> ## Documentation Index
> Fetch the complete documentation index at: https://docs.timbrix.mx/llms.txt
> Use this file to discover all available pages before exploring further.

# API Reference

> REST API with OAuth2 server for managing organizations, members, and webhooks

## Welcome to Timbrix API

The Timbrix API is a REST API built with NestJS using Feature-Based Clean Architecture and CQRS pattern. It provides endpoints for managing organizations, members, webhooks, OAuth applications, and API keys.

<Card title="OpenAPI Specification" icon="file-code" href="/openapi.json">
  View the complete OpenAPI 3.0 specification
</Card>

## Base URL

All API endpoints are served from:

```
http://localhost:3001/api
```

In production, replace with your production API URL.

## Authentication

The API supports two authentication methods:

### 1. Bearer Token (Supabase Auth)

Used for management endpoints. Include the Supabase access token in the Authorization header:

```bash theme={null}
Authorization: Bearer <supabase_access_token>
```

### 2. API Key

Used for programmatic access. Include your API key in the X-API-Key header:

```bash theme={null}
X-API-Key: sk_...
```

## Architecture

The API follows:

* **Feature-Based Clean Architecture**: Organized by features (organizations, oauth, webhooks, users)
* **CQRS Pattern**: Separates read (queries) and write (commands) operations
* **Domain Events**: Decoupled side effects using event handlers
* **Row-Level Security**: Organization-based multitenancy with PostgreSQL RLS

## Rate Limiting

API requests are rate-limited to prevent abuse. Contact support if you need higher limits.

## Error Responses

The API returns standard HTTP status codes:

| Status | Description                            |
| ------ | -------------------------------------- |
| 200    | Success                                |
| 201    | Created                                |
| 400    | Bad Request - Invalid input            |
| 401    | Unauthorized - Missing or invalid auth |
| 403    | Forbidden - No permission              |
| 404    | Not Found                              |
| 409    | Conflict - Resource already exists     |
| 500    | Internal Server Error                  |

Error responses include a message with details:

```json theme={null}
{
  "statusCode": 400,
  "message": "Validation failed",
  "error": "Bad Request"
}
```

## Next Steps

<CardGroup cols={2}>
  <Card title="Organizations" icon="building" href="/api-reference/organizations/create">
    Manage organizations and their settings
  </Card>

  <Card title="Members" icon="users" href="/api-reference/members/list">
    Invite and manage organization members
  </Card>

  <Card title="Webhooks" icon="webhook" href="/api-reference/webhooks/create">
    Configure webhooks for event notifications
  </Card>

  <Card title="OAuth" icon="lock" href="/api-reference/oauth/token">
    Generate OAuth tokens for API access
  </Card>
</CardGroup>
