EstateOps/ Docs
DashboardPricing

API Reference

EstateOps exposes a set of REST API endpoints for authentication, billing, property management, and administration. All endpoints are served under/api.

Authentication

Authentication is handled via HTTP-only JWT cookies. After login, the session cookie is automatically included in subsequent requests.

POST /api/auth/register

Create a new user account.

{
  "name": "Jane Smith",
  "email": "jane@example.com",
  "password": "securePassword123"
}

Returns { success: true } on success, sets session cookie.

POST /api/auth/login

Authenticate an existing user.

{
  "email": "jane@example.com",
  "password": "securePassword123"
}

Returns { success: true } on success, sets session cookie.

POST /api/auth/logout

Clear the session cookie and log out.

POST /api/auth/reset-password

Request a password reset email.

{
  "email": "jane@example.com"
}

Billing

POST /api/billing/checkout

Create a Stripe Checkout session for a subscription plan.

{
  "plan": "STARTER",
  "interval": "monthly"
}

Returns { url: "https://checkout.stripe.com/..." }

POST /api/billing/portal

Create a Stripe Customer Portal session for managing billing.

Returns { url: "https://billing.stripe.com/..." }

POST /api/billing/webhook

Stripe webhook endpoint. Handles checkout.session.completed,customer.subscription.updated, andcustomer.subscription.deleted events.

Estates

POST /api/estates

Create a new estate/property.

{
  "name": "Kensington Manor",
  "address": "123 Palace Gardens, London",
  "description": "Primary residence"
}

Administration

GET /api/super-admin/stats

Returns platform-wide statistics including user counts, revenue metrics, and subscription tier breakdown. Requires SUPER_ADMIN role.

POST /api/super-admin/gdpr

Execute GDPR compliance actions: Subject Access Request (SAR), data export, erasure, rectification, and breach recording. Requires SUPER_ADMIN role.

Rate Limits

API endpoints are rate-limited to prevent abuse. Authentication endpoints allow 10 requests per minute per IP. Other endpoints allow 60 requests per minute per authenticated user.

Error Responses

All error responses follow this format:

{
  "error": "Human-readable error message"
}

Common HTTP status codes:

  • 400 — Invalid request body or parameters
  • 401 — Authentication required or invalid credentials
  • 403 — Insufficient permissions
  • 404 — Resource not found
  • 500 — Internal server error