--- title: API Overview description: "Sanctum-authenticated external API endpoints plus public widget and integration routes." --- Review Manager exposes a Sanctum-authenticated JSON API for external systems and a small set of public web/embed integration routes. ## OpenAPI Spec The machine-readable OpenAPI document is linked here: [Download the OpenAPI spec](/api/openapi.json) JamDesk also loads the same spec through `docs/docs.json`, so endpoint pages in this tab can reference operations directly. ## Authentication External JSON API routes under `/api/*` require Laravel Sanctum bearer-token authentication. ```bash curl https://review-manager.test/api/locations \ -H "Accept: application/json" \ -H "Authorization: Bearer $REVIEW_MANAGER_TOKEN" ``` Use `Accept: application/json` on every API request so validation and authentication failures are returned as JSON. ## Endpoint Groups | Group | Routes | Audience | | --- | --- | --- | | Projects | `/api/projects`, `/api/projects/{project}` | External systems creating or reading project records. | | Review requests | `/api/projects/{project}/review-requests` | External systems triggering review outreach for a project. | | Project media | `/api/projects/{project}/media` | External systems attaching project images. | | Tags | `/api/tags`, `/api/tags/{tag}` | External systems managing project tags. | | Read-only resources | `/api/link-clicks`, `/api/locations`, `/api/reviews`, `/api/widgets` | External reporting or sync clients. | | Widgets | `/widget/{widget}`, `/widget/{widget}/embed.js` | Public websites and widget previews. | | Review links | `/go/{hash}` | Customers receiving review request links. | | Google | `/google/redirect`, `/google/callback`, `/google/locations` | Operators connecting Google Business Profile. | ## Response Formats | Route type | Common response | | --- | --- | | JSON API | `application/json` | | Media upload | `multipart/form-data` request, `application/json` response | | Widget render | `text/html` | | Widget embed | `application/javascript` | | Review link | `text/html` | | Google callback | Redirect | | Google locations | `application/json` | Internal Filament, Horizon, Telescope, Livewire, Debugbar, and storage routes are intentionally excluded from this public API reference.