API Overview
All Parlevel API routes are Next.js Route Handlers under /api. They require authentication via Supabase JWT.
Authentication
Every request must include a valid Supabase access token:
Authorization: Bearer <supabase-access-token>To get the token client-side:
const { data: { session } } = await supabase.auth.getSession()
const token = session?.access_tokenLocation context
RFID endpoints are location-scoped. Pass the active location ID in a header:
x-selected-location: 42If omitted, the first location the authenticated user has access to is used.
Response format
All endpoints return JSON with an ok boolean:
{ "ok": true, "result": { ... } }Errors:
{ "ok": false, "error": "Description of the error" }HTTP status codes:
200— success400— bad request (missing/invalid params)401/403— authentication failure502— relay unreachable or returned an error503— feature disabled (e.g. ingest not enabled)500— unexpected server error
RFID API routes
| Method | Path | Description |
|---|---|---|
GET | /api/rfid/u300/config | Get effective RFID config for the location |
PATCH | /api/rfid/u300/config | Save partial RFID config fields |
POST | /api/rfid/u300/ingest/start | Start RFID ingest |
POST | /api/rfid/u300/ingest/stop | Stop RFID ingest |
POST | /api/rfid/u300/ingest | Receive tag events from the relay (relay → server) |
GET | /api/rfid/u300/antennas/status | Get currently active antenna ports |
POST | /api/rfid/u300/antennas/mask | Set active antenna ports |
GET | /api/rfid/u300/moisture/live | Live fluid levels for all in-range sensor tags |
POST | /api/rfid/u300/buzzer/mute | Mute the U300 buzzer |
POST | /api/rfid/u300/buzzer/unmute | Unmute the U300 buzzer |