Routes & APIs
Complete route and API endpoint mapping for the tripplan.ing application.
Public routes
Routes accessible without authentication (some may redirect to auth):
| Route | Method | Purpose | Auth |
|---|---|---|---|
/ | GET | Event homepage — hero, content sections, event details | No |
/schedule | GET | Day-by-day agenda list | No |
/schedule/[id] | GET | Schedule item detail — location, notes, gallery | No |
/rsvp | GET, POST | RSVP form — create new registration | No |
/rsvp/[id] | GET, POST | Edit existing RSVP | No |
/rsvp/[id]/pay | GET | Payment step after RSVP | No |
/pay | GET | Payment page — expense cards and checkout | No |
/pay/success | GET | Post-checkout success landing | No |
/pay/cancel | GET | Post-checkout cancellation landing | No |
/auth | GET, POST | Email OTP sign-in | No |
/request-access | GET, POST | Access request for non-allowed users | No |
Protected routes
Routes requiring a valid session (redirect to /auth if unauthenticated):
| Route | Method | Purpose |
|---|---|---|
/photos | GET | Photo gallery — browse event photos |
/photos/upload | GET, POST | Upload photos to the gallery |
/documents | GET | Document list — download shared files |
/polls | GET | Poll list — view and vote |
/polls/[id] | GET, POST | Individual poll — vote and see results |
/profile | GET | User profile — email, RSVP link, actions |
/rsvp | GET, POST | RSVP form (also in protected list) |
Admin routes
Routes requiring session + email in adminEmails:
| Route | Method | Purpose |
|---|---|---|
/admin | GET | Dashboard overview |
/admin/settings | GET, POST | Event settings management |
/admin/rsvps | GET | RSVP list with status breakdown |
/admin/rsvps/[id] | GET, POST | Edit individual RSVP |
/admin/schedule | GET, POST | Schedule management |
/admin/schedule/new-day | GET, POST | Create schedule day |
/admin/schedule/[dayId]/new-item | GET, POST | Create schedule item |
/admin/schedule/[id] | GET, POST | Edit schedule item |
/admin/announcements | GET | Announcement list |
/admin/announcements/new | GET, POST | Create announcement |
/admin/announcements/[id] | GET, POST | Edit/send announcement |
/admin/payments | GET | Payment dashboard |
/admin/pricing-tiers | GET, POST | Manage pricing tiers |
/admin/pricing-tiers/new | GET, POST | Create pricing tier |
/admin/add-ons | GET, POST | Manage add-ons |
/admin/add-ons/new | GET, POST | Create add-on |
/admin/content | GET, POST | Content section management |
/admin/content/new | GET, POST | Create content section |
/admin/content/[id] | GET, POST | Edit content section |
/admin/documents | GET, POST | Document management |
/admin/documents/new | GET, POST | Upload document |
/admin/photos | GET | Photo moderation |
/admin/polls | GET, POST | Poll management |
/admin/polls/new | GET, POST | Create poll |
/admin/polls/[id] | GET, POST | Edit poll |
/admin/people | GET, POST | People and group management |
/admin/people/new-person | GET, POST | Add person to allowed list |
/admin/people/new-group | GET, POST | Create group |
/admin/custom-fields | GET, POST | Custom field management |
/admin/custom-fields/new | GET, POST | Create custom field |
Platform routes
Routes requiring session + platform operator role:
| Route | Method | Purpose |
|---|---|---|
/platform | GET | Platform dashboard |
/platform/events | GET | Event list |
/platform/events/create | GET, POST | Create new event |
/platform/events/[id] | GET, POST | Event detail and management |
/platform/organizations | GET | Organization list |
/platform/organizations/create | GET, POST | Create organization |
/platform/users | GET | User management |
/platform/audit | GET | Audit log |
API endpoints
| Endpoint | Method | Auth | Purpose |
|---|---|---|---|
/api/stripe/checkout | POST | No | Create Stripe checkout session |
/api/stripe/webhook | POST | Signature | Stripe webhook handler (payment reconciliation) |
/api/photos/upload | POST | Session | Upload photo to R2/filesystem |
/api/photos/[...key] | GET | Session | Serve photo through authenticated proxy |
/api/documents/[...key] | GET | Session + permission | Serve document with access check |
/api/admin/refund | POST | Admin | Process payment refund |
/api/paypal/checkout | POST | No | Create PayPal checkout order |
/api/paypal/rsvp-checkout | POST | Session | Create PayPal checkout for RSVP payment |
/api/paypal/webhook | POST | Signature | PayPal webhook handler (order capture + reconciliation) |
/api/admin/refund | POST | Admin | Process payment refund |
/api/admin/export/rsvps | GET | Admin | Export RSVP data |
/api/admin/export/payments | GET | Admin | Export payment data |
/api/platform/* | Various | Operator | Platform management APIs |
Stripe webhook flow
Stripe → POST /api/stripe/webhook
→ Verify signature (SubtleCryptoProvider)
→ Match checkout session to payment record
→ Update payment status: pending → completed
→ Store payment intent and session IDsPayPal webhook flow
PayPal → POST /api/paypal/webhook
→ Verify webhook signature (global PayPal credentials)
→ CHECKOUT.ORDER.APPROVED → capture order via PayPal API
→ PAYMENT.CAPTURE.COMPLETED → update payment status: pending → completed
→ Store capture ID on payment recordPhoto proxy flow
GET /api/photos/events/{eventId}/{filename}
→ Verify session exists
→ Fetch from R2/filesystem
→ Stream response with correct content-typeDocument proxy flow
GET /api/documents/events/{eventId}/{filename}
→ Verify session exists
→ Check document_permissions (email or group match)
→ Fetch from R2/filesystem
→ Stream response with correct content-typeAuth flow routes
GET /auth → Show sign-in form
POST /auth → Send OTP email
POST /auth/verify → Verify OTP, create session
GET /request-access → Show access request form
POST /request-access → Submit access requestRelated pages
- Data Models — TypeScript interfaces for request/response shapes
- Environment Variables — API keys and webhook secrets
- Troubleshooting — diagnosing route and API issues