Skip to main content

API Conventions

Last reviewed: 2026-05-13
Maintained by: Engineering

This page summarizes a few stable API conventions visible in the current codebase.

Current conventions

input validation is handled close to the route layer
business rules live in feature services
role, tenant, and organization scope checks must be enforced by the API
shared client contracts should stay aligned with packages/api-client

Key source areas

routes: apps/api/src/routes
feature services: apps/api/src/features
typed client contracts: packages/api-client/src/index.ts
environment validation: apps/api/src/config/env.ts

Current conventions
Key source areas