Zimi technical overview
Application endpoints
Public map of routes in this build. Dynamic route links use sample values such as example-id. The page documents intent and access controls only; it does not expose credentials or environment values.
Pages
38
API endpoints
40
Admin protected
32
Provider protected
17
Pages
| Endpoint | Methods | Role | Security | Intended use | Source |
|---|---|---|---|---|---|
| / | GET | Public | No login. Public or mock-only surface. | Public marketing/demo entry point. | src/app/page.tsx |
| /[zimiId] | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/[zimiId]/page.tsx |
| /admin | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin overview dashboard. | src/app/admin/page.tsx |
| /admin/ai-usage | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | AI usage and cost overview. | src/app/admin/ai-usage/page.tsx |
| /admin/billing | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Billing and subscription operations. | src/app/admin/billing/page.tsx |
| /admin/compliance | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Compliance flags and moderation review. | src/app/admin/compliance/page.tsx |
| /admin/conversations | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin read-only conversation review. | src/app/admin/conversations/page.tsx |
| /admin/conversations/[id] | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin read-only conversation review. | src/app/admin/conversations/[id]/page.tsx |
| /admin/conversion | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Conversion funnel and signup/drop-off tracking. | src/app/admin/conversion/page.tsx |
| /admin/flags | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Compliance flags and moderation review. | src/app/admin/flags/page.tsx |
| /admin/login | GET | Admin | Public entry point that starts admin Google OAuth. | Admin application page. | src/app/admin/login/page.tsx |
| /admin/messaging | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Messaging channel status and WhatsApp operations. | src/app/admin/messaging/page.tsx |
| /admin/modules | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Module registry, contract, and test operations. | src/app/admin/modules/page.tsx |
| /admin/modules/[id] | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Module registry, contract, and test operations. | src/app/admin/modules/[id]/page.tsx |
| /admin/providers | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Provider list/detail, operations, and provider access management. | src/app/admin/providers/page.tsx |
| /admin/providers/[id] | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Provider list/detail, operations, and provider access management. | src/app/admin/providers/[id]/page.tsx |
| /admin/sellers | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Seller account list and seller PIN management. | src/app/admin/sellers/page.tsx |
| /admin/settings | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Seller accounts, WhatsApp numbers, roles, and system settings. | src/app/admin/settings/page.tsx |
| /chat | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/chat/page.tsx |
| /dashboard | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider dashboard redirect/entry page. | src/app/dashboard/page.tsx |
| /dashboard/account | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider account and sign-out page. | src/app/dashboard/account/page.tsx |
| /dashboard/conversations | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider conversation inbox or thread. | src/app/dashboard/conversations/page.tsx |
| /dashboard/conversations/[id] | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider conversation inbox or thread. | src/app/dashboard/conversations/[id]/page.tsx |
| /dashboard/settings | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider receptionist settings. | src/app/dashboard/settings/page.tsx |
| /dashboard/settings/blocked | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider blocked contact settings. | src/app/dashboard/settings/blocked/page.tsx |
| /dashboard/share | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider share/referral page. | src/app/dashboard/share/page.tsx |
| /dashboard/test | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider protected mock WhatsApp test mode. | src/app/dashboard/test/page.tsx |
| /demo | GET | Public | No login. Public or mock-only surface. | Public marketing/demo entry point. | src/app/demo/page.tsx |
| /help | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/help/page.tsx |
| /info | GET | Public | No authentication. Contains route metadata only. | Public route catalog for operators and developers. | src/app/info/page.tsx |
| /legal | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/legal/page.tsx |
| /login | GET | Public | Credentials are posted to provider login API; PIN is verified server-side. | Provider PIN login page. | src/app/login/page.tsx |
| /mock/whatsapp | GET | Public | No login. Public or mock-only surface. | Public mock WhatsApp customer experience. | src/app/mock/whatsapp/page.tsx |
| /onboarding | GET | Seller | Middleware and server-side seller session check. | Mobile seller onboarding flow for creating providers and QR links. | src/app/onboarding/page.tsx |
| /onboarding/login | GET | Public | No existing session required; credentials posted to login API. | Seller PIN login page. | src/app/onboarding/login/page.tsx |
| /products | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/products/page.tsx |
| /products/custom | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/products/custom/page.tsx |
| /signup | GET | Public | Creates provider business and generated PIN through signup API. | Provider signup flow. | src/app/signup/page.tsx |
API
| Endpoint | Methods | Role | Security | Intended use | Source |
|---|---|---|---|---|---|
| /api/v1/admin/analytics | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin operational analytics endpoint. | src/app/api/v1/admin/analytics/route.ts |
| /api/v1/admin/billing/reminder | POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin billing reminder endpoint. | src/app/api/v1/admin/billing/reminder/route.ts |
| /api/v1/admin/businesses | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin provider list, update, suspend, and reset endpoint. | src/app/api/v1/admin/businesses/route.ts |
| /api/v1/admin/businesses/[id] | PATCH, DELETE | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin provider list, update, suspend, and reset endpoint. | src/app/api/v1/admin/businesses/[id]/route.ts |
| /api/v1/admin/businesses/[id]/pin | GET, PATCH | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin provider PIN reveal/edit/regenerate/disable endpoint. | src/app/api/v1/admin/businesses/[id]/pin/route.ts |
| /api/v1/admin/conversations | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin conversation list/detail endpoint. | src/app/api/v1/admin/conversations/route.ts |
| /api/v1/admin/conversations/[id] | GET, PATCH | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin conversation list/detail endpoint. | src/app/api/v1/admin/conversations/[id]/route.ts |
| /api/v1/admin/conversion | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin conversion funnel endpoint. | src/app/api/v1/admin/conversion/route.ts |
| /api/v1/admin/flags | GET, POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin compliance flag review endpoint. | src/app/api/v1/admin/flags/route.ts |
| /api/v1/admin/flags/[id] | PATCH | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin compliance flag review endpoint. | src/app/api/v1/admin/flags/[id]/route.ts |
| /api/v1/admin/modules/[id] | GET, PATCH | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin module configuration and test endpoint. | src/app/api/v1/admin/modules/[id]/route.ts |
| /api/v1/admin/modules/[id]/test | POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin module configuration and test endpoint. | src/app/api/v1/admin/modules/[id]/test/route.ts |
| /api/v1/admin/sellers | GET, POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin seller account and seller PIN management. | src/app/api/v1/admin/sellers/route.ts |
| /api/v1/admin/sellers/[id] | PATCH | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin seller account and seller PIN management. | src/app/api/v1/admin/sellers/[id]/route.ts |
| /api/v1/admin/whatsapp-numbers | GET, POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin Zimi-managed WhatsApp number registry. | src/app/api/v1/admin/whatsapp-numbers/route.ts |
| /api/v1/admin/whatsapp-numbers/[id] | PATCH | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin Zimi-managed WhatsApp number registry. | src/app/api/v1/admin/whatsapp-numbers/[id]/route.ts |
| /api/v1/businesses/[id] | GET, PATCH | Provider/Admin | Authenticated context required; admin can access all, provider scoped to own business. | Business read/update endpoint. | src/app/api/v1/businesses/[id]/route.ts |
| /api/v1/config | GET, PUT | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Provider receptionist configuration endpoint. | src/app/api/v1/config/route.ts |
| /api/v1/config/blocked | GET, POST, DELETE | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Provider blocked contacts endpoint. | src/app/api/v1/config/blocked/route.ts |
| /api/v1/conversations | GET | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Provider conversation list/detail/status endpoint. | src/app/api/v1/conversations/route.ts |
| /api/v1/conversations/[id] | GET, PATCH | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Provider conversation list/detail/status endpoint. | src/app/api/v1/conversations/[id]/route.ts |
| /api/v1/conversations/[id]/messages | POST | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Send provider manual message in a conversation. | src/app/api/v1/conversations/[id]/messages/route.ts |
| /api/v1/conversations/browser | GET, POST | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Provider conversation list/detail/status endpoint. | src/app/api/v1/conversations/browser/route.ts |
| /api/v1/conversations/mock | GET, POST | Public test | Uses mock/test data and shared routing rules; no production WhatsApp send. | Mock WhatsApp test conversation endpoint. | src/app/api/v1/conversations/mock/route.ts |
| /api/v1/conversations/webhook | POST | Customer channel | Twilio signature validation when live mode is enabled; no user login. | Inbound WhatsApp webhook for customer messages. | src/app/api/v1/conversations/webhook/route.ts |
| /api/v1/demo/message | POST | Public demo | No login. Demo/test session data only. | Public demo session and demo chat message flow. | src/app/api/v1/demo/message/route.ts |
| /api/v1/demo/session | POST | Public demo | No login. Demo/test session data only. | Public demo session and demo chat message flow. | src/app/api/v1/demo/session/route.ts |
| /api/v1/onboarding/context | GET | Seller | Seller HTTP-only PIN session checked server-side. | Seller onboarding context: seller identity, implemented modules, and WhatsApp numbers. | src/app/api/v1/onboarding/context/route.ts |
| /api/v1/onboarding/login | POST | Public | Verifies seller identifier plus 4-digit PIN; returns HTTP-only seller cookie. | Seller onboarding API endpoint. | src/app/api/v1/onboarding/login/route.ts |
| /api/v1/onboarding/logout | POST | Seller | Seller HTTP-only PIN session checked server-side. | Clear seller onboarding session. | src/app/api/v1/onboarding/logout/route.ts |
| /api/v1/onboarding/providers | POST | Seller | Seller HTTP-only PIN session checked server-side. | Create pending provider from seller onboarding and return QR/deep link data. | src/app/api/v1/onboarding/providers/route.ts |
| /api/v1/provider/login | POST | Public | Verifies zimi-id/contact plus 4-digit PIN against salted hash; returns HTTP-only provider cookie. | Provider PIN login and provider session creation. | src/app/api/v1/provider/login/route.ts |
| /api/v1/provider/logout | POST | Provider | Clears provider HTTP-only session cookie. | Provider session logout. | src/app/api/v1/provider/logout/route.ts |
| /api/v1/provider/ui-language | PUT | Provider | Clears provider HTTP-only session cookie. | Provider session logout. | src/app/api/v1/provider/ui-language/route.ts |
| /api/v1/referrals | GET | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Provider share/referral endpoint. | src/app/api/v1/referrals/route.ts |
| /api/v1/signup/complete | POST | Public | Validates zimi-id/module inputs; creates salted PIN hash and HTTP-only provider cookie. | Provider signup completion, business creation, and provider PIN session creation. | src/app/api/v1/signup/complete/route.ts |
| /api/v1/zimi-id/availability | GET | Public | Validates candidate format and checks uniqueness through service role API. | Zimi ID availability validation. | src/app/api/v1/zimi-id/availability/route.ts |
| /auth/callback | GET | Admin/Public | Supabase OAuth for admin; sign-out also clears provider session cookie. | Admin OAuth callback handling. | src/app/auth/callback/route.ts |
| /auth/sign-in | GET | Admin/Public | Supabase OAuth for admin; sign-out also clears provider session cookie. | Admin OAuth sign-in/sign-out helper. | src/app/auth/sign-in/route.ts |
| /auth/sign-out | POST, GET | Admin/Public | Supabase OAuth for admin; sign-out also clears provider session cookie. | Admin OAuth sign-in/sign-out helper. | src/app/auth/sign-out/route.ts |