Common
Base URL depends on deployment (e.g. http://localhost:8787 for local wrangler dev).
All /admin/* routes require POST (unless noted), Content-Type: application/json, encrypted Authorization header, JWT audience snr_dash (admin routes use snr_adm in some docs — verify route middleware).
All /app/* routes use JWT audience snr_usr.
All /pro/* routes use JWT audience snr_pro. The JWT id claim must match second_opinions.doctor_id for rows returned by POST /pro/sops.
| Field | Type | Meaning |
|---|---|---|
status | number | App status code (see below) |
message | string | Human-readable message |
data | object | array | Present on many success responses |
pagination | object | Present on list endpoints |
meta | string | e.g. "warning" on auth failures |
detail | string | Optional; auth error detail when DEBUG=true |
Typical status codes
| HTTP | status field | Meaning |
|---|---|---|
| 200 | 1000 | Success |
| 400 | 1002 | Validation / bad input |
| 401 | 2000 | Unauthorized |
| 404 | 1002 | Resource not found (message describes) |
| 409 | 1002 | Conflict (e.g. duplicate) |
| 500 | 1001 | Server error |