📜API Endpoints Overview

This document tracks all active RESTful endpoints in the UDAI API. For detailed request schemas, response codes, and business logic, click on the respective documentation links.

1. 🔐 Authentication APIs

00. 🔐 Access Control

Docs: Access Control Matrix

• Explains the strict 12-module Access Matrix mapping endpoints to users

• Details Context-Based Access Control (CBAC) ownership rules

• Details Role-Based Access Control (RBAC) membership rules (Owner, Admin, Member)

• Maps the 7 different org_type classifications to permissions

01. 🌐 Base URL & Common Responses

Docs: Hostname & Error Codes

• Outlines the primary REST endpoints for STG, UAT, and PROD

• Defines the unified error schema required for all 4xx and 5xx responses

• Maps HTTP status codes used globally across the API

02. 🔑 Authentication Endpoints

Docs: Authentication API

• POST /auth/register — Register a new user and create an associated organisation

• POST /auth/verify/send-otp — Send verification OTP to unverified email/phone

• POST /auth/verify — Verify email/phone using OTP

• POST /auth/login/send-otp — Send OTP for password-less login

• POST /auth/login-password — Authenticate using password

• POST /auth/login-otp — Authenticate using OTP

• POST /auth/logout — Invalidate current access token

• POST /auth/refresh-token — Issue new access token using refresh token

• POST /auth/forgot-password — Send password reset link

• POST /auth/change-password — Change password for authenticated user

03. 👤 User Management Endpoints

Docs: User Management API

Header Required: X-Organization-ID

• GET /users — Get all members of the organisation

• GET /users/{user_uuid} — Get specific member's details

• PUT /users/{user_uuid}/role — Update a member's role

• DELETE /users/{user_uuid} — Set member's org validation status to INACTIVE

• PUT /users/{user_uuid} — Update the authenticated user's own profile

• POST /users/{user_uuid}/pilot-creds — Create or update the user's pilot credentials

• GET /users/{user_uuid}/pilot-creds — Return the user's pilot credentials

04. 🏢 Organisation Endpoints

Docs: Organisation API

• GET /organisations/{org_uuid} — Get current user's organisation details

• PUT /organisations/{org_uuid} — Update organisation details

05. 🤝 Organisation Membership Endpoints

Docs: Membership API

Header Required: X-Organization-ID

• POST /users/invite — Invite one or multiple users to the organisation

• POST /users/invite/accept — Accept or decline a pending invitation

• GET /invitations — Get all invitations sent by the organisation

• GET /invitations/{invitation_uuid} — Get details of a specific invitation

• DELETE /invitations/{invitation_uuid} — Revoke a pending invitation

• DELETE /memberships — Remove active members (soft-delete to INACTIVE)

2. 🚁 Fleet APIs

06. 🚁 Drone Model Endpoints

Docs: Drone Model API

Header Required: X-Organization-ID

• POST /drone-models — Create a new drone model

• GET /drone-models — Get all drone models from manufacturer

• GET /drone-models/{drone_uuid} — Get details of a specific drone model

• PUT /drone-models/{model_uuid} — Update a drone model

• DELETE /drone-models/{drone_uuid} — Update drone model status to INACTIVE

07. 📦 Payload Endpoints

Docs: Payload API

Header Required: X-Organization-ID

• POST /payloads — Register a physical payload

• GET /payloads — Get all payloads owned by organisation

• GET /payloads/{payload_uuid} — Get specific payload details

• PUT /payloads/{payload_uuid} — Update specific payload details

• DELETE /payloads/{payload_uuid} — Remove the payload (soft-delete to INACTIVE)

08. 🚁 Drone Endpoints

Docs: Drone API

Header Required: X-Organization-ID

• POST /drones — Register a single drone into the organisation

• POST /drones/bulk — Register multiple drones in bulk

• GET /drones — Get all drones owned by organisation

• GET /drones/{drone_uuid} — Get specific drone details

• PUT /drones/{drone_uuid} — Update specific drone details

• DELETE /drones/{drone_uuid} — Remove the drone (soft-delete to INACTIVE)

09. 🔄 Drone Ownership Endpoints

Docs: Drone Ownership API

Header Required: X-Organization-ID

• POST /drone-transfer — Initiate a transfer (single or bulk)

• POST /drone-transfers/accept — Accept or reject a pending drone transfer

• GET /drone-transfers — List all transfer requests for org

• GET /drone-transfers/{transfer_uuid} — Get details of a specific transfer

• GET /drone-ownership — List all active/inactive drone ownerships

• GET /drone-ownership/{ownership_uuid} — Get details of a specific ownership record

• DELETE /drone-ownership/{ownership_uuid} — Revoke an active drone ownership

3. 📋 Mission APIs

10. 📋 Mission Endpoints

Docs: Mission API

Header Required: X-Organization-ID

• POST /missions — Create a new mission

• GET /missions — Get all missions

• GET /missions/{mission_uuid} — Get specific mission details

• PUT /missions/{mission_uuid} — Update a mission

• DELETE /missions/{mission_uuid} — Soft delete mission (update status to INACTIVE)

• POST /permissions?parent_type=MISSION&parent_uuid=\{mission_uuid\} — Request access to an airspace segment for this mission

• PUT /permissions/\{permission_uuid\} — Grant or deny access to a specific airspace segment

• POST /flight-plans?mission_uuid=\{mission_uuid\} — Create a flight plan under a mission

• GET /flight-plans?mission_uuid=\{mission_uuid\} — Get all flight plans for a mission

• GET /flight-plans/\{plan_uuid\} — Get specific flight plan details

• PUT /flight-plans/\{plan_uuid\} — Update a flight plan

• POST /permissions?parent_type=FLIGHT_PLAN&parent_uuid=\{plan_uuid\} — Request access to an airspace segment for a flight plan

• PUT /permissions/\{permission_uuid\} — Grant or deny access to a specific airspace segment for flight plan

• GET /flight-plans/log?s — Get combined list of all flight plans

4. 📊 Telemetry APIs

11. 🕒 Flight Sessions and Data

Docs: Flight Sessions API

Header Required: X-Organization-ID

• POST /flight-sessions — Initiate a new flight session (ad-hoc or planned)

• GET /flight-sessions — Get all flight sessions

• GET /flight-sessions/{session_uuid} — Get specific flight session details

• POST /flight-sessions/{session_uuid}/telemetry — Submit Live Telemetry (Placeholder)

12. 🛰️ Airspace Monitoring Management Endpoints

Docs: Airspace Monitoring API

Header Required: X-Organization-ID

• GET /airspace/drones/{drone_uuid} — Get detailed drone information for monitoring

• GET /airspace/drones/{drone_uuid}/plans — Get all flight plans associated with a drone

• GET /airspace/drones/{drone_uuid}/plans/{plan_uuid} — Get details of a specific flight plan for a drone

• POST /airspace/drones/{drone_uuid}/alert — Trigger or log a flight alert or incident

5. 🗺️ Airspace APIs

13. 🗺️ Airspace Zone Endpoints

Docs: Airspace Zone API

• POST /airspaces — Create a new airspace zone

• GET /airspaces — List all airspace zones

• GET /airspaces/{zone_uuid} — Get specific zone details

• PUT /airspaces/{zone_uuid} — Update a zone

14. 🗺️ Airspace Zone Membership Endpoints

Docs: Airspace Zone Memberships API

• POST /airspaces/{zone_uuid}/memberships — Link an org to a zone as Manager/Monitor

• GET /airspaces/{zone_uuid}/memberships — Get all memberships for a specific zone

• GET /airspace-memberships — List all zones an organisation is linked to

• DELETE /airspaces/{zone_uuid}/memberships/{membership_uuid} — Remove an organisation's link (soft-delete to INACTIVE)

15. 🧱 Constraint Engine Endpoints

Docs: Constraint Engine API

• POST /constraints — Create a new spatial constraint

• GET /constraints/{constraint_uuid} — Get specific constraint details

• POST /constraints/intersect — Query constraints by geospatial intersection