API and Mobile
Route Map
Symfony route groups generated from the current application.
Route counts
The Symfony router currently reports 427 routes. The largest route groups are portal controllers and API Platform resources.
| Group | Count | Notes |
|---|---|---|
| Admin portal | 108 | Admin dashboard, users, invitations, clients, configuration, project setup, award matrix, and risk screens. |
| Client portal | 75 | Client dashboard, projects, materials, cost codes, timesheets v1/v2, expenses v1/v2, finance, reports, users, and invitations. |
| Payroll portal | 55 | Payroll dashboard, timesheet review, pay summaries, payslips, expenses, weekly reports, invoices, and Xero submission. |
| API Platform and API v1 | 81 | API Platform generated routes plus invite/project/category/submission APIs. |
| Supervisor portal | 26 | Supervisor projects, approval sheets, timesheet review, code edits, expense review, and notifications. |
| Finance portal | 18 | Finance dashboard, invoices, invoice PDF/export, weekly reports, and invoice approve/reject actions. |
| Electrician portal | 14 | Electrician projects, notifications, timesheets, expenses, and admin helper route. |
| API v2 electrician | 12 | Mobile electrician profile, clients, projects, timesheets, expenses, and distance endpoint. |
| API v2 supervisor | 10 | Mobile supervisor projects, submitted records, approve/reject, cost-code update, and expense resubmit. |
| Debug/test | 8 | Auth and push notification diagnostics. Review exposure before production hardening. |
Mobile v2 endpoints
Electrician endpoints:
GET /api/v2/electrician/me
GET /api/v2/electrician/clients
GET /api/v2/electrician/projects
GET /api/v2/electrician/projects/{id}
POST /api/v2/electrician/projects/{id}/distance
GET /api/v2/electrician/projects/{id}/cost-codes
GET /api/v2/electrician/timesheets
POST /api/v2/electrician/timesheets
POST|PATCH /api/v2/electrician/timesheets/{id}
GET /api/v2/electrician/expenses
POST /api/v2/electrician/expenses
POST|PATCH /api/v2/electrician/expenses/{id}Supervisor endpoints:
GET /api/v2/supervisor/me
GET /api/v2/supervisor/projects
GET /api/v2/supervisor/timesheets
GET /api/v2/supervisor/expenses
POST|PATCH /api/v2/supervisor/timesheets/{id}/approve
POST|PATCH /api/v2/supervisor/timesheets/{id}/reject
POST|PATCH /api/v2/supervisor/timesheets/{id}/cost-codes
POST|PATCH /api/v2/supervisor/expenses/{id}/approve
POST|PATCH /api/v2/supervisor/expenses/{id}/reject
POST|PATCH /api/v2/supervisor/expenses/{id}/resubmitDocumentation endpoints
API documentation routes are public by design:
/api/docs/api/v2/docs/api/v2/docs.json
Production note
Debug and test routes exist in the current router. Any production hardening pass should explicitly review /debug/*, /auth/debug, and /test/* routes and decide whether they should be disabled, IP-restricted, or moved to a non-production environment.