LedgerOS · Phase 5 · Production Integration Blueprint
API Contract Map
Every UI action mapped to an HTTP endpoint, required permission, audit event, and backend status.
LedgerOS UI Design Lab · Phase 5 blueprint — no backend is connected. Every endpoint, permission, and event listed here is a design contract, not a live API.
UI RouteActionMethodEndpointPermissionAudit EventStatus
/invoices/newSave draft invoicePOST/api/invoicesinvoice.createinvoice.createdExists/invoices/newSend invoicePOST/api/invoices/:id/sendinvoice.sendinvoice.sentExists/invoices/$idAllocate paymentPOST/api/payments/:id/allocateallocation.createallocation.createdNew/invoices/$idIssue credit notePOST/api/credit-notescredit_note.createcredit_note.createdExtend/expenses/listSubmit expensePOST/api/expensesexpense.submitexpense.submittedExists/expenses/approvalsApprove expensePOST/api/expenses/:id/approveexpense.approveexpense.approvedExists/expenses/approvalsReject expensePOST/api/expenses/:id/rejectexpense.approveexpense.rejectedExists/expenses/matchingConfirm matchPOST/api/expenses/:id/matchexpense.matchexpense.matchedNew/expenses/receiptsIngest receipt (email/upload)POST/api/receiptsreceipt.ingestreceipt.ingestedExtend/expenses/policiesPublish policy rulePOST/api/policiespolicy.managepolicy.publishedNew/expenses/pre-spendApprove pre-spend requestPOST/api/pre-spend/:id/approvepre_spend.approvepre_spend.approvedNew/expenses/recoveryRecover reimbursable → invoice draftPOST/api/recovery/:id/create-invoice-draftinvoice.createrecovery.invoice_draftedNew/cash-availabilityRefresh allocation bucketsGET/api/cash-availabilitycash.viewcash.viewedNew/cash-availability/rulesUpdate treatment rulePATCH/api/allocation-rules/:idallocation_rule.manageallocation_rule.updatedNew/automation/cash-controlsApprove guardrail overridePOST/api/guardrails/:id/overrideguardrail.overrideguardrail.override_approvedNew/automation/approvalsBulk approve queuePOST/api/approvals/bulkapproval.bulkapprovals.bulk_actionedNew/automation/collectionsSend collection reminderPOST/api/collections/:id/remindcollections.actcollections.remindedExtend/automation/payablesSchedule payable batchPOST/api/payables/schedulepayable.schedulepayable.batch_scheduledExtend/automation/subscription-actionsCancel subscription (task)POST/api/subscriptions/:id/cancel-tasksubscription.actsubscription.cancel_taskNew/automation/revenue-recoveryAdvance leakage stepPOST/api/recovery/:id/advancerecovery.actrecovery.advancedNew/automation/bonus-controlsApprove bonus obligationPOST/api/bonuses/:id/approvebonus.approvebonus.approvedNew/intelligence/leakageVerify leakage opportunityPOST/api/leakage/:id/verifyleakage.verifyleakage.verifiedNew/intelligence/recommendationsAccept executive recommendationPOST/api/recommendations/:id/acceptrecommendation.acceptrecommendation.acceptedNew/ledger/journalsPost journal entryPOST/api/journal-entriesjournal.postjournal.postedExistsContract convention
- Every mutation must include actor, target_type, target_id, before, after in its audit event.
- Every non-GET endpoint requires a permission match — no implicit ownership rules.
- Every write endpoint returns the resulting resource including
audit_event_id. - Endpoints marked "New" must ship an OpenAPI stub and Postman collection before wiring.
