API Overview

Internal only

This document contains protected Ikamet operational intelligence. Access restricted to Ikamet team via Cloudflare Access.

Base URL

https://api.ikamet.com/api/v1/production/

Modules

Module	Base path	Purpose
CRM	/crm/	Customer management, orders, legacy endpoints
Ops	/ops/	Operational workflows, renewals, tasks, communications

Authentication

All API requests require a Bearer token in the Authorization header:

Authorization: Bearer <token>

Tokens are issued via the auth endpoints and stored as HTTP-only cookies in web applications. See Authentication.

Response format

All endpoints return JSON in the format:

{
  "success": true,
  "data": { ... }
}

On error:

{
  "success": false,
  "message": "Error description"
}

The frontend opsRequest() function automatically unwraps data from the response, so service methods return the data value directly.

ID conventions

All responses use public IDs (cus_xxx, ord_xxx, etc.) for entity references. Internal database integer IDs are never returned in API responses.

The API accepts both public IDs and internal IDs in path parameters for backward compatibility, using the resolver pattern:

const where = id.startsWith('cus_') ? { public_id: id } : { id };

Pagination

Paginated endpoints accept page and limit query parameters and return:

{
  "data": [...],
  "total": 150,
  "page": 1,
  "limit": 50
}

Rate limiting

API requests are rate-limited per IP and per authenticated user. Limits are enforced by Cloudflare WAF. Contact the engineering team for rate limit specifications.

Environment

Environment	Status
Production	api.ikamet.com
Staging	Not yet provisioned
Local dev	localhost:3001 (default)