Zimi technical overview
Application endpoints
Public map of routes in this build. Dynamic route links use sample values such as example-id. The page documents intent and access controls only; it does not expose credentials or environment values.
Zimi actua como agente tecnico de mensajeria autorizado por y en nombre del proveedor. El proveedor es el unico responsable de sus comunicaciones con clientes, de obtener opt-in valido para WhatsApp y de cumplir la ley local aplicable.
Pages
112
API endpoints
107
Admin protected
61
Provider protected
20
Pages
| Endpoint | Methods | Role | Security | Intended use | Source |
|---|---|---|---|---|---|
| / | GET | Public | No login. Public surface. | Public marketing/demo entry point. | src/app/page.tsx |
| /[zimiId] | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/[zimiId]/page.tsx |
| /admin | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin overview dashboard. | src/app/admin/page.tsx |
| /admin/ai-usage | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | AI usage and cost overview. | src/app/admin/ai-usage/page.tsx |
| /admin/architecture | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin application page. | src/app/admin/architecture/page.tsx |
| /admin/billing | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Billing and subscription operations. | src/app/admin/billing/page.tsx |
| /admin/compliance | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Compliance flags and moderation review. | src/app/admin/compliance/page.tsx |
| /admin/conversations | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin read-only conversation review. | src/app/admin/conversations/page.tsx |
| /admin/conversations/[id] | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin read-only conversation review. | src/app/admin/conversations/[id]/page.tsx |
| /admin/conversion | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Conversion funnel and signup/drop-off tracking. | src/app/admin/conversion/page.tsx |
| /admin/flags | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Compliance flags and moderation review. | src/app/admin/flags/page.tsx |
| /admin/gdpr/retention-log | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin application page. | src/app/admin/gdpr/retention-log/page.tsx |
| /admin/login | GET | Admin | Public entry point that starts admin Google OAuth. | Admin application page. | src/app/admin/login/page.tsx |
| /admin/messaging | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Messaging channel status and WhatsApp operations. | src/app/admin/messaging/page.tsx |
| /admin/modules | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Module registry, contract, and test operations. | src/app/admin/modules/page.tsx |
| /admin/modules/[id] | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Module registry, contract, and test operations. | src/app/admin/modules/[id]/page.tsx |
| /admin/modules/salon | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Module registry, contract, and test operations. | src/app/admin/modules/salon/page.tsx |
| /admin/modules/salon/bookings | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Module registry, contract, and test operations. | src/app/admin/modules/salon/bookings/page.tsx |
| /admin/modules/salon/providers | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Provider list/detail, operations, and provider access management. | src/app/admin/modules/salon/providers/page.tsx |
| /admin/modules/salon/reminders | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Module registry, contract, and test operations. | src/app/admin/modules/salon/reminders/page.tsx |
| /admin/modules/salon/treatments | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Module registry, contract, and test operations. | src/app/admin/modules/salon/treatments/page.tsx |
| /admin/modules/salon/validation | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Module registry, contract, and test operations. | src/app/admin/modules/salon/validation/page.tsx |
| /admin/providers | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Provider list/detail, operations, and provider access management. | src/app/admin/providers/page.tsx |
| /admin/providers/[id] | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Provider list/detail, operations, and provider access management. | src/app/admin/providers/[id]/page.tsx |
| /admin/sellers | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Seller account list and seller PIN management. | src/app/admin/sellers/page.tsx |
| /admin/settings | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Seller accounts, WhatsApp numbers, roles, and system settings. | src/app/admin/settings/page.tsx |
| /admin/test | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin application page. | src/app/admin/test/page.tsx |
| /admin/test/pwa-lab | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin application page. | src/app/admin/test/pwa-lab/page.tsx |
| /admin/test/runs | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin application page. | src/app/admin/test/runs/page.tsx |
| /admin/test/runs/[id] | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin application page. | src/app/admin/test/runs/[id]/page.tsx |
| /admin/usage-activity | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin application page. | src/app/admin/usage-activity/page.tsx |
| /admin/usage-activity/provider/[businessId] | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin application page. | src/app/admin/usage-activity/provider/[businessId]/page.tsx |
| /admin/usage-events | GET | Admin | Admin Supabase OAuth session and admin role validation in server shell/API. | Admin application page. | src/app/admin/usage-events/page.tsx |
| /app | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/app/page.tsx |
| /chat | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/chat/page.tsx |
| /dashboard | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider dashboard redirect/entry page. | src/app/dashboard/page.tsx |
| /dashboard/account | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider account and sign-out page. | src/app/dashboard/account/page.tsx |
| /dashboard/conversations | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider conversation inbox or thread. | src/app/dashboard/conversations/page.tsx |
| /dashboard/conversations/[id] | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider conversation inbox or thread. | src/app/dashboard/conversations/[id]/page.tsx |
| /dashboard/settings | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider receptionist settings. | src/app/dashboard/settings/page.tsx |
| /dashboard/settings/blocked | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider blocked contact settings. | src/app/dashboard/settings/blocked/page.tsx |
| /dashboard/share | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider share/referral page. | src/app/dashboard/share/page.tsx |
| /dashboard/support | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider dashboard redirect/entry page. | src/app/dashboard/support/page.tsx |
| /dashboard/test | GET | Provider | Provider PIN session or legacy provider Supabase session; middleware and server shell protected. | Provider protected Zimi Chat test mode. | src/app/dashboard/test/page.tsx |
| /demo | GET | Public | No login. Public surface. | Public marketing/demo entry point. | src/app/demo/page.tsx |
| /help | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/help/page.tsx |
| /info | GET | Public | No authentication. Contains route metadata only. | Public route catalog for operators and developers. | src/app/info/page.tsx |
| /legal | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/legal/page.tsx |
| /login | GET | Public | Credentials are posted to provider login API; PIN is verified server-side. | Provider PIN login page. | src/app/login/page.tsx |
| /modules/reception | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/reception/page.tsx |
| /modules/reception/account | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/reception/account/page.tsx |
| /modules/reception/conversations | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/reception/conversations/page.tsx |
| /modules/reception/conversations/[id] | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/reception/conversations/[id]/page.tsx |
| /modules/reception/qr | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/reception/qr/page.tsx |
| /modules/reception/settings | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/reception/settings/page.tsx |
| /modules/reception/settings/[category] | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/reception/settings/[category]/page.tsx |
| /modules/reception/settings/blocked | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/reception/settings/blocked/page.tsx |
| /modules/reception/share | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/reception/share/page.tsx |
| /modules/reception/support | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/reception/support/page.tsx |
| /modules/reception/test | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/reception/test/page.tsx |
| /modules/rental-agency | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/rental-agency/page.tsx |
| /modules/rental-agency/account | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/rental-agency/account/page.tsx |
| /modules/rental-agency/conversations | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/rental-agency/conversations/page.tsx |
| /modules/rental-agency/settings | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/rental-agency/settings/page.tsx |
| /modules/rental-agency/settings/[category] | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/rental-agency/settings/[category]/page.tsx |
| /modules/rental-agency/share | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/rental-agency/share/page.tsx |
| /modules/rental-agency/support | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/rental-agency/support/page.tsx |
| /modules/rental-agency/units | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/rental-agency/units/page.tsx |
| /modules/salon | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/salon/page.tsx |
| /modules/salon/account | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/salon/account/page.tsx |
| /modules/salon/calendar | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/salon/calendar/page.tsx |
| /modules/salon/conversations | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/salon/conversations/page.tsx |
| /modules/salon/conversations/[id] | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/salon/conversations/[id]/page.tsx |
| /modules/salon/qr | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/salon/qr/page.tsx |
| /modules/salon/settings | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/salon/settings/page.tsx |
| /modules/salon/settings/[category] | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/salon/settings/[category]/page.tsx |
| /modules/salon/settings/blocked | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/salon/settings/blocked/page.tsx |
| /modules/salon/share | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/salon/share/page.tsx |
| /modules/salon/support | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/salon/support/page.tsx |
| /modules/salon/test | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/salon/test/page.tsx |
| /modules/sports-booking | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/sports-booking/page.tsx |
| /modules/sports-booking/account | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/sports-booking/account/page.tsx |
| /modules/sports-booking/conversations | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/sports-booking/conversations/page.tsx |
| /modules/sports-booking/qr | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/sports-booking/qr/page.tsx |
| /modules/sports-booking/settings | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/sports-booking/settings/page.tsx |
| /modules/sports-booking/settings/[category] | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/sports-booking/settings/[category]/page.tsx |
| /modules/sports-booking/share | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/sports-booking/share/page.tsx |
| /modules/sports-booking/support | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/sports-booking/support/page.tsx |
| /modules/sports-booking/units | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/sports-booking/units/page.tsx |
| /modules/zimi-courts | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-courts/page.tsx |
| /modules/zimi-courts/account | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-courts/account/page.tsx |
| /modules/zimi-courts/conversations | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-courts/conversations/page.tsx |
| /modules/zimi-courts/qr | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-courts/qr/page.tsx |
| /modules/zimi-courts/settings | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-courts/settings/page.tsx |
| /modules/zimi-courts/settings/[category] | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-courts/settings/[category]/page.tsx |
| /modules/zimi-courts/share | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-courts/share/page.tsx |
| /modules/zimi-courts/support | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-courts/support/page.tsx |
| /modules/zimi-courts/units | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-courts/units/page.tsx |
| /modules/zimi-guest | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-guest/page.tsx |
| /modules/zimi-guest/account | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-guest/account/page.tsx |
| /modules/zimi-guest/conversations | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-guest/conversations/page.tsx |
| /modules/zimi-guest/settings | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-guest/settings/page.tsx |
| /modules/zimi-guest/settings/[category] | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-guest/settings/[category]/page.tsx |
| /modules/zimi-guest/share | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-guest/share/page.tsx |
| /modules/zimi-guest/support | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-guest/support/page.tsx |
| /modules/zimi-guest/units | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/modules/zimi-guest/units/page.tsx |
| /onboarding | GET | Seller | Middleware and server-side seller session check. | Mobile seller onboarding flow for creating providers and QR links. | src/app/onboarding/page.tsx |
| /onboarding/login | GET | Public | No existing session required; credentials posted to login API. | Seller PIN login page. | src/app/onboarding/login/page.tsx |
| /products | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/products/page.tsx |
| /products/custom | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/products/custom/page.tsx |
| /signup | GET | Public | Creates provider business and generated PIN through signup API. | Provider signup flow. | src/app/signup/page.tsx |
| /signup/dpa | GET | Application | Uses route-specific checks in the page/API implementation. | Page route in the Zimi application. | src/app/signup/dpa/page.tsx |
API
| Endpoint | Methods | Role | Security | Intended use | Source |
|---|---|---|---|---|---|
| /api/v1/admin/analytics | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin operational analytics endpoint. | src/app/api/v1/admin/analytics/route.ts |
| /api/v1/admin/billing/reminder | POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin billing reminder endpoint. | src/app/api/v1/admin/billing/reminder/route.ts |
| /api/v1/admin/businesses | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin provider list, update, suspend, and reset endpoint. | src/app/api/v1/admin/businesses/route.ts |
| /api/v1/admin/businesses/[id] | PATCH, DELETE | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin provider list, update, suspend, and reset endpoint. | src/app/api/v1/admin/businesses/[id]/route.ts |
| /api/v1/admin/businesses/[id]/pin | GET, PATCH | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin provider PIN reveal/edit/regenerate/disable endpoint. | src/app/api/v1/admin/businesses/[id]/pin/route.ts |
| /api/v1/admin/businesses/[id]/provider-app | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin provider list, update, suspend, and reset endpoint. | src/app/api/v1/admin/businesses/[id]/provider-app/route.ts |
| /api/v1/admin/conversations | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin conversation list/detail endpoint. | src/app/api/v1/admin/conversations/route.ts |
| /api/v1/admin/conversations/[id] | GET, PATCH | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin conversation list/detail endpoint. | src/app/api/v1/admin/conversations/[id]/route.ts |
| /api/v1/admin/conversion | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin conversion funnel endpoint. | src/app/api/v1/admin/conversion/route.ts |
| /api/v1/admin/customers/[id]/erase | POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin API endpoint. | src/app/api/v1/admin/customers/[id]/erase/route.ts |
| /api/v1/admin/flags | GET, POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin compliance flag review endpoint. | src/app/api/v1/admin/flags/route.ts |
| /api/v1/admin/flags/[id] | PATCH | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin compliance flag review endpoint. | src/app/api/v1/admin/flags/[id]/route.ts |
| /api/v1/admin/gdpr/provider/[id] | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin API endpoint. | src/app/api/v1/admin/gdpr/provider/[id]/route.ts |
| /api/v1/admin/gdpr/retention-log | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin API endpoint. | src/app/api/v1/admin/gdpr/retention-log/route.ts |
| /api/v1/admin/gdpr/summary | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin API endpoint. | src/app/api/v1/admin/gdpr/summary/route.ts |
| /api/v1/admin/modules/[id] | GET, PATCH | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin module configuration and test endpoint. | src/app/api/v1/admin/modules/[id]/route.ts |
| /api/v1/admin/modules/[id]/test | POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin module configuration and test endpoint. | src/app/api/v1/admin/modules/[id]/test/route.ts |
| /api/v1/admin/sellers | GET, POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin seller account and seller PIN management. | src/app/api/v1/admin/sellers/route.ts |
| /api/v1/admin/sellers/[id] | PATCH | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin seller account and seller PIN management. | src/app/api/v1/admin/sellers/[id]/route.ts |
| /api/v1/admin/test/queue | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin API endpoint. | src/app/api/v1/admin/test/queue/route.ts |
| /api/v1/admin/test/run-all | POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin API endpoint. | src/app/api/v1/admin/test/run-all/route.ts |
| /api/v1/admin/test/run-scenario | POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin API endpoint. | src/app/api/v1/admin/test/run-scenario/route.ts |
| /api/v1/admin/test/runs | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin API endpoint. | src/app/api/v1/admin/test/runs/route.ts |
| /api/v1/admin/test/runs/[id] | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin API endpoint. | src/app/api/v1/admin/test/runs/[id]/route.ts |
| /api/v1/admin/test/runs/[id]/cancel | POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin API endpoint. | src/app/api/v1/admin/test/runs/[id]/cancel/route.ts |
| /api/v1/admin/usage-activity | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin API endpoint. | src/app/api/v1/admin/usage-activity/route.ts |
| /api/v1/admin/usage-events | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin API endpoint. | src/app/api/v1/admin/usage-events/route.ts |
| /api/v1/admin/usage-events-retention/summary | GET | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin API endpoint. | src/app/api/v1/admin/usage-events-retention/summary/route.ts |
| /api/v1/admin/whatsapp-numbers | GET, POST | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin Zimi-managed WhatsApp number registry. | src/app/api/v1/admin/whatsapp-numbers/route.ts |
| /api/v1/admin/whatsapp-numbers/[id] | PATCH | Admin | Supabase OAuth session plus admin role checked server-side in the API route. | Admin Zimi-managed WhatsApp number registry. | src/app/api/v1/admin/whatsapp-numbers/[id]/route.ts |
| /api/v1/auth/dpa-accept | POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/auth/dpa-accept/route.ts |
| /api/v1/businesses/[id] | GET, PATCH | Provider/Admin | Authenticated context required; admin can access all, provider scoped to own business. | Business read/update endpoint. | src/app/api/v1/businesses/[id]/route.ts |
| /api/v1/chat/identify | POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/chat/identify/route.ts |
| /api/v1/chat/message | POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/chat/message/route.ts |
| /api/v1/config | GET, PUT | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Provider receptionist configuration endpoint. | src/app/api/v1/config/route.ts |
| /api/v1/config/blocked | GET, POST, DELETE | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Provider blocked contacts endpoint. | src/app/api/v1/config/blocked/route.ts |
| /api/v1/config/provider-image | POST | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Provider receptionist configuration endpoint. | src/app/api/v1/config/provider-image/route.ts |
| /api/v1/conversations | GET | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Provider conversation list/detail/status endpoint. | src/app/api/v1/conversations/route.ts |
| /api/v1/conversations/[id] | GET, PATCH | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Provider conversation list/detail/status endpoint. | src/app/api/v1/conversations/[id]/route.ts |
| /api/v1/conversations/[id]/messages | POST | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Send provider manual message in a conversation. | src/app/api/v1/conversations/[id]/messages/route.ts |
| /api/v1/conversations/browser | GET, POST | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Provider conversation list/detail/status endpoint. | src/app/api/v1/conversations/browser/route.ts |
| /api/v1/conversations/webhook | POST | Customer channel | Twilio signature validation when live mode is enabled; no user login. | Inbound WhatsApp webhook for customer messages. | src/app/api/v1/conversations/webhook/route.ts |
| /api/v1/customer-app/providers/resolve | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/customer-app/providers/resolve/route.ts |
| /api/v1/customer-app/rental-agency | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/customer-app/rental-agency/route.ts |
| /api/v1/customer-app/salon/appointments | POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/customer-app/salon/appointments/route.ts |
| /api/v1/customer-app/salon/appointments/[id] | PATCH, DELETE | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/customer-app/salon/appointments/[id]/route.ts |
| /api/v1/customer-app/salon/day | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/customer-app/salon/day/route.ts |
| /api/v1/customer-app/sports-booking | GET, POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/customer-app/sports-booking/route.ts |
| /api/v1/customer-app/sports-booking/bookings/[id] | PATCH, DELETE | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/customer-app/sports-booking/bookings/[id]/route.ts |
| /api/v1/customer-app/zimi-courts | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/customer-app/zimi-courts/route.ts |
| /api/v1/customer-app/zimi-courts/bookings/[id] | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/customer-app/zimi-courts/bookings/[id]/route.ts |
| /api/v1/customer-app/zimi-guest | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/customer-app/zimi-guest/route.ts |
| /api/v1/customers/[id]/erase | POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/customers/[id]/erase/route.ts |
| /api/v1/demo/message | POST | Public demo | No login. Demo/test session data only. | Public demo session and demo chat message flow. | src/app/api/v1/demo/message/route.ts |
| /api/v1/demo/session | POST | Public demo | No login. Demo/test session data only. | Public demo session and demo chat message flow. | src/app/api/v1/demo/session/route.ts |
| /api/v1/jobs/dialogue-test-runner | GET, POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/jobs/dialogue-test-runner/route.ts |
| /api/v1/jobs/gdpr-retention | GET, POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/jobs/gdpr-retention/route.ts |
| /api/v1/jobs/usage-events-retention | GET, POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/jobs/usage-events-retention/route.ts |
| /api/v1/onboarding/context | GET | Seller | Seller HTTP-only PIN session checked server-side. | Seller onboarding context: seller identity, implemented modules, and WhatsApp numbers. | src/app/api/v1/onboarding/context/route.ts |
| /api/v1/onboarding/login | POST | Public | Verifies seller identifier plus 4-digit PIN; returns HTTP-only seller cookie. | Seller onboarding API endpoint. | src/app/api/v1/onboarding/login/route.ts |
| /api/v1/onboarding/logout | POST | Seller | Seller HTTP-only PIN session checked server-side. | Clear seller onboarding session. | src/app/api/v1/onboarding/logout/route.ts |
| /api/v1/onboarding/providers | POST | Seller | Seller HTTP-only PIN session checked server-side. | Create pending provider from seller onboarding and return QR/deep link data. | src/app/api/v1/onboarding/providers/route.ts |
| /api/v1/provider/login | POST | Public | Verifies zimi-id/contact plus 4-digit PIN against salted hash; returns HTTP-only provider cookie. | Provider PIN login and provider session creation. | src/app/api/v1/provider/login/route.ts |
| /api/v1/provider/logout | POST | Provider | Clears provider HTTP-only session cookie. | Provider session logout. | src/app/api/v1/provider/logout/route.ts |
| /api/v1/provider/support | GET, POST | Provider | Clears provider HTTP-only session cookie. | Provider session logout. | src/app/api/v1/provider/support/route.ts |
| /api/v1/provider/ui-language | PUT | Provider | Clears provider HTTP-only session cookie. | Provider session logout. | src/app/api/v1/provider/ui-language/route.ts |
| /api/v1/referrals | GET | Provider | Provider PIN session or legacy provider Supabase session; scoped to provider business. | Provider share/referral endpoint. | src/app/api/v1/referrals/route.ts |
| /api/v1/rental-agency/settings | GET, POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/rental-agency/settings/route.ts |
| /api/v1/rental-agency/villa-images | POST, DELETE | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/rental-agency/villa-images/route.ts |
| /api/v1/rental-agency/villas | GET, POST, PUT, DELETE | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/rental-agency/villas/route.ts |
| /api/v1/salon/appointments | GET, POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/appointments/route.ts |
| /api/v1/salon/appointments/[id] | PATCH, DELETE | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/appointments/[id]/route.ts |
| /api/v1/salon/appointments/[id]/status | PATCH | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/appointments/[id]/status/route.ts |
| /api/v1/salon/availability | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/availability/route.ts |
| /api/v1/salon/availability-rules | GET, POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/availability-rules/route.ts |
| /api/v1/salon/availability/next-available | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/availability/next-available/route.ts |
| /api/v1/salon/calendar-exceptions | GET, POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/calendar-exceptions/route.ts |
| /api/v1/salon/calendar-exceptions/[id] | PATCH, DELETE | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/calendar-exceptions/[id]/route.ts |
| /api/v1/salon/customers | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/customers/route.ts |
| /api/v1/salon/customers/[id] | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/customers/[id]/route.ts |
| /api/v1/salon/reminders/pending-approval | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/reminders/pending-approval/route.ts |
| /api/v1/salon/staff | GET, POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/staff/route.ts |
| /api/v1/salon/staff/[id] | PATCH, DELETE | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/staff/[id]/route.ts |
| /api/v1/salon/treatments | GET, POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/treatments/route.ts |
| /api/v1/salon/treatments/[id] | PATCH, DELETE | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/salon/treatments/[id]/route.ts |
| /api/v1/signup/complete | POST | Public | Validates zimi-id/module inputs; creates salted PIN hash and HTTP-only provider cookie. | Provider signup completion, business creation, and provider PIN session creation. | src/app/api/v1/signup/complete/route.ts |
| /api/v1/sports-booking/availability-rules | GET, PUT | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/sports-booking/availability-rules/route.ts |
| /api/v1/sports-booking/bookings | POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/sports-booking/bookings/route.ts |
| /api/v1/sports-booking/bookings/[id] | PATCH, DELETE | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/sports-booking/bookings/[id]/route.ts |
| /api/v1/sports-booking/court-image | POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/sports-booking/court-image/route.ts |
| /api/v1/sports-booking/courts | GET, POST, PUT, DELETE | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/sports-booking/courts/route.ts |
| /api/v1/sports-booking/settings | GET, POST | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/sports-booking/settings/route.ts |
| /api/v1/sports-booking/stats | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/sports-booking/stats/route.ts |
| /api/v1/zimi-courts/availability-rules | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/zimi-courts/availability-rules/route.ts |
| /api/v1/zimi-courts/bookings | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/zimi-courts/bookings/route.ts |
| /api/v1/zimi-courts/bookings/[id] | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/zimi-courts/bookings/[id]/route.ts |
| /api/v1/zimi-courts/court-image | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/zimi-courts/court-image/route.ts |
| /api/v1/zimi-courts/courts | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/zimi-courts/courts/route.ts |
| /api/v1/zimi-courts/settings | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/zimi-courts/settings/route.ts |
| /api/v1/zimi-courts/stats | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/zimi-courts/stats/route.ts |
| /api/v1/zimi-guest/settings | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/zimi-guest/settings/route.ts |
| /api/v1/zimi-guest/villa-images | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/zimi-guest/villa-images/route.ts |
| /api/v1/zimi-guest/villas | GET | Application | Uses route-specific checks in the page/API implementation. | API route in the Zimi application. | src/app/api/v1/zimi-guest/villas/route.ts |
| /api/v1/zimi-id/availability | GET | Public | Validates candidate format and checks uniqueness through service role API. | Zimi ID availability validation. | src/app/api/v1/zimi-id/availability/route.ts |
| /auth/callback | GET | Admin/Public | Supabase OAuth for admin; sign-out also clears provider session cookie. | Admin OAuth callback handling. | src/app/auth/callback/route.ts |
| /auth/sign-in | GET | Admin/Public | Supabase OAuth for admin; sign-out also clears provider session cookie. | Admin OAuth sign-in/sign-out helper. | src/app/auth/sign-in/route.ts |
| /auth/sign-out | POST, GET | Admin/Public | Supabase OAuth for admin; sign-out also clears provider session cookie. | Admin OAuth sign-in/sign-out helper. | src/app/auth/sign-out/route.ts |