API Overview

All API endpoints are implemented as Next.js App Router route handlers located in src/app/api/. Each subdirectory contains a route.ts or route.tsx file that exports named functions for HTTP methods (GET, POST, PUT, DELETE, PATCH).

Authentication

Most API routes authenticate the user by reading the session cookie, which contains a signed JWT. The JWT is verified using one of two methods:

jose.jwtVerify() — Cryptographic verification (used by most submission routes)
getUserIdFromCookies() — Base64 payload decoding (used by some routes for convenience)

Routes that do not require authentication are noted in their documentation.

Response Format

API responses generally follow one of these patterns:

Success:

{
  "status": 200,
  "data": { ... },
  "message": "Operation successful"
}

Error:

{
  "status": 400,
  "error": "Error description"
}

API Categories

The API is organized into the following categories:

Category	Endpoints	Purpose
Authentication	`/api/myUser`, `/api/verify`, login actions	User identity and session management
MOC APIs	`/api/newmoc`, `/api/singlemoc`, `/api/getAllMoc`, etc.	MOC CRUD operations
MOC Submission Pipeline	`/api/submit/originator` through `/api/submit/verifier`	Six-step MOC form submissions
PCR APIs	`/api/pcr`, `/api/allPcr`, `/api/pcr/signatures`, etc.	PCR CRUD and signature management
User Management	`/api/users`, `/api/user`, `/api/UserFromDatabase`	User CRUD and profile management
Utility APIs	`/api/chat`, `/api/proxy`, `/api/auto_reminder`, etc.	Supporting services

Base URL

All endpoints are relative to the application's base URL. In development this is typically http://localhost:3000, and in production it is the configured NEXT_PUBLIC_APP_URL.

Authentication​

Response Format​

API Categories​

Base URL​

Authentication

Response Format

API Categories

Base URL