Backend API Reference

The complete guide to interacting with the SynergyHub backend via REST and WebSockets.

Introduction

API conventions and base URL.

Authentication

Using Firebase JWT for access.

Error Responses

Standard error formats.

WebSocket API

Real-time events and data.

REST API

Core resource endpoints.

Admin API

Platform management endpoints.

1. Introduction

Welcome to the SynergyHub Backend API. This document provides a comprehensive overview of the RESTful endpoints and WebSocket events available for interacting with the platform. The API is designed around domain-specific resources like Users, Source of Truth (SoT), Use Cases, and Prompts.

Base URL: All REST API endpoints are relative to the service's base URL. For production, this is:

https://ai-assistant-api-760853151287.us-central1.run.app

Conventions

2. Authentication

The API uses Firebase ID Tokens (JWT) for authentication. All protected endpoints require a valid token to be passed in the Authorization header.

Header Format:

Authorization: Bearer <YOUR_FIREBASE_ID_TOKEN>

User Context

Upon successful token verification, the backend creates a trusted AuthenticatedUserContext for the duration of the request. This context includes:

Roles

3. Common Error Responses

Errors are returned with a standard JSON structure.

Example 400 Bad Request / Validation Error:

{
  "status": "error",
  "message": "Invalid input data.",
  "details": [
    {
      "loc": ["name"],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}

Example 401 Unauthorized:

{
  "code": "AUTH_INVALID_TOKEN",
  "description": "Token is invalid or revoked: The Firebase ID token has been revoked."
}

Example 403 Forbidden:

{
  "code": "FORBIDDEN",
  "description": "This action requires superadmin privileges."
}

Example 404 Not Found:

{
  "status": "error",
  "message": "Solution not found."
}

4. WebSocket API

The WebSocket API provides real-time, bidirectional communication for features like live transcription and interactive coaching.

Namespace: /general

4.1. Connection & Authentication Flow

  1. Client Connects: The client establishes a WebSocket connection to the /general namespace.
  2. Server Requests Authentication: The server emits a request_authentication event.
  3. Client Authenticates: The client emits an authenticate event with its Firebase ID token.
  4. Server Confirms: The server responds with auth_success or auth_failed. Once successful, the session is considered authenticated.

4.2. Events Emitted by Client

Event Name Payload Description
authenticate {"token": "...", "session_id": "..."} Authenticates the WebSocket session. The session_id is optional.
start_live_assistant {"assistant_use_case_id": "..."} Starts a live assistant session (e.g., real-time translation).
live_assistant_transcript_segment {"transcript": "..."} Sends a segment of user speech to the assistant for processing.
analyze_live_transcript {"use_case_id": "...", "transcript_segment": "..."} Requests real-time analysis of a transcript segment.
stop_live_assistant {} Ends the live assistant session.
start_symptom_checker {"use_case": {...}, "patient_journal_sot_ids": ["..."]} Begins a symptom checker interaction.
symptom_checker_text_segment {"text_segment": "..."} Sends a text segment for symptom analysis.
stop_symptom_checker {} Ends the symptom checker session.
start_transcription {"use_case_id": "..."} Starts a generic real-time transcription stream (non-OpenAI).
audio_chunk {"audio": <BINARY_AUDIO_DATA>} Sends a chunk of audio data for the generic transcription stream.
stop_transcription {} Stops the generic transcription stream.
start_async_transcription {"job_id": "...", "use_case_id": "..."} Starts a real-time transcription job with OpenAI. job_id is a client-generated unique ID.
async_audio_chunk {"job_id": "...", "chunk": <BINARY_AUDIO_DATA>} Sends an audio chunk to the OpenAI transcription job.
stop_async_transcription {"job_id": "..."} Stops the OpenAI transcription job.

4.3. Events Emitted by Server

Event Name Payload Description
request_authentication {"message": "..."} Sent upon connection to prompt the client for a token.
auth_success {"user_id": "...", "session_id": "..."} Confirms successful authentication.
auth_failed {"message": "..."} Indicates authentication failed.
assistant_ready {"message": "..."} Confirms the live assistant is initialized.
assistant_response {"original_transcript": "...", "processed_text": "..."} The live assistant's processed response (e.g., translation).
live_analysis_update {...} The structured result of a live transcript analysis for dynamic UI.
symptom_checker_update {"status": "...", "analysis": {...}} An update from the symptom checker AI.
symptom_checker_finished {...} The final result of the symptom checker session.
final_transcript_update {"transcript": "...", "item_id": "..."} A final transcript segment from the generic ASR service.
intermediate_transcript_update {"transcript": "..."} An intermediate (non-final) transcript segment.
v2v_user_transcript_delta {"transcript": "..."} A delta of the user's speech from the OpenAI transcription service.
async_transcription_completed {"final_transcript": "..."} The full, finalized transcript from the OpenAI job.
error / asr_error {"message": "..."} A generic or ASR-specific error message.

5. REST API Endpoints

5.1. Authentication & User Context

Get User Profile & Context

Endpoint: GET /api/auth/verify

Description: Verifies the user's Firebase token and returns their complete profile and accessible hierarchy (solutions, accounts, groups). This is the primary endpoint to call after a user logs in.

Authentication: User Token Required

Response 200 OK:

{
  "profile": {
    "_id": "6650a3123b4c5d6e7f8a9b0c",
    "firebaseUid": "FIREBASE_UID_HERE",
    "email": "user@example.com",
    "system_role": "user",
    "memberships": [
      {
        "account_id": "6650a3123b4c5d6e7f8a9b0a",
        "solution_id": "6650a3123b4c5d6e7f8a9b0b",
        "unit_id": "6650a3123b4c5d6e7f8a9b0a",
        "unit_type": "account",
        "roles": ["account_admin"]
      }
    ]
  },
  "solutions": [ { "id": "...", "name": "...", "branding": {...} } ],
  "accounts": [ { "id": "...", "name": "...", "user_roles_in_account": ["..."] } ],
  "groups": [ { "id": "...", "name": "...", "account_id": "...", "user_roles_in_group": ["..."] } ],
  "status": "success",
  "message": "Token verified and user profile retrieved."
}

5.2. Conversation Use Cases

Manage the configurations for different types of conversations (e.g., interviews, symptom checkers).

Create a Conversation Use Case

Endpoint: POST /api/conversation-use-cases

Description: Creates a new use case configuration.

Authentication: User Token Required

Request Body:

{
    "name": "Senior Developer Interview",
    "description": "A use case for conducting technical interviews.",
    "use_case_type": "INTERVIEW",
    "v2v_prompt_id": "6650a3123b4c5d6e7f8a9b1a",
    "contextual_analyzer_prompt_id": "6650a3123b4c5d6e7f8a9b1b",
    "sot_ids": ["6650a3123b4c5d6e7f8a9b1c"],
    "ui_template_name": "KEYWORD_BOXES",
    "keywordGroups": [
        {
            "groupName": "Python Experience",
            "keywords": ["Flask", "Django", "AsyncIO"]
        }
    ]
}

Response 201 Created: The full Conversation Use Case object.

List Conversation Use Cases

Endpoint: GET /api/conversation-use-cases

Description: Lists all use cases accessible to the authenticated user.

Authentication: User Token Required

Response 200 OK: An array of Conversation Use Case objects.

(Other standard CRUD endpoints GET /<id>, PUT /<id>, DELETE /<id> are also available.)

5.3. Source of Truth (SoT)

Manage the knowledge base documents that provide context to the AI.

Create a SoT Document

Endpoint: POST /api/sots

Description: Creates a new SoT document. The content field can be any valid JSON object.

Authentication: User Token Required

Request Body:

{
  "title": "Company Onboarding Policy",
  "category": "HR",
  "access_scope": "ACCOUNT",
  "account_id": "6650a3123b4c5d6e7f8a9b0a",
  "content": {
    "policy_version": "1.3",
    "sections": [
      { "title": "First Day", "details": "..." }
    ]
  }
}

Response 201 Created: The full SoT Document object.

List SoT Documents

Endpoint: GET /api/sots

Description: Lists all SoT documents accessible to the user. Supports filtering via query parameters (e.g., ?category=HR).

Authentication: User Token Required

Response 200 OK: An array of SoT Document objects.

(Other standard CRUD endpoints GET /<id>, PUT /<id>, DELETE /<id> are also available.)

5.4. Prompts

Manage the prompt templates that guide the AI's behavior.

Create a Prompt

Endpoint: POST /api/prompts

Description: Creates a new prompt definition.

Authentication: User Token Required

Request Body:

{
  "prompt_id": "summarize-meeting-v1",
  "name": "Summarize Meeting Transcript",
  "description": "Creates a concise summary with action items from a transcript.",
  "category_id": "SOT_UPDATE_SUGGESTIONS",
  "content": "Please summarize the following transcript and list the action items: {{new_transcript_content}}",
  "associated_llm_model_id": "gpt-4.1-mini-2025-04-14",
  "input_parameters": [
    { "name": "new_transcript_content", "required": true }
  ],
  "access_scope": "USER"
}

Response 201 Created: The full Prompt Definition object.

List Prompts

Endpoint: GET /api/prompts

Description: Lists the latest version of all prompts accessible to the user. Supports filtering (e.g., ?category_id=..., ?status=ACTIVE).

Authentication: User Token Required

Response 200 OK: An array of Prompt Definition objects.

(Other standard CRUD endpoints GET /<id>, PUT /<id>, DELETE /<id> are also available.)

5.5. LLM Models

Manage the definitions of available Large Language Models.

List LLM Models

Endpoint: GET /api/llm-models

Description: Lists all available LLM model definitions. Can be filtered by capability (e.g., ?capability=chat).

Authentication: User Token Required

Response 200 OK:

[
  {
    "_id": "6650a3123b4c5d6e7f8a9b2a",
    "model_id": "gpt-4.1-mini-2025-04-14",
    "name": "GPT-4o Mini",
    "provider": "openai",
    "capabilities": ["chat", "reasoning"],
    "status": "active",
    "access_scope": "GLOBAL"
  }
]

Get LLM Model Choices

Endpoint: GET /api/llm-models/choices

Description: Returns a simplified list of models suitable for populating UI dropdowns.

Authentication: User Token Required

Response 200 OK:

[
  {
    "model_id": "gpt-4.1-mini-2025-04-14",
    "name": "GPT-4o Mini",
    "provider": "openai"
  }
]

(Admin-only endpoints for creating, updating, and deleting LLM models also exist but require Superadmin privileges.)

6. Administration API

These endpoints are for platform management and require Superadmin privileges.

Base URL: /admin

Create a Solution

Endpoint: POST /admin/solutions

Description: Creates a top-level solution (e.g., "SynergyHub Medical").

Authentication: Superadmin Token Required

Request Body:

{
  "name": "SynergyHub for Healthcare",
  "description": "A solution tailored for medical professionals."
}

Response 201 Created: The full Solution object.

Create an Account

Endpoint: POST /admin/accounts

Description: Creates a customer account and links it to a solution and account type.

Authentication: Superadmin Token Required

Request Body:

{
  "name": "General Hospital",
  "account_type_id": "6650a3123b4c5d6e7f8a9b3a",
  "primary_solution_id": "6650a3123b4c5d6e7f8a9b0b"
}

Response 201 Created: The full Account object.

Add a User to an Account

Endpoint: POST /admin/accounts/<account_id>/members

Description: Grants a user membership and roles within a specific account.

Authentication: Superadmin Token Required

Request Body:

{
  "user_id": "6650a3123b4c5d6e7f8a9b0c",
  "roles": ["account_admin", "account_member"]
}

Response 200 OK: {"status": "success", "message": "User added to account."}

(This section also includes full CRUD for Solutions, Accounts, Groups, Account Types, Group Types, and managing user memberships in groups.)

6.1. Other Notable Endpoints