search users (different from /searchAccountUser; verify)

`routes/routes.js` (mounted at root, mixed auth)¶

Public (no token required)¶

Verb	Path	Purpose
GET	`/`	API health string; protected by `methods.ensureToken` (Bearer JWT) — note `methods.ensureToken` ≠ the encrypted-token `auth` middleware
POST	`/authenticate`	Login flow A — returns a Bearer JWT
POST	`/webauthenticate`	Login flow B — returns an encrypted token (the format the admin FE uses). See authentication.md.

Authenticated (Bearer JWT or encrypted token, per-handler)¶

Personnel & roles: | Verb | Path | Purpose | |------|------|---------| | GET | /me | Current user (read by FE on app bootstrap) | | POST | /addOrUpdatePersonnel | Create or update an internal staff user | | GET | /getPersonnel/:pId | Get personnel by id | | GET | /getRoles | All roles |

Language models (Bedrock / OpenAI registry): | Verb | Path | Purpose | |------|------|---------| | GET | /getLanguageModels | List of registered AI models | | POST | /addOrUpdateLanguageModels | Register / update an AI model | | POST | /analyzeKnowledge | Run an LLM analysis pass over a knowledge base — likely invokes Nova-Pro_KnowledgeBased_Content.py |

Accounts & subscriptions: | Verb | Path | Purpose | |------|------|---------| | POST | /getAccountNameList | All account names (for autocomplete) | | POST | /getAccountsList | Paginated accounts list | | GET | /getAlltAccountManagers:pId | All account managers under a plan (note the colon-no-slash typo in path) | | POST | /NewAccManager | Create a new account manager | | POST | /addOrUpdateAccountManagersMembers | Assign members to an account manager | | GET | /AllAccountsSubscriptionAllDates/:id | Subscription audit trail for one account | | GET | /AllAccountsTransationwithAllDates/:id | Transaction audit trail (note typo "Transation") | | GET | /getUserdetail:userid | User detail by id (colon-no-slash typo in path) | | POST | /updateProfile | Update logged-in user's profile | | GET | /getAlltAccountMembers/:mId/:pId/:searchQuery | Account-manager members lookup | | POST | /searchAccountManagers | Search account managers (paginated, latest commit) |

Geo: | Verb | Path | Purpose | |------|------|---------| | GET | /getCountries | All countries | | GET | /getCities:cId | Cities for a country (colon-no-slash typo) | | GET | /getStates | All states |

Affiliate marketing: | Verb | Path | Purpose | |------|------|---------| | GET | /getAffMarketingDetails:pId | Marketing detail for plan | | GET | /getAffiliatedUsers/:id | Users affiliated to a referrer | | POST | /addOrUpdateAffiliateDetails | Create / update affiliate detail | | GET | /getAffiliateMarketingURL/:pId | URL for plan | | POST | /searchAffiliatePeople | Search affiliate people | | GET | /getSponsorId | Sponsor id lookup |

Webhooks (declared, not yet implemented)¶

server.js exempts /stripe_webhooks, /paddle_sandbox_webhooks, and /paddle_production_webhooks from JSON body parsing (because raw body is needed for signature verification). However, no handlers for those paths exist in routes/routes.js or routes/auth.js at audit time. The exemption appears to be inherited from someli-api/server.js where the handlers do exist.

This is either: - Vestigial (intended for removal), or - A future placeholder for moving paddle/stripe admin webhooks here

Either way, callers hitting those paths today get a 404. Flag as [VERIFY] — see verify-markers.md.

Naming inconsistencies¶

Several paths use /word:param instead of /word/:param (e.g., /getCities:cId, /getUserdetail:userid, /getAlltAccountManagers:pId, /getAffMarketingDetails:pId, /getAffiliateMarketingURL/:pId). Both forms work in Express ("param after colon" vs "param after slash"), but the inconsistency is visible to FE engineers.
Typo in AllAccountsTransationwithAllDates ("Transation" → "Transaction").
Some paths use camelCase (/getAccountsList), some lowercase (/me, /authenticate).

The admin FE pins these by hand in admin_console_R/src/services/api.ts, so the typos are stable. Don't fix them unilaterally; do an FE+BE coordinated rename if you fix.

Response envelope¶

Same as someli-api: { status, data, code, message, pagination? }. The getSuccessResponse / getErrorResponse helpers in helper/helper.js produce this envelope; not all handlers use the helpers.

Pagination¶

Implemented per-handler when needed:

const page = parseInt(req.query.page) || 1;
const pageSize = 20;
const offset = (page - 1) * pageSize;

… no shared pagination middleware.