API Overview

Review Manager exposes a Sanctum-authenticated JSON API for external systems and a small set of public web/embed integration routes.

OpenAPI Spec

The machine-readable OpenAPI document is linked here:

JamDesk also loads the same spec through docs/docs.json, so endpoint pages in this tab can reference operations directly.

External JSON API routes under /api/* require Laravel Sanctum bearer-token authentication.

curl https://review-manager.test/api/locations \
  -H "Accept: application/json" \
  -H "Authorization: Bearer $REVIEW_MANAGER_TOKEN"

Use Accept: application/json on every API request so validation and authentication failures are returned as JSON.

Group	Routes	Audience
Projects	`/api/projects`, `/api/projects/{project}`	External systems creating or reading project records.
Review requests	`/api/projects/{project}/review-requests`	External systems triggering review outreach for a project.
Project media	`/api/projects/{project}/media`	External systems attaching project images.
Tags	`/api/tags`, `/api/tags/{tag}`	External systems managing project tags.
Read-only resources	`/api/link-clicks`, `/api/locations`, `/api/reviews`, `/api/widgets`	External reporting or sync clients.
Widgets	`/widget/{widget}`, `/widget/{widget}/embed.js`	Public websites and widget previews.
Review links	`/go/{hash}`	Customers receiving review request links.
Google	`/google/redirect`, `/google/callback`, `/google/locations`	Operators connecting Google Business Profile.

Route type	Common response
JSON API	`application/json`
Media upload	`multipart/form-data` request, `application/json` response
Widget render	`text/html`
Widget embed	`application/javascript`
Review link	`text/html`
Google callback	Redirect
Google locations	`application/json`

Internal Filament, Horizon, Telescope, Livewire, Debugbar, and storage routes are intentionally excluded from this public API reference.