API Categories

OpenAPI Explorer

Auto-generated OpenAPI definition for all enabled modules.

Default server: https://cc.kawalec.pl

Authentication & Accounts

Showing 20 of 35 endpoints

GET/auth/admin/nav

Auth required

Resolve backend chrome bootstrap payload

Returns the backend chrome payload available to the authenticated administrator after applying scope, RBAC, role defaults, and personal sidebar preferences.

Responses

200Backend chrome payload

Content-Type: application/json

{
  "groups": [
    {
      "name": "string",
      "items": [
        {
          "href": "string",
          "title": "string"
        }
      ]
    }
  ],
  "settingsSections": [
    {
      "id": "string",
      "label": "string",
      "items": [
        {
          "id": "string",
          "label": "string",
          "href": "string"
        }
      ]
    }
  ],
  "settingsPathPrefixes": [
    "string"
  ],
  "profileSections": [
    {
      "id": "string",
      "label": "string",
      "items": [
        {
          "id": "string",
          "label": "string",
          "href": "string"
        }
      ]
    }
  ],
  "profilePathPrefixes": [
    "string"
  ],
  "grantedFeatures": [
    "string"
  ],
  "roles": [
    "string"
  ]
}

Example

curl -X GET "https://cc.kawalec.pl/auth/admin/nav" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/auth/feature-check

Auth required

Check feature grants for the current user

Evaluates which of the requested features are available to the signed-in user within the active tenant / organization context.

Request body (application/json)

{
  "features": [
    "string"
  ]
}

Responses

200Evaluation result

Content-Type: application/json

{
  "ok": true,
  "granted": [
    "string"
  ],
  "userId": "string"
}

400Invalid request — features array missing, too large, or contains invalid entries

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/auth/feature-check" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"features\": [
    \"string\"
  ]
}"

GET/auth/features

Auth requiredauth.acl.manage

List declared feature flags

Returns all static features contributed by the enabled modules along with their module source. Requires features: auth.acl.manage

Responses

200Aggregated feature catalog

Content-Type: application/json

{
  "items": [
    {
      "id": "string",
      "title": "string",
      "module": "string"
    }
  ],
  "modules": [
    {
      "id": "string",
      "title": "string"
    }
  ]
}

Example

curl -X GET "https://cc.kawalec.pl/auth/features" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/auth/locale

GET /auth/locale

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/auth/locale" \
  -H "Accept: application/json"

POST/auth/locale

POST /auth/locale

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/auth/locale" \
  -H "Accept: application/json"

POST/auth/login

Authenticate user credentials

Validates the submitted credentials and issues a bearer token cookie for subsequent API calls.

Request body (application/x-www-form-urlencoded)

email=user%40example.com&password=string

Responses

200Authentication succeeded

Content-Type: application/json

{
  "ok": true,
  "token": "string",
  "redirect": null
}

400Validation failed

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

401Invalid credentials

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

403User lacks required role

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

429Too many login attempts

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/auth/login" \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "email=user%40example.com&password=string"

GET/auth/logout

Auth required

Log out (legacy GET)

For convenience, the GET variant performs the same logout logic as POST and issues a redirect.

Responses

200Success response

Content-Type: application/json

"string"

302Redirect to login after successful logout

Content-Type: text/html

string

Example

curl -X GET "https://cc.kawalec.pl/auth/logout" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/auth/logout

Auth required

Invalidate session and redirect

Clears authentication cookies and redirects the browser to the login page.

Responses

201Success response

Content-Type: application/json

"string"

302Redirect to login after successful logout

Content-Type: text/html

string

Example

curl -X POST "https://cc.kawalec.pl/auth/logout" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/auth/profile

Auth required

Get current profile

Returns the email address for the signed-in user.

Responses

200Profile payload

Content-Type: application/json

{
  "email": "user@example.com",
  "roles": [
    "string"
  ]
}

404User not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/auth/profile" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/auth/profile

Auth required

Update current profile

Updates the email address or password for the signed-in user.

Request body (application/json)

{}

Responses

200Profile updated

Content-Type: application/json

{
  "ok": true,
  "email": "user@example.com"
}

400Invalid payload

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://cc.kawalec.pl/auth/profile" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{}"

POST/auth/reset

Send reset email

Requests a password reset email for the given account. The endpoint always returns `ok: true` to avoid leaking account existence.

Request body (application/x-www-form-urlencoded)

email=user%40example.com

Responses

200Reset email dispatched (or ignored for unknown accounts)

Content-Type: application/json

{
  "ok": true
}

400Invalid request origin

Content-Type: application/json

{
  "error": "string"
}

429Too many password reset requests

Content-Type: application/json

{
  "error": "string"
}

500Password reset email origin is not configured

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/auth/reset" \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "email=user%40example.com"

POST/auth/reset/confirm

Complete password reset

Validates the reset token and updates the user password.

Request body (application/x-www-form-urlencoded)

token=string&password=string

Responses

200Password reset succeeded

Content-Type: application/json

{
  "ok": true,
  "redirect": "string"
}

400Invalid token or payload

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

429Too many reset confirmation attempts

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/auth/reset/confirm" \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "token=string&password=string"

GET/auth/roles

Auth requiredauth.roles.list

List roles

Returns available roles within the current tenant. Super administrators receive visibility across tenants. Requires features: auth.roles.list

Parameters

Name	In	Required	Schema	Description
id	query	No	any	—
page	query	No	any	—
pageSize	query	No	any	—
search	query	No	any	—
tenantId	query	No	any	—

Responses

200Role collection

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": "string",
      "usersCount": 1,
      "tenantId": null,
      "tenantName": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://cc.kawalec.pl/auth/roles?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/auth/roles

Auth requiredauth.roles.manage

Create role

Creates a new role for the current tenant or globally when `tenantId` is omitted. Requires features: auth.roles.manage

Request body (application/json)

{
  "name": "string"
}

Responses

201Role created

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000"
}

400Invalid payload

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/auth/roles" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"name\": \"string\"
}"

PUT/auth/roles

Auth requiredauth.roles.manage

Update role

Updates mutable fields on an existing role. Requires features: auth.roles.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Role updated

Content-Type: application/json

{
  "ok": true
}

400Invalid payload

Content-Type: application/json

{
  "error": "string"
}

404Role not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://cc.kawalec.pl/auth/roles" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

DELETE/auth/roles

Auth requiredauth.roles.manage

Delete role

Deletes a role by identifier. Fails when users remain assigned. Requires features: auth.roles.manage

Parameters

Name	In	Required	Schema	Description
id	query	Yes	any	Role identifier

Responses

200Role deleted

Content-Type: application/json

{
  "ok": true
}

400Role cannot be deleted

Content-Type: application/json

{
  "error": "string"
}

404Role not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://cc.kawalec.pl/auth/roles?id=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/auth/roles/acl

Auth requiredauth.acl.manage

Fetch role ACL

Returns the feature and organization assignments associated with a role within the current tenant. Requires features: auth.acl.manage

Parameters

Name	In	Required	Schema	Description
roleId	query	Yes	any	—
tenantId	query	No	any	—

Responses

200Role ACL entry

Content-Type: application/json

{
  "isSuperAdmin": true,
  "features": [
    "string"
  ],
  "organizations": null
}

400Invalid role id

Content-Type: application/json

{
  "error": "string"
}

404Role not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/auth/roles/acl?roleId=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/auth/roles/acl

Auth requiredauth.acl.manage

Update role ACL

Replaces the feature list, super admin flag, and optional organization assignments for a role. Requires features: auth.acl.manage

Request body (application/json)

{
  "roleId": "00000000-0000-4000-8000-000000000000",
  "organizations": null
}

Responses

200Role ACL updated

Content-Type: application/json

{
  "ok": true,
  "sanitized": true
}

400Invalid payload

Content-Type: application/json

{
  "error": "string"
}

404Role not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://cc.kawalec.pl/auth/roles/acl" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"roleId\": \"00000000-0000-4000-8000-000000000000\",
  \"organizations\": null
}"

GET/auth/session/refresh

Refresh auth cookie from session token (browser)

Exchanges an existing `session_token` cookie for a fresh JWT auth cookie and redirects the browser.

Parameters

Name	In	Required	Schema	Description
redirect	query	No	any	Absolute or relative URL to redirect after refresh

Responses

200Success response

Content-Type: application/json

"string"

302Redirect to target location when session is valid

Content-Type: text/html

string

Example

curl -X GET "https://cc.kawalec.pl/auth/session/refresh" \
  -H "Accept: application/json"

POST/auth/session/refresh

Refresh access token (API/mobile)

Exchanges a refresh token for a new JWT access token. Pass the refresh token obtained from login in the request body.

Request body (application/json)

{
  "refreshToken": "string"
}

Responses

200New access token issued

Content-Type: application/json

{
  "ok": true,
  "accessToken": "string",
  "expiresIn": 1
}

400Missing refresh token

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

401Invalid or expired token

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

429Too many refresh attempts

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/auth/session/refresh" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"refreshToken\": \"string\"
}"

Directory (Tenants & Organizations)

Showing 2 of 2 endpoints

GET/directory/organizations/lookup

Public organization lookup by slug

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/directory/organizations/lookup" \
  -H "Accept: application/json"

GET/directory/tenants/lookup

Public tenant lookup

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/directory/tenants/lookup" \
  -H "Accept: application/json"

Audit & Action Logs

Showing 5 of 5 endpoints

GET/audit_logs/audit-logs/access

Auth requiredaudit_logs.view_self

Retrieve access logs

Fetches paginated access audit logs scoped to the authenticated user. Tenant administrators can optionally expand the search to other actors or organizations. Requires features: audit_logs.view_self

Parameters

Name	In	Required	Schema	Description
organizationId	query	No	any	Limit results to a specific organization
actorUserId	query	No	any	Filter by actor user id (tenant administrators only)
resourceKind	query	No	any	Restrict to a resource kind such as `order` or `product`
accessType	query	No	any	Access type filter, e.g. `read` or `export`
page	query	No	any	Page number (default 1)
pageSize	query	No	any	Page size (default 50)
limit	query	No	any	Explicit maximum number of records when paginating manually
before	query	No	any	Return logs created before this ISO-8601 timestamp
after	query	No	any	Return logs created after this ISO-8601 timestamp

Responses

200Access logs returned successfully

Content-Type: application/json

{
  "items": [
    {
      "id": "string",
      "resourceKind": "string",
      "resourceId": "string",
      "accessType": "string",
      "actorUserId": null,
      "actorUserName": null,
      "tenantId": null,
      "tenantName": null,
      "organizationId": null,
      "organizationName": null,
      "fields": [
        "string"
      ],
      "context": null,
      "createdAt": "string"
    }
  ],
  "canViewTenant": true,
  "page": 1,
  "pageSize": 1,
  "total": 1,
  "totalPages": 1
}

400Invalid filters supplied

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/audit_logs/audit-logs/access" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/audit_logs/audit-logs/actions

Auth requiredaudit_logs.view_self

Fetch action logs

Returns recent action audit log entries. Tenant administrators can widen the scope to other actors or organizations, and callers can optionally restrict results to undoable actions. Requires features: audit_logs.view_self

Parameters

Name	In	Required	Schema	Description
organizationId	query	No	any	Limit results to a specific organization
actorUserId	query	No	any	Filter logs created by specific actor IDs (tenant administrators only). Accepts a single UUID or a comma-separated UUID list.
resourceKind	query	No	any	Filter by resource kind (e.g., "order", "product")
resourceId	query	No	any	Filter by resource ID (UUID of the specific record)
actionType	query	No	any	Filter by action type (`create`, `edit`, `delete`, `assign`). Accepts a single value or a comma-separated list.
fieldName	query	No	any	Filter to entries where the given field changed. Accepts a single field name or a comma-separated list.
includeRelated	query	No	any	When `true`, also returns changes to child entities linked via parentResourceKind/parentResourceId
includeTotal	query	No	any	When `true`, the response includes the filtered total count.
undoableOnly	query	No	any	When `true`, only undoable actions are returned
limit	query	No	any	Maximum number of records to return (default 50, max 1000)
offset	query	No	any	Zero-based record offset for pagination (legacy — prefer page/pageSize)
page	query	No	any	Page number (default 1)
pageSize	query	No	any	Page size (default 50, max 200)
sortField	query	No	any	Sort field: `createdAt`, `user`, `action`, `field`, or `source`.
sortDir	query	No	any	Sort direction: `asc` or `desc`.
before	query	No	any	Return actions created before this ISO-8601 timestamp
after	query	No	any	Return actions created after this ISO-8601 timestamp

Responses

200Action logs retrieved successfully

Content-Type: application/json

{
  "items": [
    {
      "id": "string",
      "commandId": "string",
      "actionLabel": null,
      "executionState": "done",
      "actorUserId": null,
      "actorUserName": null,
      "tenantId": null,
      "tenantName": null,
      "organizationId": null,
      "organizationName": null,
      "resourceKind": null,
      "resourceId": null,
      "parentResourceKind": null,
      "parentResourceId": null,
      "undoToken": null,
      "createdAt": "string",
      "updatedAt": "string",
      "snapshotBefore": null,
      "snapshotAfter": null,
      "changes": null,
      "context": null
    }
  ],
  "canViewTenant": true,
  "page": 1,
  "pageSize": 1,
  "total": 1,
  "totalPages": 1
}

400Invalid filter values

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/audit_logs/audit-logs/actions?includeRelated=false&includeTotal=false&undoableOnly=false" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/audit_logs/audit-logs/actions/export

Auth requiredaudit_logs.view_self

Export action logs as CSV

Returns a CSV attachment containing filtered action audit log entries. Tenant administrators can widen the scope to other actors or organizations. Requires features: audit_logs.view_self

Parameters

Name	In	Required	Schema	Description
organizationId	query	No	any	Limit results to a specific organization
actorUserId	query	No	any	Filter logs created by specific actor IDs (tenant administrators only). Accepts a single UUID or a comma-separated UUID list.
resourceKind	query	No	any	Filter by resource kind (e.g., "order", "product")
resourceId	query	No	any	Filter by resource ID (UUID of the specific record)
actionType	query	No	any	Filter by action type (`create`, `edit`, `delete`, `assign`). Accepts a single value or a comma-separated list.
fieldName	query	No	any	Filter to entries where the given field changed. Accepts a single field name or a comma-separated list.
includeRelated	query	No	any	When `true`, also returns changes to child entities linked via parentResourceKind/parentResourceId
undoableOnly	query	No	any	When `true`, only undoable actions are returned
limit	query	No	any	Maximum number of records to export (default 1000, capped at 1000)
sortField	query	No	any	Sort field: `createdAt`, `user`, `action`, `field`, or `source`.
sortDir	query	No	any	Sort direction: `asc` or `desc`.
before	query	No	any	Return actions created before this ISO-8601 timestamp
after	query	No	any	Return actions created after this ISO-8601 timestamp

Responses

200CSV export generated successfully

Content-Type: application/json

{
  "file": "csv"
}

400Invalid filter values

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/audit_logs/audit-logs/actions/export?includeRelated=false&undoableOnly=false" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/audit_logs/audit-logs/actions/redo

Auth requiredaudit_logs.redo_self

Redo by action log id

Redoes the latest undone command owned by the caller. Requires the action to still be eligible for redo within tenant and organization scope. Requires features: audit_logs.redo_self

Request body (application/json)

{
  "logId": "string"
}

Responses

200Redo executed successfully

Content-Type: application/json

{
  "ok": true,
  "logId": null,
  "undoToken": null
}

400Log not eligible for redo

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/audit_logs/audit-logs/actions/redo" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"logId\": \"string\"
}"

POST/audit_logs/audit-logs/actions/undo

Auth requiredaudit_logs.undo_self

Undo action by token

Replays the undo handler registered for a command. The provided undo token must match the latest undoable log entry accessible to the caller. Requires features: audit_logs.undo_self

Request body (application/json)

{
  "undoToken": "string"
}

Responses

200Undo applied successfully

Content-Type: application/json

{
  "ok": true,
  "logId": "string"
}

400Invalid or unavailable undo token

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/audit_logs/audit-logs/actions/undo" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"undoToken\": \"string\"
}"

Notifications

Showing 13 of 13 endpoints

GET/notifications

Auth required

List notifications

Returns a paginated collection of notifications.

Parameters

Name	In	Required	Schema	Description
status	query	No	any	—
type	query	No	any	—
severity	query	No	any	—
sourceEntityType	query	No	any	—
sourceEntityId	query	No	any	—
since	query	No	any	—
page	query	No	any	—
pageSize	query	No	any	—
ids	query	No	any	Comma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated notifications

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "type": "string",
      "title": "string",
      "body": null,
      "titleKey": null,
      "bodyKey": null,
      "titleVariables": null,
      "bodyVariables": null,
      "icon": null,
      "severity": "string",
      "status": "string",
      "actions": [
        {
          "id": "string",
          "label": "string"
        }
      ],
      "sourceModule": null,
      "sourceEntityType": null,
      "sourceEntityId": null,
      "linkHref": null,
      "createdAt": "string",
      "readAt": null,
      "actionTaken": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}

Example

curl -X GET "https://cc.kawalec.pl/notifications?page=1&pageSize=20" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/notifications

Auth requirednotifications.create

Create notification

Creates a notification for a user. Requires features: notifications.create

Request body (application/json)

{
  "type": "string",
  "severity": "info",
  "recipientUserId": "00000000-0000-4000-8000-000000000000"
}

Responses

201Notification created

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Example

curl -X POST "https://cc.kawalec.pl/notifications" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"type\": \"string\",
  \"severity\": \"info\",
  \"recipientUserId\": \"00000000-0000-4000-8000-000000000000\"
}"

POST/notifications/{id}/action

Auth required

POST /notifications/{id}/action

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/notifications/:id/action" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/notifications/{id}/dismiss

Auth required

PUT /notifications/{id}/dismiss

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PUT "https://cc.kawalec.pl/notifications/:id/dismiss" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/notifications/{id}/read

Auth required

PUT /notifications/{id}/read

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PUT "https://cc.kawalec.pl/notifications/:id/read" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/notifications/{id}/restore

Auth required

PUT /notifications/{id}/restore

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PUT "https://cc.kawalec.pl/notifications/:id/restore" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/notifications/batch

Auth requirednotifications.create

POST /notifications/batch

Requires features: notifications.create

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/notifications/batch" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/notifications/feature

Auth requirednotifications.create

POST /notifications/feature

Requires features: notifications.create

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/notifications/feature" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/notifications/mark-all-read

Auth required

PUT /notifications/mark-all-read

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PUT "https://cc.kawalec.pl/notifications/mark-all-read" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/notifications/role

Auth requirednotifications.create

POST /notifications/role

Requires features: notifications.create

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/notifications/role" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/notifications/settings

Auth requirednotifications.manage

GET /notifications/settings

Requires features: notifications.manage

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/notifications/settings" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/notifications/settings

Auth requirednotifications.manage

POST /notifications/settings

Requires features: notifications.manage

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/notifications/settings" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/notifications/unread-count

Auth required

GET /notifications/unread-count

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/notifications/unread-count" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Events

Showing 2 of 2 endpoints

GET/events

Auth required

List declared events

Returns every declared event. Filters: category, module, excludeTriggerExcluded (default true).

Responses

200Declared events

Content-Type: application/json

{
  "data": [
    {
      "id": "string",
      "label": "string"
    }
  ],
  "total": 1
}

Example

curl -X GET "https://cc.kawalec.pl/events" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/events/stream

Auth required

GET /events/stream

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/events/stream" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Attachments

Showing 14 of 14 endpoints

GET/attachments

Auth requiredattachments.view

List attachments for a record

Returns uploaded attachments for the given entity record, ordered by newest first. Requires features: attachments.view

Parameters

Name	In	Required	Schema	Description
entityId	query	Yes	any	Entity identifier that owns the attachments
recordId	query	Yes	any	Record identifier within the entity
page	query	No	any	—
pageSize	query	No	any	—

Responses

200Attachments found for the record

Content-Type: application/json

{
  "items": [
    {
      "id": "string",
      "url": "string",
      "fileName": "string",
      "fileSize": 1,
      "createdAt": "string",
      "mimeType": null,
      "content": null
    }
  ]
}

400Missing entity or record identifiers

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/attachments?entityId=string&recordId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/attachments

Auth requiredattachments.manage

Upload attachment

Uploads a new attachment using multipart form-data and stores metadata for later retrieval. Requires features: attachments.manage

Request body (multipart/form-data)

entityId=string
recordId=string
file=string

Responses

200Attachment stored successfully

Content-Type: application/json

{
  "ok": true,
  "item": {
    "id": "string",
    "url": "string",
    "fileName": "string",
    "fileSize": 1,
    "content": null
  }
}

400Payload validation error

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/attachments" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: multipart/form-data" \
  -d "{
  \"entityId\": \"string\",
  \"recordId\": \"string\",
  \"file\": \"string\"
}"

DELETE/attachments

Auth requiredattachments.manage

Delete attachment

Removes an uploaded attachment and deletes the stored asset. Requires features: attachments.manage

Parameters

Name	In	Required	Schema	Description
id	query	Yes	any	—

Responses

200Attachment deleted

Content-Type: application/json

{
  "ok": true
}

400Missing attachment identifier

Content-Type: application/json

{
  "error": "string"
}

404Attachment not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://cc.kawalec.pl/attachments?id=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/attachments/file/{id}

Download or serve attachment file

Returns the raw file content for an attachment. Path parameter: {id} - Attachment UUID. Query parameter: ?download=1 - Force file download with Content-Disposition header. Access control is enforced based on partition settings.

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200File content with appropriate MIME type

Content-Type: application/json

"string"

400Missing attachment ID

Content-Type: application/json

{
  "error": "string"
}

401Unauthorized - authentication required for private partitions

Content-Type: application/json

{
  "error": "string"
}

403Forbidden - insufficient permissions

Content-Type: application/json

{
  "error": "string"
}

404Attachment or file not found

Content-Type: application/json

{
  "error": "string"
}

500Partition misconfigured

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/attachments/file/:id" \
  -H "Accept: application/json"

GET/attachments/image/{id}/{slug}

Serve image with optional resizing

Returns an image attachment with optional on-the-fly resizing and cropping. Resized images are cached for performance. Only works with image MIME types. Path parameter: {id} - Attachment UUID. Query parameters: ?width=N (1-4000 pixels), ?height=N (1-4000 pixels), ?cropType=cover|contain (resize behavior).

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—
slug	path	No	any	—

Responses

200Binary image content (Content-Type: image/jpeg, image/png, etc.)

Content-Type: application/json

"string"

400Invalid parameters, missing ID, or non-image attachment

Content-Type: application/json

{
  "error": "string"
}

401Unauthorized - authentication required for private partitions

Content-Type: application/json

{
  "error": "string"
}

403Forbidden - insufficient permissions

Content-Type: application/json

{
  "error": "string"
}

404Image not found

Content-Type: application/json

{
  "error": "string"
}

500Partition misconfigured or image rendering failed

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/attachments/image/:id/:slug" \
  -H "Accept: application/json"

GET/attachments/library

Auth requiredattachments.view

List attachments

Returns paginated list of attachments with optional filtering by search term, partition, and tags. Includes available tags and partitions. Requires features: attachments.view

Parameters

Name	In	Required	Schema	Description
page	query	No	any	Page number for pagination
pageSize	query	No	any	Number of items per page (max 100)
search	query	No	any	Search by file name (case-insensitive)
partition	query	No	any	Filter by partition code
tags	query	No	any	Filter by tags (comma-separated)
sortField	query	No	any	Field to sort by
sortDir	query	No	any	Sort direction

Responses

200Attachments list with pagination and metadata

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "fileName": "string",
      "fileSize": 1,
      "mimeType": "string",
      "partitionCode": "string",
      "partitionTitle": null,
      "url": null,
      "createdAt": "string",
      "tags": [
        "string"
      ],
      "assignments": [],
      "content": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1,
  "availableTags": [
    "string"
  ],
  "partitions": [
    {
      "code": "string",
      "title": "string",
      "description": null,
      "isPublic": true
    }
  ]
}

400Invalid query parameters

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/attachments/library?page=1&pageSize=25" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/attachments/library/{id}

Auth requiredattachments.view

Get attachment details

Returns complete details of an attachment including metadata, tags, assignments, and custom fields. Requires features: attachments.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Attachment details

Content-Type: application/json

{
  "item": {
    "id": "00000000-0000-4000-8000-000000000000",
    "fileName": "string",
    "fileSize": 1,
    "mimeType": "string",
    "partitionCode": "string",
    "partitionTitle": null,
    "tags": [
      "string"
    ],
    "assignments": [],
    "content": null,
    "customFields": null
  }
}

400Invalid attachment ID

Content-Type: application/json

{
  "error": "string"
}

404Attachment not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/attachments/library/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PATCH/attachments/library/{id}

Auth requiredattachments.manage

Update attachment metadata

Updates attachment tags, assignments, and custom fields. Emits CRUD side effects for indexing and events. Requires features: attachments.manage

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Request body (application/json)

{}

Responses

200Attachment updated successfully

Content-Type: application/json

{
  "ok": true
}

400Invalid payload or attachment ID

Content-Type: application/json

{
  "error": "string"
}

404Attachment not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to save attributes

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PATCH "https://cc.kawalec.pl/attachments/library/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{}"

DELETE/attachments/library/{id}

Auth requiredattachments.manage

Delete attachment

Permanently deletes an attachment file from storage and database. Emits CRUD side effects. Requires features: attachments.manage

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Attachment deleted successfully

Content-Type: application/json

{
  "ok": true
}

400Invalid attachment ID

Content-Type: application/json

{
  "error": "string"
}

404Attachment not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://cc.kawalec.pl/attachments/library/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/attachments/partitions

Auth requiredattachments.manage

List all attachment partitions

Returns all configured attachment partitions with storage settings, OCR configuration, and access control settings. Requires features: attachments.manage

Responses

200List of partitions

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "code": "string",
      "title": "string",
      "description": null,
      "isPublic": true,
      "requiresOcr": true,
      "ocrModel": null,
      "createdAt": null,
      "updatedAt": null,
      "envKey": "string"
    }
  ]
}

Example

curl -X GET "https://cc.kawalec.pl/attachments/partitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/attachments/partitions

Auth requiredattachments.manage

Create new partition

Creates a new attachment partition with specified storage and OCR settings. Requires unique partition code. Requires features: attachments.manage

Request body (application/json)

{
  "code": "string",
  "title": "string",
  "description": null,
  "ocrModel": null
}

Responses

201Partition created successfully

Content-Type: application/json

{
  "item": {
    "id": "00000000-0000-4000-8000-000000000000",
    "code": "string",
    "title": "string",
    "description": null,
    "isPublic": true,
    "requiresOcr": true,
    "ocrModel": null,
    "createdAt": null,
    "updatedAt": null,
    "envKey": "string"
  }
}

400Invalid payload or partition code

Content-Type: application/json

{
  "error": "string"
}

409Partition code already exists

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/attachments/partitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"code\": \"string\",
  \"title\": \"string\",
  \"description\": null,
  \"ocrModel\": null
}"

PUT/attachments/partitions

Auth requiredattachments.manage

Update partition

Updates an existing partition. Partition code cannot be changed. Title, description, OCR settings, and access control can be modified. Requires features: attachments.manage

Request body (application/json)

{
  "code": "string",
  "title": "string",
  "description": null,
  "ocrModel": null,
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Partition updated successfully

Content-Type: application/json

{
  "item": {
    "id": "00000000-0000-4000-8000-000000000000",
    "code": "string",
    "title": "string",
    "description": null,
    "isPublic": true,
    "requiresOcr": true,
    "ocrModel": null,
    "createdAt": null,
    "updatedAt": null,
    "envKey": "string"
  }
}

400Invalid payload or code change attempt

Content-Type: application/json

{
  "error": "string"
}

404Partition not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://cc.kawalec.pl/attachments/partitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"code\": \"string\",
  \"title\": \"string\",
  \"description\": null,
  \"ocrModel\": null,
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

DELETE/attachments/partitions

Auth requiredattachments.manage

Delete partition

Deletes a partition. Default partitions cannot be deleted. Partitions with existing attachments cannot be deleted. Requires features: attachments.manage

Responses

200Partition deleted successfully

Content-Type: application/json

{
  "ok": true
}

400Invalid ID or default partition deletion attempt

Content-Type: application/json

{
  "error": "string"
}

404Partition not found

Content-Type: application/json

{
  "error": "string"
}

409Partition in use

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://cc.kawalec.pl/attachments/partitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/attachments/transfer

Auth requiredattachments.manage

Transfer attachments to different record

Transfers one or more attachments from one record to another within the same entity type. Updates attachment assignments and metadata to reflect the new record. Requires features: attachments.manage

Request body (application/json)

{
  "entityId": "string",
  "attachmentIds": [
    "00000000-0000-4000-8000-000000000000"
  ],
  "toRecordId": "string"
}

Responses

200Attachments transferred successfully

Content-Type: application/json

{
  "ok": true,
  "updated": 1
}

400Invalid payload

Content-Type: application/json

{
  "error": "string"
}

404Attachments not found

Content-Type: application/json

{
  "error": "string"
}

500Attachment model missing

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/attachments/transfer" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"attachmentIds\": [
    \"00000000-0000-4000-8000-000000000000\"
  ],
  \"toRecordId\": \"string\"
}"

Integrations

Showing 8 of 8 endpoints

GET/integrations

Auth requiredintegrations.view

List integrations

Returns a paginated collection of integrations. Requires features: integrations.view

Parameters

Name	In	Required	Schema	Description
q	query	No	any	—
category	query	No	any	—
bundleId	query	No	any	—
isEnabled	query	No	any	—
healthStatus	query	No	any	—
sort	query	No	any	—
order	query	No	any	—
page	query	No	any	—
pageSize	query	No	any	—
ids	query	No	any	Comma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated integrations

Content-Type: application/json

{
  "items": [
    {
      "id": "string",
      "title": "string",
      "description": null,
      "category": null,
      "tags": [
        "string"
      ],
      "hub": null,
      "providerKey": null,
      "bundleId": null,
      "author": null,
      "company": null,
      "version": null,
      "hasCredentials": true,
      "isEnabled": true,
      "apiVersion": null,
      "healthStatus": "healthy",
      "lastHealthCheckedAt": null,
      "lastHealthLatencyMs": null,
      "enabledAt": null,
      "analytics": {
        "lastActivityAt": null,
        "totalCount": 1,
        "errorCount": 1,
        "errorRate": 1,
        "dailyCounts": [
          1
        ]
      }
    }
  ],
  "total": 1,
  "totalPages": 1,
  "bundles": [
    {
      "id": "string",
      "title": "string",
      "description": "string",
      "icon": null,
      "integrationCount": 1,
      "enabledCount": 1
    }
  ]
}

Example

curl -X GET "https://cc.kawalec.pl/integrations?order=asc&page=1&pageSize=100" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/integrations/{id}

Auth requiredintegrations.view

Get integration detail

Requires features: integrations.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/integrations/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/integrations/{id}/credentials

Auth requiredintegrations.credentials.manage

Get or save integration credentials

Requires features: integrations.credentials.manage

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/integrations/:id/credentials" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/integrations/{id}/credentials

Auth requiredintegrations.credentials.manage

Get or save integration credentials

Requires features: integrations.credentials.manage

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PUT "https://cc.kawalec.pl/integrations/:id/credentials" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/integrations/{id}/health

Auth requiredintegrations.manage

Run health check for an integration

Requires features: integrations.manage

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/integrations/:id/health" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/integrations/{id}/state

Auth requiredintegrations.manage

Update integration state

Requires features: integrations.manage

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PUT "https://cc.kawalec.pl/integrations/:id/state" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/integrations/{id}/version

Auth requiredintegrations.manage

Change integration API version

Requires features: integrations.manage

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PUT "https://cc.kawalec.pl/integrations/:id/version" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/integrations/logs

Auth requiredintegrations.manage

List integration logs

Requires features: integrations.manage

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/integrations/logs" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Feature Toggles

Showing 12 of 12 endpoints

GET/feature_toggles/check/boolean

Auth required

Check if feature is enabled

Checks if a feature toggle is enabled for the current context.

Parameters

Name	In	Required	Schema	Description
identifier	query	Yes	any	Feature toggle identifier

Responses

200Feature status

Content-Type: application/json

{
  "enabled": true,
  "source": "override",
  "toggleId": "string",
  "identifier": "string",
  "tenantId": "string"
}

400Bad Request

Content-Type: application/json

{
  "error": "string"
}

404Tenant not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/feature_toggles/check/boolean?identifier=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/check/json

Auth required

Get json config

Gets the json configuration for a feature toggle.

Parameters

Name	In	Required	Schema	Description
identifier	query	Yes	any	Feature toggle identifier

Responses

200Json config

Content-Type: application/json

{
  "valueType": "json",
  "source": "override",
  "toggleId": "string",
  "identifier": "string",
  "tenantId": "string"
}

400Bad Request

Content-Type: application/json

{
  "error": "string"
}

404Tenant not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/feature_toggles/check/json?identifier=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/check/number

Auth required

Get number config

Gets the number configuration for a feature toggle.

Parameters

Name	In	Required	Schema	Description
identifier	query	Yes	any	Feature toggle identifier

Responses

200Number config

Content-Type: application/json

{
  "valueType": "number",
  "value": 1,
  "source": "override",
  "toggleId": "string",
  "identifier": "string",
  "tenantId": "string"
}

400Bad Request

Content-Type: application/json

{
  "error": "string"
}

404Tenant not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/feature_toggles/check/number?identifier=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/check/string

Auth required

Get string config

Gets the string configuration for a feature toggle.

Parameters

Name	In	Required	Schema	Description
identifier	query	Yes	any	Feature toggle identifier

Responses

200String config

Content-Type: application/json

{
  "valueType": "string",
  "value": "string",
  "source": "override",
  "toggleId": "string",
  "identifier": "string",
  "tenantId": "string"
}

400Bad Request

Content-Type: application/json

{
  "error": "string"
}

404Tenant not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/feature_toggles/check/string?identifier=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/global

Auth requiredfeature_toggles.view

List global feature toggles

Returns all global feature toggles with filtering and pagination. Requires superadmin role. Requires features: feature_toggles.view

Parameters

Name	In	Required	Schema	Description
page	query	No	any	Page number for pagination
pageSize	query	No	any	Number of items per page (max 200)
search	query	No	any	Case-insensitive search across identifier, name, description, and category
type	query	No	any	Filter by toggle type (boolean, string, number, json)
category	query	No	any	Filter by category (case-insensitive partial match)
name	query	No	any	Filter by name (case-insensitive partial match)
identifier	query	No	any	Filter by identifier (case-insensitive partial match)
sortField	query	No	any	Field to sort by
sortDir	query	No	any	Sort direction (ascending or descending)

Responses

200Feature toggles collection

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "identifier": "string",
      "name": "string",
      "description": null,
      "category": null,
      "type": "boolean",
      "defaultValue": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}

400Invalid query parameters

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/feature_toggles/global?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/feature_toggles/global

Auth requiredfeature_toggles.manage

Create global feature toggle

Creates a new global feature toggle. Requires superadmin role. Requires features: feature_toggles.manage

Request body (application/json)

{
  "identifier": "string",
  "name": "string",
  "description": null,
  "category": null,
  "type": "boolean",
  "defaultValue": null
}

Responses

201Feature toggle created

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000"
}

400Invalid payload

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/feature_toggles/global" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"identifier\": \"string\",
  \"name\": \"string\",
  \"description\": null,
  \"category\": null,
  \"type\": \"boolean\",
  \"defaultValue\": null
}"

PUT/feature_toggles/global

Auth requiredfeature_toggles.manage

Update global feature toggle

Updates an existing global feature toggle. Requires superadmin role. Requires features: feature_toggles.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "description": null,
  "category": null,
  "defaultValue": null
}

Responses

200Feature toggle updated

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000"
}

400Invalid payload

Content-Type: application/json

{
  "error": "string"
}

404Feature toggle not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://cc.kawalec.pl/feature_toggles/global" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"description\": null,
  \"category\": null,
  \"defaultValue\": null
}"

DELETE/feature_toggles/global

Auth requiredfeature_toggles.manage

Delete global feature toggle

Soft deletes a global feature toggle by ID. Requires superadmin role. Requires features: feature_toggles.manage

Parameters

Name	In	Required	Schema	Description
id	query	Yes	any	Feature toggle identifier

Responses

200Feature toggle deleted

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000"
}

400Invalid identifier

Content-Type: application/json

{
  "error": "string"
}

404Feature toggle not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://cc.kawalec.pl/feature_toggles/global?id=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/global/{id}

Auth requiredfeature_toggles.view

Fetch feature toggle by ID

Returns complete details of a feature toggle. Requires features: feature_toggles.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Feature toggle detail

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "identifier": "string",
  "name": "string",
  "description": null,
  "category": null,
  "type": "boolean",
  "defaultValue": null
}

400Invalid identifier

Content-Type: application/json

{
  "error": "string"
}

404Feature toggle not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/feature_toggles/global/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/global/{id}/override

Auth requiredfeature_toggles.view

Fetch feature toggle override

Returns feature toggle override. Requires features: feature_toggles.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Feature toggle overrides

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "tenantName": "string",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "toggleType": "boolean"
}

400Invalid request

Content-Type: application/json

{
  "error": "string"
}

404Feature toggle not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/feature_toggles/global/:id/override" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/overrides

Auth requiredfeature_toggles.view

List overrides

Returns list of feature toggle overrides. Requires features: feature_toggles.view

Parameters

Name	In	Required	Schema	Description
category	query	No	any	—
name	query	No	any	—
identifier	query	No	any	—
sortField	query	No	any	—
sortDir	query	No	any	—
page	query	No	any	—
pageSize	query	No	any	—

Responses

200List of overrides

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "toggleId": "00000000-0000-4000-8000-000000000000",
      "overrideState": "enabled",
      "identifier": "string",
      "name": "string",
      "category": null,
      "defaultState": true,
      "tenantName": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1,
  "isSuperAdmin": true
}

400Invalid query parameters

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/feature_toggles/overrides?page=1&pageSize=25" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/feature_toggles/overrides

Auth requiredfeature_toggles.manage

Change override state

Enable, disable or inherit a feature toggle for a specific tenant. Requires features: feature_toggles.manage

Request body (application/json)

{
  "toggleId": "00000000-0000-4000-8000-000000000000",
  "isOverride": true
}

Responses

200Override updated

Content-Type: application/json

{
  "ok": true,
  "overrideToggleId": null
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

404Not found

Content-Type: application/json

{
  "error": "string"
}

500Internal server error

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://cc.kawalec.pl/feature_toggles/overrides" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"toggleId\": \"00000000-0000-4000-8000-000000000000\",
  \"isOverride\": true
}"

AI Assistant

Showing 20 of 29 endpoints

GET/ai_assistant/ai/actions/{id}

Auth requiredai_assistant.view

Fetch the current state of an AI pending action by id.

Returns the tenant-scoped {@link AiPendingAction} addressed by `:id`. Powers the chat UI reconnect/polling path: after a page reload or SSE reconnect the client carries the `pendingActionId` from an earlier `mutation-preview-card` UI part and calls this route to re-hydrate the card. Server-internal fields (`normalizedInput`, `createdByUserId`, `idempotencyKey`) are stripped by a whitelist serializer. Enforces tenant/org scoping via the repository. Requires features: ai_assistant.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Serialized pending action. Never includes normalizedInput, createdByUserId, or idempotencyKey.

Content-Type: application/json

"string"

404No pending action with the given id is accessible to the caller.

Content-Type: application/json

"string"

500Internal runtime failure.

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/ai_assistant/ai/actions/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/ai_assistant/ai/actions/{id}/cancel

Auth requiredai_assistant.view

Cancel an AI pending action without executing the wrapped tool.

Flips a pending AI action from `pending` to `cancelled` and emits the `ai.action.cancelled` event. The tool handler is never invoked. Idempotent: a second call on a row already in `cancelled` status returns 200 with the current row without re-emitting the event. Rows whose `expiresAt` is in the past are flipped to `expired` and returned as 409 `expired` so the client can surface the TTL loss instead of silently masking it as a cancellation. Requires features: ai_assistant.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Cancellation complete (or idempotent replay); body includes the serialized pending action with status `cancelled`.

Content-Type: application/json

"string"

400Invalid cancel request body (unknown field, reason exceeds 500 chars, wrong type).

Content-Type: application/json

"string"

404Pending action not found in the caller scope.

Content-Type: application/json

"string"

409Pending action is not in `pending` status (already confirmed/failed/executing) or has expired.

Content-Type: application/json

"string"

500Unexpected server failure during cancel.

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/ai_assistant/ai/actions/:id/cancel" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/ai_assistant/ai/actions/{id}/confirm

Auth requiredai_assistant.view

Confirm an AI pending action, re-running every server-side check before execution.

Re-verifies the full contract from spec §9.4 (status, expiry, agent registration, required features, mutation policy, tool whitelist, attachment tenant scope, record version, and schema drift), flips the pending-action state machine to `executing`, invokes the wrapped tool handler, and persists `executionResult`. Idempotent: a second call on a row already in `confirmed` state returns the prior result without re-executing the handler. Requires features: ai_assistant.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Confirmation complete; body includes the serialized pending action and the mutation result.

Content-Type: application/json

"string"

404Pending action or agent not found in the caller scope.

Content-Type: application/json

"string"

409Pending action is not in `pending` status or has expired.

Content-Type: application/json

"string"

412Record version changed between propose and confirm, or the input schema no longer accepts the stored payload.

Content-Type: application/json

"string"

500Unexpected server failure during confirm.

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/ai_assistant/ai/actions/:id/confirm" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/ai_assistant/ai/agents

Auth requiredai_assistant.view

List registered AI agents, filtered by the caller's features.

Returns `{ agents: [...] }` — the subset of agents from `ai-agents.generated.ts` that the authenticated caller can invoke based on each agent's `requiredFeatures`. Mirrors the `meta.list_agents` tool handler so backoffice pages (e.g. the playground) can render an agent picker without going through the MCP tool transport. Requires features: ai_assistant.view

Responses

200Accessible agent summaries.

Content-Type: application/json

"string"

500Internal failure while loading the agent registry.

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/ai_assistant/ai/agents" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/ai_assistant/ai/agents/{agentId}/loop-override

Auth requiredai_assistant.view

Read the current loop-policy override for this agent, if any.

Returns `{ agentId, override }` where `override` is the agent-scoped loop-policy row from `ai_agent_runtime_overrides` (or `null`). Requires `ai_assistant.view`. Requires features: ai_assistant.view

Parameters

Name	In	Required	Schema	Description
agentId	path	Yes	any	—

Responses

200Loop override payload.

Content-Type: application/json

"string"

400Invalid agent id.

Content-Type: application/json

"string"

404Unknown agent id.

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/ai_assistant/ai/agents/:agentId/loop-override" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/ai_assistant/ai/agents/{agentId}/loop-override

Auth requiredai_assistant.settings.manage

Set (or replace) the tenant-scoped loop-policy override for this agent.

Body: loop columns. All fields are nullable/optional; `null` explicitly clears that axis. Validates `loopStopWhenJson` items and `loopActiveToolsJson` membership. Requires `ai_assistant.settings.manage`. Requires features: ai_assistant.settings.manage

Parameters

Name	In	Required	Schema	Description
agentId	path	Yes	any	—

Request body (application/json)

{
  "loopDisabled": null,
  "loopMaxSteps": null,
  "loopMaxToolCalls": null,
  "loopMaxWallClockMs": null,
  "loopMaxTokens": null,
  "loopStopWhenJson": null,
  "loopActiveToolsJson": null
}

Responses

200Override persisted.

Content-Type: application/json

"string"

400Invalid agent id or validation error.

Content-Type: application/json

"string"

404Unknown agent id.

Content-Type: application/json

"string"

Example

curl -X PUT "https://cc.kawalec.pl/ai_assistant/ai/agents/:agentId/loop-override" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"loopDisabled\": null,
  \"loopMaxSteps\": null,
  \"loopMaxToolCalls\": null,
  \"loopMaxWallClockMs\": null,
  \"loopMaxTokens\": null,
  \"loopStopWhenJson\": null,
  \"loopActiveToolsJson\": null
}"

DELETE/ai_assistant/ai/agents/{agentId}/loop-override

Auth requiredai_assistant.settings.manage

Remove the loop-policy columns from the agent-scoped runtime override row.

Nulls out all seven loop columns on the agent-scoped `ai_agent_runtime_overrides` row. Idempotent — returns 200 even when no override exists. Requires `ai_assistant.settings.manage`. Requires features: ai_assistant.settings.manage

Parameters

Name	In	Required	Schema	Description
agentId	path	Yes	any	—

Responses

200Loop override cleared (or already absent).

Content-Type: application/json

"string"

400Invalid agent id.

Content-Type: application/json

"string"

404Unknown agent id.

Content-Type: application/json

"string"

Example

curl -X DELETE "https://cc.kawalec.pl/ai_assistant/ai/agents/:agentId/loop-override" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/ai_assistant/ai/agents/{agentId}/models

Auth requiredai_assistant.view

Get the providers and curated models available for the chat-UI picker for this agent

Returns all configured providers with their curated model catalogs, filtered to providers that have an API key configured in the current environment. When the agent declares `allowRuntimeOverride: false`, the response reflects that constraint so the UI picker can hide itself. Includes the agent's resolved default provider/model so the picker can render a "(default)" badge next to the right entry. RBAC: requires the same features as the agent itself (typically `ai_assistant.view`). Requires features: ai_assistant.view

Parameters

Name	In	Required	Schema	Description
agentId	path	Yes	any	—

Responses

200Providers and curated models available for the agent picker. Empty `providers` array when `allowRuntimeOverride` is false.

Content-Type: application/json

"string"

404Unknown agent id.

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/ai_assistant/ai/agents/:agentId/models" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/ai_assistant/ai/agents/{agentId}/mutation-policy

Auth requiredai_assistant.view

Read the effective mutationPolicy for an agent — code-declared value plus any tenant override.

Returns `{ agentId, codeDeclared, override }` where `codeDeclared` is the agent's compiled-in `mutationPolicy` and `override` is the persisted tenant-scoped override (or `null`). Requires `ai_assistant.view`. Requires features: ai_assistant.view

Parameters

Name	In	Required	Schema	Description
agentId	path	Yes	any	—

Responses

200Effective mutationPolicy payload.

Content-Type: application/json

"string"

400Invalid agent id.

Content-Type: application/json

"string"

404Unknown agent id.

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/ai_assistant/ai/agents/:agentId/mutation-policy" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/ai_assistant/ai/agents/{agentId}/mutation-policy

Auth requiredai_assistant.settings.manage

Set (or replace) the tenant-scoped mutationPolicy override for this agent.

Body: `{ mutationPolicy: "read-only" | "confirm-required" | "destructive-confirm-required", notes? }`. The override MUST NOT escalate beyond the agent's code-declared policy. Escalation attempts are rejected with 400 + `code: "escalation_not_allowed"`. Requires `ai_assistant.settings.manage`. Requires features: ai_assistant.settings.manage

Parameters

Name	In	Required	Schema	Description
agentId	path	Yes	any	—

Request body (application/json)

{
  "mutationPolicy": "read-only"
}

Responses

200Override persisted.

Content-Type: application/json

"string"

400Invalid agent id, malformed body, or escalation attempt.

Content-Type: application/json

"string"

404Unknown agent id.

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/ai_assistant/ai/agents/:agentId/mutation-policy" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"mutationPolicy\": \"read-only\"
}"

DELETE/ai_assistant/ai/agents/{agentId}/mutation-policy

Auth requiredai_assistant.settings.manage

Remove the tenant-scoped mutationPolicy override for this agent.

Deletes the override row if it exists; subsequent calls fall back to the agent's code-declared policy. Idempotent — returns 200 even when no override exists. Requires `ai_assistant.settings.manage`. Requires features: ai_assistant.settings.manage

Parameters

Name	In	Required	Schema	Description
agentId	path	Yes	any	—

Responses

200Override cleared (or already absent).

Content-Type: application/json

"string"

400Invalid agent id.

Content-Type: application/json

"string"

404Unknown agent id.

Content-Type: application/json

"string"

Example

curl -X DELETE "https://cc.kawalec.pl/ai_assistant/ai/agents/:agentId/mutation-policy" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/ai_assistant/ai/agents/{agentId}/prompt-override

Read the latest prompt-section override for an agent plus recent version history.

Returns `{ agentId, override, versions }` where `override` is the latest persisted row (or `null`) and `versions` is the newest-first history capped at 10 rows. Tenant-scoped; requires `ai_assistant.settings.manage`.

Parameters

Name	In	Required	Schema	Description
agentId	path	Yes	any	—

Responses

200Latest override + recent version history.

Content-Type: application/json

"string"

400Invalid agent id.

Content-Type: application/json

"string"

401Unauthenticated caller.

Content-Type: application/json

"string"

403Caller lacks `ai_assistant.settings.manage`.

Content-Type: application/json

"string"

404Unknown agent id.

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/ai_assistant/ai/agents/:agentId/prompt-override" \
  -H "Accept: application/json"

POST/ai_assistant/ai/agents/{agentId}/prompt-override

Save a new prompt-section override version for the agent.

Persists an additive `{ sections: Record<sectionId, text>, notes? }` override, allocating the next monotonic version for `(tenant, org, agent)`. Reserved policy keys (`mutationPolicy`, `readOnly`, `allowedTools`, `acceptedMediaTypes`) are rejected with 400 / `reserved_key`. Requires `ai_assistant.settings.manage`.

Parameters

Name	In	Required	Schema	Description
agentId	path	Yes	any	—

Request body (application/json)

{}

Responses

200Override persisted. Returns `{ ok: true, version, updatedAt }`.

Content-Type: application/json

"string"

400Invalid agent id, malformed body, or reserved policy key.

Content-Type: application/json

"string"

401Unauthenticated caller.

Content-Type: application/json

"string"

403Caller lacks `ai_assistant.settings.manage`.

Content-Type: application/json

"string"

404Unknown agent id.

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/ai_assistant/ai/agents/:agentId/prompt-override" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{}"

POST/ai_assistant/ai/chat

Auth requiredai_assistant.view

Stream a chat turn for a registered AI agent

Dispatches a chat turn to the focused AI agent identified by `?agent=<module>.<agent>`. Enforces agent-level `requiredFeatures`, tool whitelisting, read-only / mutationPolicy, execution-mode compatibility, and attachment media-type policy. The streaming response body uses an AI SDK-compatible `text/event-stream` transport. Optional `?provider=`, `?model=`, and `?baseUrl=` query params let callers override the resolved provider/model/base-URL for this turn (Phase 4a). Provider must be registered and configured; baseUrl must match `AI_RUNTIME_BASEURL_ALLOWLIST` when set. Both are suppressed when the agent declares `allowRuntimeOverride: false`. Requires features: ai_assistant.view

Parameters

Name	In	Required	Schema	Description
agent	query	Yes	any	—
provider	query	No	any	—
model	query	No	any	—
baseUrl	query	No	any	—
loopBudget	query	No	any	—

Request body (application/json)

{
  "messages": [
    {
      "role": "user",
      "content": "string"
    }
  ]
}

Responses

200Streaming text/event-stream response compatible with AI SDK chat transports.

Content-Type: text/event-stream

string

400Invalid query param, malformed payload, or message count above the cap. Typed codes: `runtime_override_disabled` (agent has allowRuntimeOverride:false), `provider_unknown` (provider id not registered), `provider_not_configured` (provider registered but no API key in env), `baseurl_not_allowlisted` (baseUrl not in AI_RUNTIME_BASEURL_ALLOWLIST).

Content-Type: application/json

"string"

404Unknown agent id.

Content-Type: application/json

"string"

409Agent/tool/execution-mode policy violation.

Content-Type: application/json

"string"

500Internal runtime failure.

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/ai_assistant/ai/chat?agent=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"messages\": [
    {
      \"role\": \"user\",
      \"content\": \"string\"
    }
  ]
}"

POST/ai_assistant/ai/run-object

Auth requiredai_assistant.view

Run an object-mode AI agent and return the generated object

Invokes `runAiAgentObject` server-side for the registered AI agent identified by `agent` (matching "<module>.<agent>"). Enforces the same `requiredFeatures`, tool whitelisting, mutationPolicy, and attachment media-type policy as the chat dispatcher, but additionally requires the agent to declare `executionMode: "object"`. Returns the generated object in a single JSON response (no streaming). Requires features: ai_assistant.view

Request body (application/json)

{
  "agent": "string",
  "messages": [
    {
      "role": "user",
      "content": "string"
    }
  ]
}

Responses

200Object-mode run completed; response body contains `{ object, usage?, finishReason? }`.

Content-Type: application/json

"string"

400Malformed payload or message cap exceeded.

Content-Type: application/json

"string"

404Unknown agent id.

Content-Type: application/json

"string"

409Agent/tool/execution-mode policy violation.

Content-Type: application/json

"string"

422Agent does not support object-mode execution.

Content-Type: application/json

"string"

500Internal runtime failure.

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/ai_assistant/ai/run-object" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"agent\": \"string\",
  \"messages\": [
    {
      \"role\": \"user\",
      \"content\": \"string\"
    }
  ]
}"

POST/ai_assistant/chat

Auth requiredai_assistant.view

Send message to AI agent via SSE stream

Requires features: ai_assistant.view

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/ai_assistant/chat" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/ai_assistant/health

Auth requiredai_assistant.view

Check OpenCode and MCP connection status

Requires features: ai_assistant.view

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/ai_assistant/health" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/ai_assistant/route

Auth requiredai_assistant.view

Route user query to appropriate AI handler

Requires features: ai_assistant.view

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://cc.kawalec.pl/ai_assistant/route" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/ai_assistant/session-key

Auth requiredai_assistant.view

Generate session key

Generates a new session token that can be included in MCP tool calls via the _sessionToken parameter. The token inherits the calling user's roles and organization context. Requires features: ai_assistant.view

Responses

200Session key created successfully

Content-Type: application/json

{
  "sessionToken": "string",
  "expiresAt": "string"
}

500Failed to create session key

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/ai_assistant/session-key" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/ai_assistant/settings

Auth requiredai_assistant.view

Get AI provider configuration

Requires features: ai_assistant.view

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/ai_assistant/settings" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Auth

Showing 1 of 1 endpoints

GET/auth/users/consents

Auth requiredauth.users.edit

List user consents

Returns all consent records for a given user, with integrity verification status. Requires features: auth.users.edit

Parameters

Name	In	Required	Schema	Description
userId	query	Yes	any	—

Responses

200Consent list returned

Content-Type: application/json

"string"

Example

curl -X GET "https://cc.kawalec.pl/auth/users/consents?userId=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Configs

Showing 6 of 6 endpoints

GET/configs/cache

Auth requiredconfigs.cache.view

Get cache statistics

Returns detailed cache statistics including total entries and breakdown by cache segments. Requires cache service to be available. Requires features: configs.cache.view

Responses

200Cache statistics

Content-Type: application/json

{
  "total": 1,
  "segments": {
    "key": 1
  }
}

500Failed to resolve cache stats

Content-Type: application/json

{
  "error": "string"
}

503Cache service unavailable

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/configs/cache" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/configs/cache

Auth requiredconfigs.cache.manage

Purge cache

Purges cache entries. Supports two actions: purgeAll (clears entire cache) or purgeSegment (clears specific segment). Returns updated cache statistics after purge. Requires features: configs.cache.manage

Request body (application/json)

{
  "action": "purgeAll"
}

Responses

200Cache segment cleared successfully

Content-Type: application/json

{
  "action": "purgeSegment",
  "segment": "string",
  "deleted": 1,
  "stats": {
    "total": 1,
    "segments": {
      "key": 1
    }
  }
}

400Invalid request - missing segment identifier for purgeSegment action

Content-Type: application/json

{
  "error": "string"
}

500Failed to purge cache

Content-Type: application/json

{
  "error": "string"
}

503Cache service unavailable

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/configs/cache" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"action\": \"purgeAll\"
}"

GET/configs/system-status

Auth requiredconfigs.system_status.view

Get system health status

Returns comprehensive system health information including environment details, version, resource usage, and service connectivity status. Requires features: configs.system_status.view

Responses

200System status snapshot

Content-Type: application/json

{
  "generatedAt": "string",
  "runtimeMode": "development",
  "categories": [
    {
      "key": "profiling",
      "labelKey": "string",
      "descriptionKey": null,
      "items": [
        {
          "key": "string",
          "category": "profiling",
          "kind": "boolean",
          "labelKey": "string",
          "descriptionKey": "string",
          "docUrl": null,
          "defaultValue": null,
          "state": "enabled",
          "value": null,
          "normalizedValue": null
        }
      ]
    }
  ]
}

500Failed to load system status

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/configs/system-status" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/configs/system-status

Auth requiredconfigs.manage

Clear system cache

Purges the entire cache for the current tenant. Useful for troubleshooting or forcing fresh data loading. Requires features: configs.manage

Responses

200Cache cleared successfully

Content-Type: application/json

{
  "cleared": true
}

500Failed to purge cache

Content-Type: application/json

{
  "error": "string"
}

503Cache service unavailable

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/configs/system-status" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/configs/upgrade-actions

Auth requiredconfigs.manage

List pending upgrade actions

Returns a list of pending upgrade actions for the current version. These are one-time setup tasks that need to be executed after upgrading to a new version. Requires organization and tenant context. Requires features: configs.manage

Responses

200List of pending upgrade actions

Content-Type: application/json

{
  "version": "string",
  "actions": [
    {
      "id": "string",
      "version": "string",
      "message": "string",
      "ctaLabel": "string",
      "successMessage": "string",
      "loadingLabel": "string"
    }
  ]
}

400Missing organization or tenant context

Content-Type: application/json

{
  "error": "string"
}

500Failed to load upgrade actions

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/configs/upgrade-actions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/configs/upgrade-actions

Auth requiredconfigs.manage

Execute upgrade action

Executes a specific upgrade action by ID. Typically used for one-time setup tasks like seeding example data after version upgrade. Returns execution status and localized success message. Requires features: configs.manage

Request body (application/json)

{
  "actionId": "string"
}

Responses

200Upgrade action executed successfully

Content-Type: application/json

{
  "status": "string",
  "message": "string",
  "version": "string"
}

400Invalid request body or missing context

Content-Type: application/json

{
  "error": "string"
}

500Failed to execute upgrade action

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/configs/upgrade-actions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"actionId\": \"string\"
}"

Customers

Showing 20 of 91 endpoints

GET/customers/activities

Auth requiredcustomers.activities.view

List activitys

Returns a paginated collection of activitys scoped to the authenticated organization. Requires features: customers.activities.view

Parameters

Name	In	Required	Schema	Description
page	query	No	any	—
pageSize	query	No	any	—
entityId	query	No	any	—
dealId	query	No	any	—
activityType	query	No	any	—
sortField	query	No	any	—
sortDir	query	No	any	—
ids	query	No	any	Comma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated activitys

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "activityType": "string",
      "subject": null,
      "body": null,
      "occurredAt": null,
      "createdAt": "string",
      "appearanceIcon": null,
      "appearanceColor": null,
      "entityId": null,
      "authorUserId": null,
      "authorName": null,
      "authorEmail": null,
      "dealId": null,
      "dealTitle": null,
      "customValues": null,
      "activityTypeLabel": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://cc.kawalec.pl/customers/activities?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/customers/activities

Auth requiredcustomers.activities.manage

Create activity

DEPRECATED (sunset 2026-06-30): Creates a timeline activity. Use POST /api/customers/interactions instead. Requires features: customers.activities.manage

Request body (application/json)

{
  "entityId": "00000000-0000-4000-8000-000000000000",
  "activityType": "string",
  "phoneNumber": null,
  "appearanceIcon": null,
  "appearanceColor": null
}

Responses

201Activity created

Content-Type: application/json

{
  "id": null
}

Example

curl -X POST "https://cc.kawalec.pl/customers/activities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"00000000-0000-4000-8000-000000000000\",
  \"activityType\": \"string\",
  \"phoneNumber\": null,
  \"appearanceIcon\": null,
  \"appearanceColor\": null
}"

PUT/customers/activities

Auth requiredcustomers.activities.manage

Update activity

DEPRECATED (sunset 2026-06-30): Updates an activity. Use PUT /api/customers/interactions instead. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "phoneNumber": null,
  "appearanceIcon": null,
  "appearanceColor": null
}

Responses

200Activity updated

Content-Type: application/json

{
  "ok": true
}

Example

curl -X PUT "https://cc.kawalec.pl/customers/activities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"phoneNumber\": null,
  \"appearanceIcon\": null,
  \"appearanceColor\": null
}"

DELETE/customers/activities

Auth requiredcustomers.activities.manage

Delete activity

DEPRECATED (sunset 2026-06-30): Deletes an activity. Use DELETE /api/customers/interactions instead. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Activity deleted

Content-Type: application/json

{
  "ok": true
}

Example

curl -X DELETE "https://cc.kawalec.pl/customers/activities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

GET/customers/addresses

Auth requiredcustomers.activities.view

List addresss

Returns a paginated collection of addresss scoped to the authenticated organization. Requires features: customers.activities.view

Parameters

Name	In	Required	Schema	Description
page	query	No	any	—
pageSize	query	No	any	—
entityId	query	No	any	—
sortField	query	No	any	—
sortDir	query	No	any	—
ids	query	No	any	Comma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated addresss

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "entity_id": "00000000-0000-4000-8000-000000000000",
      "name": null,
      "purpose": null,
      "company_name": null,
      "address_line1": null,
      "address_line2": null,
      "building_number": null,
      "flat_number": null,
      "city": null,
      "region": null,
      "postal_code": null,
      "country": null,
      "latitude": null,
      "longitude": null,
      "is_primary": null,
      "organization_id": null,
      "tenant_id": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://cc.kawalec.pl/customers/addresses?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/customers/addresses

Auth requiredcustomers.activities.manage

Create address

Creates a customer address record and associates it with the referenced entity. Requires features: customers.activities.manage

Request body (application/json)

{
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "entityId": "00000000-0000-4000-8000-000000000000",
  "addressLine1": "string"
}

Responses

201Address created

Content-Type: application/json

{
  "id": null
}

Example

curl -X POST "https://cc.kawalec.pl/customers/addresses" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"organizationId\": \"00000000-0000-4000-8000-000000000000\",
  \"tenantId\": \"00000000-0000-4000-8000-000000000000\",
  \"entityId\": \"00000000-0000-4000-8000-000000000000\",
  \"addressLine1\": \"string\"
}"

PUT/customers/addresses

Auth requiredcustomers.activities.manage

Update address

Updates fields on an existing customer address. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Address updated

Content-Type: application/json

{
  "ok": true
}

Example

curl -X PUT "https://cc.kawalec.pl/customers/addresses" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

DELETE/customers/addresses

Auth requiredcustomers.activities.manage

Delete address

Deletes an address by id. The identifier may be included in the body or query. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Address deleted

Content-Type: application/json

{
  "ok": true
}

Example

curl -X DELETE "https://cc.kawalec.pl/customers/addresses" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

GET/customers/assignable-staff

Auth requiredcustomers.roles.view

List staff members that can be assigned from customer flows

Returns active staff members linked to auth users. Access requires either customers.roles.manage or customers.activities.manage. Requires features: customers.roles.view

Parameters

Name	In	Required	Schema	Description
page	query	No	any	—
pageSize	query	No	any	—
search	query	No	any	—

Responses

200Assignable staff members

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "teamMemberId": "00000000-0000-4000-8000-000000000000",
      "userId": "00000000-0000-4000-8000-000000000000",
      "displayName": "string",
      "email": null,
      "teamName": null,
      "user": null,
      "team": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

400Invalid request

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/customers/assignable-staff?page=1&pageSize=24" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/customers/comments

Auth requiredcustomers.activities.view

List comments

Returns a paginated collection of comments scoped to the authenticated organization. Requires features: customers.activities.view

Parameters

Name	In	Required	Schema	Description
page	query	No	any	—
pageSize	query	No	any	—
entityId	query	No	any	—
dealId	query	No	any	—
sortField	query	No	any	—
sortDir	query	No	any	—
ids	query	No	any	Comma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated comments

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "entity_id": null,
      "deal_id": null,
      "body": null,
      "author_user_id": null,
      "appearance_icon": null,
      "appearance_color": null,
      "organization_id": null,
      "tenant_id": null,
      "created_at": null,
      "updated_at": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://cc.kawalec.pl/customers/comments?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/customers/comments

Auth requiredcustomers.activities.manage

Create comment

Adds a comment to a customer timeline. Requires features: customers.activities.manage

Request body (application/json)

{
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "entityId": "00000000-0000-4000-8000-000000000000",
  "body": "string",
  "appearanceIcon": null,
  "appearanceColor": null
}

Responses

201Comment created

Content-Type: application/json

{
  "id": null,
  "authorUserId": null
}

Example

curl -X POST "https://cc.kawalec.pl/customers/comments" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"organizationId\": \"00000000-0000-4000-8000-000000000000\",
  \"tenantId\": \"00000000-0000-4000-8000-000000000000\",
  \"entityId\": \"00000000-0000-4000-8000-000000000000\",
  \"body\": \"string\",
  \"appearanceIcon\": null,
  \"appearanceColor\": null
}"

PUT/customers/comments

Auth requiredcustomers.activities.manage

Update comment

Updates an existing timeline comment. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "appearanceIcon": null,
  "appearanceColor": null
}

Responses

200Comment updated

Content-Type: application/json

{
  "ok": true
}

Example

curl -X PUT "https://cc.kawalec.pl/customers/comments" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"appearanceIcon\": null,
  \"appearanceColor\": null
}"

DELETE/customers/comments

Auth requiredcustomers.activities.manage

Delete comment

Deletes a comment identified by `id` supplied via body or query string. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Comment deleted

Content-Type: application/json

{
  "ok": true
}

Example

curl -X DELETE "https://cc.kawalec.pl/customers/comments" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

GET/customers/companies

Auth requiredcustomers.companies.view

List companies

Returns a paginated collection of companies scoped to the authenticated organization. Requires features: customers.companies.view

Parameters

Name	In	Required	Schema	Description
page	query	No	any	—
pageSize	query	No	any	—
search	query	No	any	—
email	query	No	any	—
emailStartsWith	query	No	any	—
emailContains	query	No	any	—
sortField	query	No	any	—
sortDir	query	No	any	—
status	query	No	any	—
lifecycleStage	query	No	any	—
source	query	No	any	—
hasEmail	query	No	any	—
hasPhone	query	No	any	—
hasNextInteraction	query	No	any	—
createdFrom	query	No	any	—
createdTo	query	No	any	—
id	query	No	any	—
tagIds	query	No	any	—
tagIdsEmpty	query	No	any	—
excludeIds	query	No	any	—
excludeLinkedPersonId	query	No	any	—
excludeLinkedCompanyId	query	No	any	—
excludeLinkedDealId	query	No	any	—
ids	query	No	any	Comma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated companies

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "description": null,
      "owner_user_id": null,
      "primary_email": null,
      "primary_phone": null,
      "status": null,
      "lifecycle_stage": null,
      "source": null,
      "next_interaction_at": null,
      "next_interaction_name": null,
      "next_interaction_ref_id": null,
      "next_interaction_icon": null,
      "next_interaction_color": null,
      "organization_id": null,
      "tenant_id": null,
      "created_at": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://cc.kawalec.pl/customers/companies?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/customers/companies

Auth requiredcustomers.companies.manage

Create company

Creates a company record and associated profile data. Requires features: customers.companies.manage

Request body (application/json)

{
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "displayName": "string",
  "nextInteraction": null
}

Responses

201Company created

Content-Type: application/json

{
  "id": null,
  "companyId": null
}

Example

curl -X POST "https://cc.kawalec.pl/customers/companies" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"organizationId\": \"00000000-0000-4000-8000-000000000000\",
  \"tenantId\": \"00000000-0000-4000-8000-000000000000\",
  \"displayName\": \"string\",
  \"nextInteraction\": null
}"

PUT/customers/companies

Auth requiredcustomers.companies.manage

Update company

Updates company profile fields, tags, or custom attributes. Requires features: customers.companies.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "nextInteraction": null
}

Responses

200Company updated

Content-Type: application/json

{
  "ok": true
}

Example

curl -X PUT "https://cc.kawalec.pl/customers/companies" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"nextInteraction\": null
}"

DELETE/customers/companies

Auth requiredcustomers.companies.manage

Delete company

Deletes a company by id. The identifier can be provided via body or query. Requires features: customers.companies.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Company deleted

Content-Type: application/json

{
  "ok": true
}

422Company has dependent records (people, deals, or direct staff); unlink or reassign before delete.

Content-Type: application/json

{
  "error": "string",
  "code": "COMPANY_HAS_DEPENDENTS"
}

Example

curl -X DELETE "https://cc.kawalec.pl/customers/companies" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

GET/customers/companies/{id}

Auth requiredcustomers.companies.view

Fetch company with related data

Returns a company customer record with optional related resources such as addresses, comments, activities, interactions, deals, todos, and linked people. Requires features: customers.companies.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—
include	query	No	any	Comma-separated list of relations to include (addresses, comments, activities, interactions, deals, todos, people).

Responses

200Company detail payload

Content-Type: application/json

{
  "interactionMode": "canonical",
  "company": {
    "id": "00000000-0000-4000-8000-000000000000",
    "displayName": null,
    "description": null,
    "ownerUserId": null,
    "primaryEmail": null,
    "primaryPhone": null,
    "status": null,
    "lifecycleStage": null,
    "source": null,
    "nextInteractionAt": null,
    "nextInteractionName": null,
    "nextInteractionRefId": null,
    "nextInteractionIcon": null,
    "nextInteractionColor": null,
    "organizationId": null,
    "tenantId": null,
    "createdAt": "string",
    "updatedAt": "string"
  },
  "profile": null,
  "customFields": {},
  "tags": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "label": "string",
      "color": null
    }
  ],
  "addresses": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": null,
      "purpose": null,
      "addressLine1": null,
      "addressLine2": null,
      "buildingNumber": null,
      "flatNumber": null,
      "city": null,
      "region": null,
      "postalCode": null,
      "country": null,
      "latitude": null,
      "longitude": null,
      "isPrimary": null,
      "createdAt": "string"
    }
  ],
  "comments": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "body": null,
      "authorUserId": null,
      "authorName": null,
      "authorEmail": null,
      "dealId": null,
      "createdAt": "string",
      "appearanceIcon": null,
      "appearanceColor": null
    }
  ],
  "activities": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "activityType": "string",
      "subject": null,
      "body": null,
      "occurredAt": null,
      "dealId": null,
      "authorUserId": null,
      "authorName": null,
      "authorEmail": null,
      "createdAt": "string",
      "appearanceIcon": null,
      "appearanceColor": null
    }
  ],
  "interactions": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "entityId": null,
      "interactionType": "string",
      "title": null,
      "body": null,
      "status": "string",
      "scheduledAt": null,
      "occurredAt": null,
      "priority": null,
      "authorUserId": null,
      "ownerUserId": null,
      "dealId": null,
      "organizationId": null,
      "tenantId": null,
      "authorName": null,
      "authorEmail": null,
      "dealTitle": null,
      "customValues": null,
      "appearanceIcon": null,
      "appearanceColor": null,
      "source": null,
      "createdAt": "string",
      "updatedAt": "string"
    }
  ],
  "deals": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "title": null,
      "status": null,
      "pipelineStage": null,
      "valueAmount": null,
      "valueCurrency": null,
      "probability": null,
      "expectedCloseAt": null,
      "ownerUserId": null,
      "source": null,
      "createdAt": "string",
      "updatedAt": "string"
    }
  ],
  "todos": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "todoId": "00000000-0000-4000-8000-000000000000",
      "todoSource": "string",
      "createdAt": "string",
      "createdByUserId": null,
      "title": null,
      "isDone": null,
      "priority": null,
      "severity": null,
      "description": null,
      "dueAt": null,
      "todoOrganizationId": null,
      "customValues": null
    }
  ],
  "people": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "displayName": null,
      "primaryEmail": null,
      "primaryPhone": null,
      "status": null,
      "lifecycleStage": null,
      "jobTitle": null,
      "department": null,
      "createdAt": "string",
      "organizationId": null,
      "source": null,
      "temperature": null,
      "linkedAt": null
    }
  ],
  "viewer": {
    "userId": null,
    "name": null,
    "email": null
  }
}

400Invalid identifier

Content-Type: application/json

{
  "error": "string"
}

404Company not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/customers/companies/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/customers/companies/{id}/people

Auth requiredcustomers.companies.view

List linked people for a company

Requires features: customers.companies.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—
page	query	No	any	—
pageSize	query	No	any	—
search	query	No	any	—
sort	query	No	any	—

Responses

200Paginated linked people

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "displayName": "string",
      "primaryEmail": null,
      "primaryPhone": null,
      "status": null,
      "lifecycleStage": null,
      "jobTitle": null,
      "department": null,
      "createdAt": "string",
      "organizationId": null,
      "temperature": null,
      "source": null,
      "linkedAt": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}

Example

curl -X GET "https://cc.kawalec.pl/customers/companies/:id/people?page=1&pageSize=20&sort=name-asc" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/customers/companies/{id}/roles

Auth requiredcustomers.roles.view

List roles for a company

Requires features: customers.roles.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Role assignments

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "entityType": "company",
      "entityId": "00000000-0000-4000-8000-000000000000",
      "userId": "00000000-0000-4000-8000-000000000000",
      "userName": null,
      "userEmail": null,
      "userPhone": null,
      "roleType": "string",
      "createdAt": "string",
      "updatedAt": "string"
    }
  ]
}

400Invalid request

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/customers/companies/00000000-0000-4000-8000-000000000000/roles" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Dashboards

Showing 9 of 9 endpoints

GET/dashboards/layout

Auth requireddashboards.view

Load the current dashboard layout

Returns the saved widget layout together with the widgets the current user is allowed to place. Requires features: dashboards.view

Responses

200Current dashboard layout and available widgets.

Content-Type: application/json

{
  "layout": {
    "items": [
      {
        "id": "00000000-0000-4000-8000-000000000000",
        "widgetId": "string",
        "order": 1
      }
    ]
  },
  "allowedWidgetIds": [
    "string"
  ],
  "canConfigure": true,
  "context": {
    "userId": "00000000-0000-4000-8000-000000000000",
    "tenantId": null,
    "organizationId": null,
    "userName": null,
    "userEmail": null,
    "userLabel": "string"
  },
  "widgets": [
    {
      "id": "string",
      "title": "string",
      "description": null,
      "defaultSize": "sm",
      "defaultEnabled": true,
      "defaultSettings": null,
      "features": [
        "string"
      ],
      "moduleId": "string",
      "icon": null,
      "loaderKey": "string",
      "supportsRefresh": true
    }
  ]
}

Example

curl -X GET "https://cc.kawalec.pl/dashboards/layout" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/dashboards/layout

Auth requireddashboards.configure

Persist dashboard layout changes

Saves the provided widget ordering, sizes, and settings for the current user. Requires features: dashboards.configure

Request body (application/json)

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "widgetId": "string",
      "order": 1
    }
  ]
}

Responses

200Layout updated successfully.

Content-Type: application/json

{
  "ok": true
}

400Invalid layout payload

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://cc.kawalec.pl/dashboards/layout" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"items\": [
    {
      \"id\": \"00000000-0000-4000-8000-000000000000\",
      \"widgetId\": \"string\",
      \"order\": 1
    }
  ]
}"

PATCH/dashboards/layout/{itemId}

Auth requireddashboards.configure

Update a dashboard layout item

Adjusts the size or settings for a single widget within the dashboard layout. Requires features: dashboards.configure

Parameters

Name	In	Required	Schema	Description
itemId	path	Yes	any	—

Request body (application/json)

{}

Responses

200Layout item updated.

Content-Type: application/json

{
  "ok": true
}

400Invalid payload or missing item id

Content-Type: application/json

{
  "error": "string"
}

404Item not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PATCH "https://cc.kawalec.pl/dashboards/layout/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{}"

GET/dashboards/roles/widgets

Auth requireddashboards.admin.assign-widgets

Fetch widget assignments for a role

Returns the widgets explicitly assigned to the given role together with the evaluation scope. Requires features: dashboards.admin.assign-widgets

Parameters

Name	In	Required	Schema	Description
roleId	query	Yes	any	—
tenantId	query	No	any	—
organizationId	query	No	any	—

Responses

200Current widget configuration for the role.

Content-Type: application/json

{
  "widgetIds": [
    "string"
  ],
  "hasCustom": true,
  "scope": {
    "tenantId": null,
    "organizationId": null
  }
}

400Missing role identifier

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/dashboards/roles/widgets?roleId=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/dashboards/roles/widgets

Auth requireddashboards.admin.assign-widgets

Update widgets assigned to a role

Persists the widget list for a role within the provided tenant and organization scope. Requires features: dashboards.admin.assign-widgets

Request body (application/json)

{
  "roleId": "00000000-0000-4000-8000-000000000000",
  "widgetIds": [
    "string"
  ]
}

Responses

200Widgets updated successfully.

Content-Type: application/json

{
  "ok": true,
  "widgetIds": [
    "string"
  ]
}

400Invalid payload or unknown widgets

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://cc.kawalec.pl/dashboards/roles/widgets" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"roleId\": \"00000000-0000-4000-8000-000000000000\",
  \"widgetIds\": [
    \"string\"
  ]
}"

GET/dashboards/users/widgets

Auth requireddashboards.admin.assign-widgets

Read widget overrides for a user

Returns the widgets inherited and explicitly configured for the requested user within the current scope. Requires features: dashboards.admin.assign-widgets

Parameters

Name	In	Required	Schema	Description
userId	query	Yes	any	—
tenantId	query	No	any	—
organizationId	query	No	any	—

Responses

200Widget settings for the user.

Content-Type: application/json

{
  "mode": "inherit",
  "widgetIds": [
    "string"
  ],
  "hasCustom": true,
  "effectiveWidgetIds": [
    "string"
  ],
  "scope": {
    "tenantId": null,
    "organizationId": null
  }
}

400Missing user identifier

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/dashboards/users/widgets?userId=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/dashboards/users/widgets

Auth requireddashboards.admin.assign-widgets

Update user-specific dashboard widgets

Sets the widget override mode and allowed widgets for a user. Passing `mode: inherit` clears overrides. Requires features: dashboards.admin.assign-widgets

Request body (application/json)

{
  "userId": "00000000-0000-4000-8000-000000000000",
  "mode": "inherit",
  "widgetIds": [
    "string"
  ]
}

Responses

200Overrides saved.

Content-Type: application/json

{
  "ok": true,
  "mode": "inherit",
  "widgetIds": [
    "string"
  ]
}

400Invalid payload or unknown widgets

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://cc.kawalec.pl/dashboards/users/widgets" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"userId\": \"00000000-0000-4000-8000-000000000000\",
  \"mode\": \"inherit\",
  \"widgetIds\": [
    \"string\"
  ]
}"

GET/dashboards/widgets/catalog

Auth requireddashboards.admin.assign-widgets

List available dashboard widgets

Returns the catalog of widgets that modules expose, including defaults and feature requirements. Requires features: dashboards.admin.assign-widgets

Responses

200Widgets available for assignment.

Content-Type: application/json

{
  "items": [
    {
      "id": "string",
      "title": "string",
      "description": null,
      "defaultSize": "sm",
      "defaultEnabled": true,
      "defaultSettings": null,
      "features": [
        "string"
      ],
      "moduleId": "string",
      "icon": null,
      "loaderKey": "string",
      "supportsRefresh": true
    }
  ]
}

Example

curl -X GET "https://cc.kawalec.pl/dashboards/widgets/catalog" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/dashboards/widgets/data

Auth requiredanalytics.view

Fetch aggregated data for dashboard widgets

Executes an aggregation query against the specified entity type and returns the result. Supports date range filtering, grouping, and period-over-period comparison. Requires features: analytics.view

Request body (application/json)

{
  "entityType": "string",
  "metric": {
    "field": "string",
    "aggregate": "count"
  }
}

Responses

200Aggregated data for the widget.

Content-Type: application/json

{
  "value": null,
  "data": [
    {
      "value": null
    }
  ],
  "metadata": {
    "fetchedAt": "string",
    "recordCount": 1
  }
}

400Invalid request payload

Content-Type: application/json

{
  "error": "string"
}

500Internal server error

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/dashboards/widgets/data" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityType\": \"string\",
  \"metric\": {
    \"field\": \"string\",
    \"aggregate\": \"count\"
  }
}"

Dictionaries

Showing 11 of 11 endpoints

GET/dictionaries

Auth requireddictionaries.view

List dictionaries

Returns dictionaries accessible to the current organization, optionally including inactive records. Requires features: dictionaries.view

Parameters

Name	In	Required	Schema	Description
includeInactive	query	No	any	—

Responses

200Dictionary collection.

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "key": "string",
      "name": "string",
      "description": null,
      "isSystem": true,
      "isActive": true,
      "managerVisibility": null,
      "organizationId": null,
      "createdAt": "string",
      "updatedAt": null
    }
  ]
}

500Failed to load dictionaries

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/dictionaries" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/dictionaries

Auth requireddictionaries.manage

Create dictionary

Registers a dictionary scoped to the current organization. Requires features: dictionaries.manage

Request body (application/json)

{
  "key": "string",
  "name": "string"
}

Responses

201Dictionary created.

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "key": "string",
  "name": "string",
  "description": null,
  "isSystem": true,
  "isActive": true,
  "managerVisibility": null,
  "organizationId": null,
  "createdAt": "string",
  "updatedAt": null
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

409Dictionary key already exists

Content-Type: application/json

{
  "error": "string"
}

500Failed to create dictionary

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/dictionaries" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"key\": \"string\",
  \"name\": \"string\"
}"

GET/dictionaries/{dictionaryId}

Auth requireddictionaries.view

Get dictionary

Returns details for the specified dictionary, including inheritance flags. Requires features: dictionaries.view

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Responses

200Dictionary details.

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "key": "string",
  "name": "string",
  "description": null,
  "isSystem": true,
  "isActive": true,
  "managerVisibility": null,
  "organizationId": null,
  "createdAt": "string",
  "updatedAt": null
}

400Invalid parameters

Content-Type: application/json

{
  "error": "string"
}

404Dictionary not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to load dictionary

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/dictionaries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PATCH/dictionaries/{dictionaryId}

Auth requireddictionaries.manage

Update dictionary

Updates mutable attributes of the dictionary. Currency dictionaries are protected from modification. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Request body (application/json)

{}

Responses

200Dictionary updated.

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "key": "string",
  "name": "string",
  "description": null,
  "isSystem": true,
  "isActive": true,
  "managerVisibility": null,
  "organizationId": null,
  "createdAt": "string",
  "updatedAt": null
}

400Validation failed or protected dictionary

Content-Type: application/json

{
  "error": "string"
}

404Dictionary not found

Content-Type: application/json

{
  "error": "string"
}

409Dictionary key already exists

Content-Type: application/json

{
  "error": "string"
}

500Failed to update dictionary

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PATCH "https://cc.kawalec.pl/dictionaries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{}"

DELETE/dictionaries/{dictionaryId}

Auth requireddictionaries.manage

Delete dictionary

Soft deletes the dictionary unless it is the protected currency dictionary. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Responses

200Dictionary archived.

Content-Type: application/json

{
  "ok": true
}

400Protected dictionary cannot be deleted

Content-Type: application/json

{
  "error": "string"
}

404Dictionary not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to delete dictionary

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://cc.kawalec.pl/dictionaries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/dictionaries/{dictionaryId}/entries

Auth requireddictionaries.view

List dictionary entries

Returns entries for the specified dictionary ordered by position. Requires features: dictionaries.view

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Responses

200Dictionary entries.

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "value": "string",
      "label": "string",
      "color": null,
      "icon": null,
      "position": 1,
      "isDefault": true,
      "createdAt": "string",
      "updatedAt": null
    }
  ]
}

400Invalid parameters

Content-Type: application/json

{
  "error": "string"
}

404Dictionary not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to load dictionary entries

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/dictionaries/00000000-0000-4000-8000-000000000000/entries" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/dictionaries/{dictionaryId}/entries

Auth requireddictionaries.manage

Create dictionary entry

Creates a new entry in the specified dictionary. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Request body (application/json)

{
  "value": "string",
  "color": null,
  "icon": null
}

Responses

201Dictionary entry created.

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "value": "string",
  "label": "string",
  "color": null,
  "icon": null,
  "position": 1,
  "isDefault": true,
  "createdAt": "string",
  "updatedAt": null
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

404Dictionary not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to create dictionary entry

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/dictionaries/00000000-0000-4000-8000-000000000000/entries" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"value\": \"string\",
  \"color\": null,
  \"icon\": null
}"

PATCH/dictionaries/{dictionaryId}/entries/{entryId}

Auth requireddictionaries.manage

Update dictionary entry

Updates the specified dictionary entry using the command bus pipeline. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—
entryId	path	Yes	any	—

Request body (application/json)

{
  "color": null,
  "icon": null
}

Responses

200Dictionary entry updated.

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "value": "string",
  "label": "string",
  "color": null,
  "icon": null,
  "position": 1,
  "isDefault": true,
  "createdAt": "string",
  "updatedAt": null
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

404Dictionary or entry not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to update entry

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PATCH "https://cc.kawalec.pl/dictionaries/00000000-0000-4000-8000-000000000000/entries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"color\": null,
  \"icon\": null
}"

DELETE/dictionaries/{dictionaryId}/entries/{entryId}

Auth requireddictionaries.manage

Delete dictionary entry

Deletes the specified dictionary entry via the command bus. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—
entryId	path	Yes	any	—

Responses

200Entry deleted.

Content-Type: application/json

{
  "ok": true
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

404Dictionary or entry not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to delete entry

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://cc.kawalec.pl/dictionaries/00000000-0000-4000-8000-000000000000/entries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/dictionaries/{dictionaryId}/entries/reorder

Auth requireddictionaries.manage

Reorder dictionary entries

Updates the position of dictionary entries for drag-and-drop reordering. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Request body (application/json)

{
  "entries": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "position": 1
    }
  ]
}

Responses

200Entries reordered.

Content-Type: application/json

{
  "ok": true
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

404Dictionary not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to reorder entries

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/dictionaries/00000000-0000-4000-8000-000000000000/entries/reorder" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entries\": [
    {
      \"id\": \"00000000-0000-4000-8000-000000000000\",
      \"position\": 1
    }
  ]
}"

POST/dictionaries/{dictionaryId}/entries/set-default

Auth requireddictionaries.manage

Set default dictionary entry

Marks the specified entry as the default for this dictionary, clearing any previous default. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Request body (application/json)

{
  "entryId": "00000000-0000-4000-8000-000000000000"
}

Responses

200Default entry set.

Content-Type: application/json

{
  "ok": true
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

404Dictionary or entry not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to set default entry

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/dictionaries/00000000-0000-4000-8000-000000000000/entries/set-default" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entryId\": \"00000000-0000-4000-8000-000000000000\"
}"

Entities

Showing 17 of 17 endpoints

GET/entities/definitions

Auth required

List active custom field definitions

Returns active custom field definitions for the supplied entity ids, respecting tenant scope and tombstones.

Parameters

Name	In	Required	Schema	Description
entityId	query	No	any	—
entityIds	query	No	any	—
fieldset	query	No	any	—

Responses

200Definition list

Content-Type: application/json

{
  "items": [
    {
      "key": "string",
      "kind": "string",
      "label": "string",
      "entityId": "string"
    }
  ]
}

400Missing entity id

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/entities/definitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/entities/definitions

Auth requiredentities.definitions.manage

Upsert custom field definition

Creates or updates a custom field definition for the current tenant/org scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "key": "string",
  "kind": "text"
}

Responses

200Definition saved

Content-Type: application/json

{
  "ok": true,
  "item": {
    "id": "00000000-0000-4000-8000-000000000000",
    "key": "string",
    "kind": "string",
    "configJson": {}
  }
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/entities/definitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"key\": \"string\",
  \"kind\": \"text\"
}"

DELETE/entities/definitions

Auth requiredentities.definitions.manage

Soft delete custom field definition

Marks the specified definition inactive and tombstones it for the current scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "key": "string"
}

Responses

200Definition deleted

Content-Type: application/json

{
  "ok": true
}

400Missing entity id or key

Content-Type: application/json

{
  "error": "string"
}

404Definition not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://cc.kawalec.pl/entities/definitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"key\": \"string\"
}"

POST/entities/definitions.batch

Auth requiredentities.definitions.manage

Save multiple custom field definitions

Creates or updates multiple definitions for a single entity in one transaction. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "definitions": [
    {
      "key": "string",
      "kind": "text"
    }
  ]
}

Responses

200Definitions saved

Content-Type: application/json

{
  "ok": true
}

400Validation error

Content-Type: application/json

{
  "error": "string"
}

500Unexpected failure

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/entities/definitions.batch" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"definitions\": [
    {
      \"key\": \"string\",
      \"kind\": \"text\"
    }
  ]
}"

GET/entities/definitions.manage

Auth requiredentities.definitions.manage

Get management snapshot

Returns scoped custom field definitions (including inactive tombstones) for administration interfaces. Requires features: entities.definitions.manage

Parameters

Name	In	Required	Schema	Description
entityId	query	Yes	any	—

Responses

200Scoped definitions and deleted keys

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "key": "string",
      "kind": "string",
      "configJson": null,
      "organizationId": null,
      "tenantId": null
    }
  ],
  "deletedKeys": [
    "string"
  ]
}

400Missing entity id

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/entities/definitions.manage?entityId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/entities/definitions.restore

Auth requiredentities.definitions.manage

Restore definition

Reactivates a previously soft-deleted definition within the current tenant/org scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "key": "string"
}

Responses

200Definition restored

Content-Type: application/json

{
  "ok": true
}

400Missing entity id or key

Content-Type: application/json

{
  "error": "string"
}

404Definition not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/entities/definitions.restore" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"key\": \"string\"
}"

GET/entities/encryption

Auth requiredentities.definitions.manage

Fetch encryption map

Returns the encrypted field map for the current tenant/organization scope. Requires features: entities.definitions.manage

Parameters

Name	In	Required	Schema	Description
entityId	query	Yes	any	—

Responses

200Map

Content-Type: application/json

{
  "entityId": "string",
  "fields": [
    {
      "field": "string",
      "hashField": null
    }
  ]
}

Example

curl -X GET "https://cc.kawalec.pl/entities/encryption?entityId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/entities/encryption

Auth requiredentities.definitions.manage

Upsert encryption map

Creates or updates the encryption map for the current tenant/organization scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "tenantId": null,
  "organizationId": null,
  "fields": [
    {
      "field": "string",
      "hashField": null
    }
  ]
}

Responses

200Saved

Content-Type: application/json

{
  "ok": true
}

Example

curl -X POST "https://cc.kawalec.pl/entities/encryption" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"tenantId\": null,
  \"organizationId\": null,
  \"fields\": [
    {
      \"field\": \"string\",
      \"hashField\": null
    }
  ]
}"

GET/entities/entities

Auth required

List available entities

Returns generated and custom entities scoped to the caller with field counts per entity.

Responses

200List of entities

Content-Type: application/json

{
  "items": [
    {
      "entityId": "string",
      "source": "code",
      "label": "string",
      "count": 1
    }
  ]
}

Example

curl -X GET "https://cc.kawalec.pl/entities/entities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/entities/entities

Auth requiredentities.definitions.manage

Upsert custom entity

Creates or updates a tenant/org scoped custom entity definition. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "label": "string",
  "description": null,
  "showInSidebar": false
}

Responses

200Entity saved

Content-Type: application/json

{
  "ok": true,
  "item": {
    "id": "00000000-0000-4000-8000-000000000000",
    "entityId": "string",
    "label": "string"
  }
}

400Validation error

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/entities/entities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"label\": \"string\",
  \"description\": null,
  \"showInSidebar\": false
}"

DELETE/entities/entities

Auth requiredentities.definitions.manage

Soft delete custom entity

Marks the specified custom entity inactive within the current scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string"
}

Responses

200Entity deleted

Content-Type: application/json

{
  "ok": true
}

400Missing entity id

Content-Type: application/json

{
  "error": "string"
}

404Entity not found in scope

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://cc.kawalec.pl/entities/entities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\"
}"

GET/entities/records

Auth requiredentities.records.view

List records

Returns paginated records for the supplied entity. Supports custom field filters, exports, and soft-delete toggles. Requires features: entities.records.view

Parameters

Name	In	Required	Schema	Description
entityId	query	Yes	any	—
page	query	No	any	—
pageSize	query	No	any	—
sortField	query	No	any	—
sortDir	query	No	any	—
withDeleted	query	No	any	—
format	query	No	any	—
exportScope	query	No	any	—
export_scope	query	No	any	—
all	query	No	any	—
full	query	No	any	—

Responses

200Paginated records

Content-Type: application/json

{
  "items": [
    {}
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}

400Missing entity id

Content-Type: application/json

{
  "error": "string"
}

500Unexpected failure

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/entities/records?entityId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/entities/records

Auth requiredentities.records.manage

Create record

Creates a record for the given entity. When `recordId` is omitted or not a UUID the data engine will generate one automatically. Requires features: entities.records.manage

Request body (application/json)

{
  "entityId": "string",
  "values": {}
}

Responses

200Record created

Content-Type: application/json

{
  "ok": true
}

400Validation failure

Content-Type: application/json

{
  "error": "string"
}

500Unexpected failure

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/entities/records" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"values\": {}
}"

PUT/entities/records

Auth requiredentities.records.manage

Update record

Updates an existing record. If the provided recordId is not a UUID the record will be created instead to support optimistic flows. Requires features: entities.records.manage

Request body (application/json)

{
  "entityId": "string",
  "recordId": "string",
  "values": {}
}

Responses

200Record updated

Content-Type: application/json

{
  "ok": true
}

400Validation failure

Content-Type: application/json

{
  "error": "string"
}

500Unexpected failure

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://cc.kawalec.pl/entities/records" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"recordId\": \"string\",
  \"values\": {}
}"

DELETE/entities/records

Auth requiredentities.records.manage

Delete record

Soft deletes the specified record within the current tenant/org scope. Requires features: entities.records.manage

Request body (application/json)

{
  "entityId": "string",
  "recordId": "string"
}

Responses

200Record deleted

Content-Type: application/json

{
  "ok": true
}

400Missing entity id or record id

Content-Type: application/json

{
  "error": "string"
}

404Record not found

Content-Type: application/json

{
  "error": "string"
}

500Unexpected failure

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://cc.kawalec.pl/entities/records" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"recordId\": \"string\"
}"

GET/entities/relations/options

Auth requiredentities.definitions.view

List relation options

Returns up to 200 option entries for populating relation dropdowns, automatically resolving label fields when omitted. Requires features: entities.definitions.view

Parameters

Name	In	Required	Schema	Description
entityId	query	Yes	any	—
labelField	query	No	any	—
q	query	No	any	—
ids	query	No	any	—
routeContextFields	query	No	any	—

Responses

200Option list

Content-Type: application/json

{
  "items": [
    {
      "value": "string",
      "label": "string"
    }
  ]
}

Example

curl -X GET "https://cc.kawalec.pl/entities/relations/options?entityId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/entities/sidebar-entities

Auth required

Get sidebar entities

Returns custom entities flagged with `showInSidebar` for the current tenant/org scope.

Responses

200Sidebar entities for navigation

Content-Type: application/json

{
  "items": [
    {
      "entityId": "string",
      "label": "string",
      "href": "string"
    }
  ]
}

Example

curl -X GET "https://cc.kawalec.pl/entities/sidebar-entities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Query Index

Showing 3 of 3 endpoints

POST/query_index/purge

Auth requiredquery_index.purge

Purge query index records

Queues a purge job to remove indexed records for an entity type within the active scope. Requires features: query_index.purge

Request body (application/json)

{
  "entityType": "string"
}

Responses

200Purge job accepted.

Content-Type: application/json

{
  "ok": true
}

400Missing entity type

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/query_index/purge" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityType\": \"string\"
}"

POST/query_index/reindex

Auth requiredquery_index.reindex

Trigger query index rebuild

Queues a reindex job for the specified entity type within the current tenant scope. Requires features: query_index.reindex

Request body (application/json)

{
  "entityType": "string"
}

Responses

200Reindex job accepted.

Content-Type: application/json

{
  "ok": true
}

400Missing entity type

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://cc.kawalec.pl/query_index/reindex" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityType\": \"string\"
}"

GET/query_index/status

Auth requiredquery_index.status.view

Inspect query index coverage

Returns entity counts comparing base tables with the query index along with the latest job status. Requires features: query_index.status.view

Responses

200Current query index status.

Content-Type: application/json

{
  "items": [
    {
      "entityId": "string",
      "label": "string",
      "baseCount": null,
      "indexCount": null,
      "vectorCount": null,
      "ok": true,
      "job": {
        "status": "idle",
        "startedAt": null,
        "finishedAt": null,
        "heartbeatAt": null,
        "processedCount": null,
        "totalCount": null,
        "scope": null
      }
    }
  ],
  "errors": [
    {
      "id": "string",
      "source": "string",
      "handler": "string",
      "entityType": null,
      "recordId": null,
      "tenantId": null,
      "organizationId": null,
      "message": "string",
      "stack": null,
      "payload": null,
      "occurredAt": "string"
    }
  ],
  "logs": [
    {
      "id": "string",
      "source": "string",
      "handler": "string",
      "level": "info",
      "entityType": null,
      "recordId": null,
      "tenantId": null,
      "organizationId": null,
      "message": "string",
      "details": null,
      "occurredAt": "string"
    }
  ]
}

400Tenant or organization context required

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://cc.kawalec.pl/query_index/status" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"