Skip to main content
The REST API service provides HTTP endpoints for account management, device registration, language listing, and Twilio video integration for the Sanas Translate platform.

Base URL

Authentication

All /v2/* endpoints require authentication via one of: JWT tokens are issued by Supabase and validated using HS256 (shared secret) or ES256 (JWKS). The aud claim must be authenticated. On authentication failure, the server returns HTTP 401:

Response Format

All v2 endpoints return JSON in a standard envelope. Success (HTTP 200):
Error:
The HTTP status code matches the error type (400, 401, 404, 500, etc.).

Common Headers

Optional headers that some endpoints use for localization:

Endpoints

Health Check

No authentication required. Returns service health status. Response:

Error Codes

Returns the complete error code catalog for client-side error handling. Response:
Error code ranges:

Languages

Returns the available language list with names localized to the x-lang header value. Supports both GET and POST. Request headers: Response:
Cache headers:
  • Cache-Control: public, max-age=86400, stale-while-revalidate=3600
  • Vary: x-lang, Accept-Encoding
CloudFront caches one entry per x-lang value. First request per locale hits origin; subsequent requests are served from edge cache.

Languages (Mobile)

Returns the language list enriched with mobile-specific fields (listening_text, ready_text). Response:
Same cache headers as the standard languages endpoint.

Device Registration

Registers or updates a mobile device for push notifications. Request body:
Response:

Device Deactivation

Deactivates a registered mobile device. Request body:
Response:

Twilio Video Token

Creates a Twilio access token for joining a video room. Verifies the room exists and is in-progress before issuing the token. Request body:
Response:
Errors:
  • 404 (code 2102): Room not found or not in-progress
  • 500 (code 2100): Token creation failure

Twilio Video Room

Creates a new Twilio video room. No request body required. Response:
Room properties:
  • Type: group
  • Max participants: 2
  • Max participant duration: 3600 seconds
  • Unused room timeout: 1 minute

Account: Opt In

Opts the authenticated user in to data sharing. No request body required. Response:

Account: Opt Out

Opts the authenticated user out of data sharing. No request body required. Response:

Account: Check Opted Out

Returns the user’s current data sharing opt-out status. No request body required. Response:

Account: Query

Returns the authenticated user’s account details. No request body required. Response:

Account: Update Privacy Agreed

Updates the authenticated user’s privacy agreement status. Request body:
Response:

Account: Update Onboarding

Marks onboarding as finished and sets the user’s preferred language. Request body:
Response:

Account: Delete

Permanently deletes the authenticated user’s account and associated data. This includes:
  1. Supabase auth user deletion
  2. PostHog person cleanup (best-effort)
  3. S3 file cleanup (best-effort)
Cleanup failures for PostHog and S3 are logged but do not cause the request to fail. Response:
Errors:
  • 404 (code 2204): User not found in Supabase auth
  • 500 (code 2203): Deletion failure

Service Configuration

The API service is configured via environment variables. See services/api/AGENTS.md for the complete list. Key variables:
  • SUPABASE_URL, SUPABASE_JWT_SECRET, SUPABASE_SERVICE_ROLE_KEY for Supabase integration
  • TWILIO_ACCOUNT_SID, TWILIO_API_KEY, TWILIO_API_SECRET for Twilio video
  • GATEWAY_API_KEYS for API key authentication
  • LANGUAGES_CONFIG_PATH for language list configuration