LedgerOS · Phase 5 · Production Integration Blueprint

API Contract Map

Every UI action mapped to an HTTP endpoint, required permission, audit event, and backend status.

LedgerOS UI Design Lab · Phase 5 blueprint — no backend is connected. Every endpoint, permission, and event listed here is a design contract, not a live API.
UI RouteActionMethodEndpointPermissionAudit EventStatus
/invoices/newSave draft invoicePOST/api/invoicesinvoice.createinvoice.createdExists
/invoices/newSend invoicePOST/api/invoices/:id/sendinvoice.sendinvoice.sentExists
/invoices/$idAllocate paymentPOST/api/payments/:id/allocateallocation.createallocation.createdNew
/invoices/$idIssue credit notePOST/api/credit-notescredit_note.createcredit_note.createdExtend
/expenses/listSubmit expensePOST/api/expensesexpense.submitexpense.submittedExists
/expenses/approvalsApprove expensePOST/api/expenses/:id/approveexpense.approveexpense.approvedExists
/expenses/approvalsReject expensePOST/api/expenses/:id/rejectexpense.approveexpense.rejectedExists
/expenses/matchingConfirm matchPOST/api/expenses/:id/matchexpense.matchexpense.matchedNew
/expenses/receiptsIngest receipt (email/upload)POST/api/receiptsreceipt.ingestreceipt.ingestedExtend
/expenses/policiesPublish policy rulePOST/api/policiespolicy.managepolicy.publishedNew
/expenses/pre-spendApprove pre-spend requestPOST/api/pre-spend/:id/approvepre_spend.approvepre_spend.approvedNew
/expenses/recoveryRecover reimbursable → invoice draftPOST/api/recovery/:id/create-invoice-draftinvoice.createrecovery.invoice_draftedNew
/cash-availabilityRefresh allocation bucketsGET/api/cash-availabilitycash.viewcash.viewedNew
/cash-availability/rulesUpdate treatment rulePATCH/api/allocation-rules/:idallocation_rule.manageallocation_rule.updatedNew
/automation/cash-controlsApprove guardrail overridePOST/api/guardrails/:id/overrideguardrail.overrideguardrail.override_approvedNew
/automation/approvalsBulk approve queuePOST/api/approvals/bulkapproval.bulkapprovals.bulk_actionedNew
/automation/collectionsSend collection reminderPOST/api/collections/:id/remindcollections.actcollections.remindedExtend
/automation/payablesSchedule payable batchPOST/api/payables/schedulepayable.schedulepayable.batch_scheduledExtend
/automation/subscription-actionsCancel subscription (task)POST/api/subscriptions/:id/cancel-tasksubscription.actsubscription.cancel_taskNew
/automation/revenue-recoveryAdvance leakage stepPOST/api/recovery/:id/advancerecovery.actrecovery.advancedNew
/automation/bonus-controlsApprove bonus obligationPOST/api/bonuses/:id/approvebonus.approvebonus.approvedNew
/intelligence/leakageVerify leakage opportunityPOST/api/leakage/:id/verifyleakage.verifyleakage.verifiedNew
/intelligence/recommendationsAccept executive recommendationPOST/api/recommendations/:id/acceptrecommendation.acceptrecommendation.acceptedNew
/ledger/journalsPost journal entryPOST/api/journal-entriesjournal.postjournal.postedExists
Contract convention
  • Every mutation must include actor, target_type, target_id, before, after in its audit event.
  • Every non-GET endpoint requires a permission match — no implicit ownership rules.
  • Every write endpoint returns the resulting resource including audit_event_id.
  • Endpoints marked "New" must ship an OpenAPI stub and Postman collection before wiring.