> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ai2fin.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API REFERENCE UPDATE

# API Reference Documentation Update

## Summary

Updated the API Reference documentation to reflect the **real, implemented features** from the ai2-core-app codebase. Removed all template content and replaced with production-ready API documentation.

## Changes Made

### 1. **Complete OpenAPI 3.1 Specification** (`openapi.json`)

Created comprehensive OpenAPI specification with:

#### Authentication

* `POST /api/enterprise-auth/register` - User registration (legacy `/api/auth/register` → HTTP 410)
* `POST /api/enterprise-auth/login` - User login with JWT (legacy `/api/auth/login` → HTTP 410)
* `GET /api/auth/me` - Get current user profile

#### Bank Transactions

* `GET /api/bank/transactions` - List transactions with pagination and filtering
* `POST /api/bank/transactions` - Create transaction manually
* `GET /api/bank/transactions/{id}` - Get single transaction
* `PUT /api/bank/transactions/{id}` - Update transaction
* `DELETE /api/bank/transactions/{id}` - Delete transaction
* `POST /api/bank/upload` - CSV import with AI categorization

#### Bills & Recurring Payments

* `GET /api/bills` - List bills with filtering
* `POST /api/bills` - Create bill
* `GET /api/bills/patterns` - List recurring bill patterns
* `POST /api/bills/patterns` - Create bill pattern with auto-occurrence generation

#### Expenses

* `GET /api/expenses` - List expenses with tax deduction info
* Full CRUD operations for expense management

#### AI Services

* `GET /api/ai/classify-transaction` - AI-powered categorization with confidence scores
* Intelligent tax deduction analysis
* Pattern recognition and reasoning

#### Custom Rules & Automation

* `GET /api/custom-rules` - List automation rules
* `POST /api/custom-rules` - Create custom rule
* `POST /api/custom-rules/{id}/execute` - Execute rule manually
* Support for conditions (contains, equals, regex, etc.)
* Actions (set category, tax flags, business %, etc.)

#### Categories

* `GET /api/categories` - List categories with tax settings
* `POST /api/categories` - Create category
* `PUT /api/categories/{id}` - Update category
* `DELETE /api/categories/{id}` - Delete category

#### Analytics & Reports

* `GET /api/analytics/summary` - Financial summaries with trends
* `POST /api/export/ato` - ATO-compliant tax export (CSV/PDF/XLSX)

#### Travel & Vehicles (ATO Compliance)

* `GET/POST /api/vehicles` - Vehicle registration for logbook
* `GET/POST /api/trips` - Business trip tracking

#### Search

* `GET /api/search` - AI-powered unified search across all entities

#### Subscription & Quotas

* `GET /api/subscription/status` - User tier and usage quotas

### 2. **Updated Introduction** (`introduction.mdx`)

Replaced template content with:

* Real authentication examples with JWT
* Quick start guide with actual endpoints
* API features showcase (6 core features)
* Enterprise architecture concepts:
  * Multi-tenant with row-level security
  * Pagination standards
  * Rate limiting by tier
  * Consistent error handling
* Advanced features:
  * Custom rules engine
  * GST/VAT calculations
  * AI-powered features
  * Access control & security
* SDK examples (TypeScript, Python, cURL)
* Performance guarantees (200ms p95, 100K+ concurrent users)

### 3. **Removed Template Files**

Deleted placeholder endpoints:

* `endpoint/create.mdx`
* `endpoint/delete.mdx`
* `endpoint/get.mdx`
* `endpoint/webhook.mdx`
* Removed empty `endpoint/` folder

### 4. **Updated docs.json**

* Added `"openapi": "/api-reference/openapi.json"` to API Reference tab
* Removed placeholder endpoint pages
* Simplified navigation to just "Getting Started" group

## Key Features Documented

### Security & Authentication

✅ JWT Bearer token authentication\
✅ Cookie-based session management\
✅ CSRF protection\
✅ Row-level security (RLS)\
✅ NoSQL injection guards\
✅ Audit logging

### Enterprise Architecture

✅ Multi-tenant with data isolation\
✅ 100K+ concurrent user support\
✅ Advanced rate limiting (per tier)\
✅ Request queue middleware\
✅ Connection pool monitoring\
✅ Memory optimization

### AI & Intelligence

✅ Transaction categorization with confidence scores\
✅ Tax deduction analysis\
✅ Pattern recognition for recurring bills\
✅ Intelligent search with NLP\
✅ Custom rules engine

### Financial Management

✅ CSV import with duplicate detection\
✅ GST/VAT calculations (tax-inclusive/exclusive)\
✅ Recurring bill patterns with auto-generation\
✅ Travel expense tracking (ATO compliance)\
✅ Category management with tax settings

### Compliance & Reporting

✅ ATO-compliant export formats\
✅ Tax deduction tracking\
✅ Audit trail\
✅ GDPR-compliant data handling

## API Authentication

All endpoints (except `/api/enterprise-auth/register` and `/api/enterprise-auth/login`) require authentication via:

1. **Bearer Token** (recommended for API clients)
   ```
   Authorization: Bearer <JWT_TOKEN>
   ```

2. **Session Cookie** (for web applications)
   ```
   Cookie: ai2_sess=<SESSION_TOKEN>
   ```

## Middleware Stack

Documented middleware applied to routes:

* `authenticateToken` - JWT verification
* `withUserProvisioning` - Auto-provision user in DB
* `enforceAccess` - Role-based access control
* `requireSubscription` - Tier-based feature gating
* `nosqlGuard` - Injection protection
* `auditLogger` - Activity logging
* `userLimiter` - Rate limiting

## Response Format

All endpoints return consistent JSON:

**Success:**

```json theme={null}
{
  "success": true,
  "data": { ... },
  "pagination": { ... }
}
```

**Error:**

```json theme={null}
{
  "success": false,
  "error": "Error message",
  "code": "ERROR_CODE"
}
```

## Next Steps

The API reference is now **production-ready** with:

* ✅ Real endpoints from ai2-core-app
* ✅ Accurate request/response schemas
* ✅ Complete authentication documentation
* ✅ Enterprise features highlighted
* ✅ All template content removed

## Testing the API

Use the OpenAPI spec with tools like:

* Postman (import OpenAPI JSON)
* Swagger UI
* Insomnia
* Bruno

OpenAPI spec location: `docs/api-reference/openapi.json`

***

**Last Updated:** October 17, 2025\
**Status:** Complete ✅\
**Platform:** AI2Fin | ai2fin.com
