AgriRomagna exposes ~50 REST endpoints through Next.js App Router API routes. All endpoints return JSON. Protected endpoints require a JWT Bearer token or access_token cookie.
- Authentication
- Common Response Formats
- Endpoints by Domain
- Auth
- Health
- Fields
- Compliance
- Traceability
- IoT & Sensors
- Weather
- Supply Chain
- Marketplace
- Financial
- Carbon & Sustainability
- Water Management
- Yield Prediction
- Pest Warning
- Governance
- Benchmarking
- AI Advisor
- Intelligence & Events
- Anomaly Detection
- Knowledge Graph
- Compliance Chain
- Federation
- Interoperability
- Routes & Logistics
- Mobile
- Data Marketplace
- RBAC
- Onboarding
- Analytics
- Test Harness
- Moonshots
- Insights
All protected endpoints require one of:
- Authorization header:
Authorization: Bearer <access_token> - Cookie:
access_token=<token>
Tokens are obtained via POST /api/auth (login action).
{
"accessToken": "eyJhbGciOiJIUzI1...",
"refreshToken": "eyJhbGciOiJIUzI1...",
"expiresIn": 900
}| Token | Expiry | Purpose |
|---|---|---|
| Access Token | 15 min | API authentication |
| Refresh Token | 7 days | Token renewal |
{
"data": { ... },
"meta": { "count": 10 }
}{
"type": "https://agriromagna.it/problems/errore-di-validazione",
"title": "Errore di validazione",
"status": 400,
"detail": "I dati forniti non sono validi.",
"errors": {
"email": ["Email non valida"],
"password": ["Password troppo corta (min 6 caratteri)"]
}
}| Code | Meaning |
|---|---|
| 200 | Success |
| 201 | Created |
| 400 | Validation error / Bad request |
| 401 | Authentication required |
| 403 | Insufficient permissions |
| 404 | Resource not found |
| 500 | Internal server error |
Public — no token required.
Returns the currently authenticated user from the request token.
Response:
{
"user": {
"id": "cuid...",
"email": "admin@example.com",
"name": "Admin User",
"role": "cooperative_admin",
"cooperativeId": "cuid...",
"farmId": null
}
}Multiplexed auth endpoint. Behavior depends on the action field:
Login (action: "login" or omitted):
// Request
{ "email": "admin@example.com", "password": "password123" }
// Response (200)
{
"success": true,
"user": { ... },
"tokens": { "accessToken": "...", "refreshToken": "...", "expiresIn": 900 }
}Register (action: "register"):
// Request
{
"action": "register",
"email": "new@example.com",
"password": "securepass",
"name": "New User",
"role": "viewer",
"cooperativeId": "optional",
"phone": "optional"
}
// Response (201)
{ "success": true, "user": { ... } }Refresh (action: "refresh"):
// Request
{ "action": "refresh", "refreshToken": "eyJhbGci..." }
// Response (200)
{ "success": true, "tokens": { ... } }Public — no token required.
System health check. Used by Docker healthcheck.
Response:
{ "status": "ok", "database": "connected", "timestamp": "2025-..." }Permissions: fields:read (GET), fields:write (POST)
List all fields for the authenticated user's farm, with farm metadata.
Create a new field record.
Request body (validated by createFieldSchema):
{
"name": "Campo Nord",
"crop": "Grano tenero",
"areaHa": 12.5,
"status": "active",
"plantingDate": "2025-03-15",
"municipality": "Cesena",
"expectedHarvest": "2025-07-20",
"expectedVolume": 8500,
"health": "good",
"irrigation": "drip",
"notes": "Terreno argilloso"
}Permission: compliance:read
Returns compliance records, events, and summary statistics for the user's fields.
Permission: traceability:read
Returns product digital passport data. Supports optional ?lotId= query parameter for a specific lot, or returns all lots.
Permission: iot:read
Returns IoT devices, sensor readings, alerts, and latest values for the user's fields.
Permission: weather:read
Returns static farm weather data.
Returns live weather, 7-day forecast, river levels, alerts, and weather notifications.
Permissions: supply-chain:read (GET), supply-chain:write (POST)
Returns supply-chain lots, timelines, and summary.
Process harvest declarations or transition supply-chain lot status.
Permission: marketplace:read
Returns marketplace products, orders, and revenue summary.
Permissions: financial:read (GET), financial:write (POST)
Returns cooperative/field financial KPIs and projections.
Add cost or revenue entries. Request validated by createCostEntrySchema or createRevenueEntrySchema (distinguished by type field).
// Cost entry
{
"type": "cost",
"fieldId": "...",
"date": "2025-06-01",
"category": "fertilizer",
"description": "Urea 46%",
"amount": 450.00
}
// Revenue entry
{
"type": "revenue",
"fieldId": "...",
"date": "2025-07-15",
"source": "harvest_sale",
"description": "Vendita grano",
"amount": 12000.00
}Permissions: carbon:read (GET), carbon:write (POST)
Returns carbon summary, categories, and compliance readiness.
Add a carbon entry (validated by createCarbonEntrySchema).
{
"fieldId": "...",
"date": "2025-06-01",
"category": "emission",
"source": "diesel_tractor",
"quantity": 150.0,
"co2eKg": 450.0
}Permissions: water:read (GET), water:write (POST)
Returns water quotas, irrigation needs, and water-efficiency data.
Store/update irrigation schedule data (validated by createIrrigationScheduleSchema).
Permission: yield:read
Returns yield prediction summary, models, and per-field predictions.
Compute yield prediction for a specific field.
Permission: pest-warning:read
Returns pest/disease warning models and active warnings.
Calculate pest risk or treatment recommendations.
Permissions: governance:read (GET), governance:write (POST)
Returns proposals, AGM calendar, bylaws, and governance data.
Create proposal or submit vote (validated by createProposalSchema).
Permission: benchmarking:read
Returns farm/cooperative benchmark data and trends.
Submit benchmarking query and return computed results.
Permission: advisor:read
List saved AI advisories.
Submit a message for AI advisory/chat response for a field context.
{
"message": "When should I start irrigating the wheat fields?",
"fieldId": "optional-field-id"
}Permission: intelligence:read
Returns intelligence-fabric overview and event-bus status (active flows, recent events, statistics).
Publish intelligence updates (weather, NDVI, sensor events) to the event bus.
Permission: anomaly:read
Returns anomaly streams, detected anomalies, correlations, models, and digests.
Permission: knowledge-graph:read
Returns knowledge graph entities, relations, dossiers, and seasonal digests.
Permission: compliance-chain:read
Returns compliance chain, mappings, audit packages, and scores.
Permission: federation:read
Returns federation overview, members, governance, and carbon/supply summaries across cooperatives.
Permissions: interoperability:read (GET), interoperability:write (POST)
Returns interoperability dashboard and export jobs.
Create a data export job (validated by createExportJobSchema).
Supported formats: isobus_iso11783, geojson_inspire, efdi_json, agea_xml, sian_csv, arpae_json
{
"format": "geojson_inspire",
"scope": "farm"
}Permission: logistics:read
Returns optimized harvest collection routes for vehicles and declarations.
Permission: mobile:read
Returns mobile features, offline queue status, and sync status.
Permission: data-marketplace:read
Returns API endpoints, consumers, data products, and metrics for the data marketplace.
Permission: rbac:read
Returns roles, permissions, sessions, audit log, and data isolation rules.
Public for POST (initial cooperative setup).
Run cooperative onboarding or generate sample data.
{
"cooperativeName": "Cooperativa Romagna",
"region": "Emilia-Romagna",
"province": "Forlì-Cesena",
"adminEmail": "admin@coop.it",
"adminPassword": "securepass",
"adminName": "Mario Rossi"
}Permission: analytics:read (GET)
Returns analytics dashboard telemetry (route stats, feature heatmap, response times).
Record client analytics events and page views.
Permission: test-harness:read
Returns test suites, CI build status, coverage, and test summary.
Permission: none (varies)
Returns the moonshot portfolio (experimental features).
Returns a specific moonshot feature by feature ID.
Permission: insights:read
Returns insight templates, results, alerts, and queries.
All POST endpoints with structured input use Zod validation. Invalid requests return RFC 7807 application/problem+json responses.
| Schema | Used By | Key Fields |
|---|---|---|
loginSchema |
POST /api/auth |
email, password |
registerSchema |
POST /api/auth |
email, password (min 8), name, role |
refreshTokenSchema |
POST /api/auth |
refreshToken |
createFieldSchema |
POST /api/fields |
name, crop, areaHa, status, plantingDate |
createCarbonEntrySchema |
POST /api/carbon |
fieldId, date, category, source, quantity |
createCostEntrySchema |
POST /api/financial |
type:"cost", fieldId, category, amount |
createRevenueEntrySchema |
POST /api/financial |
type:"revenue", fieldId, source, amount |
createProposalSchema |
POST /api/governance |
title, description, proposedBy |
createIrrigationScheduleSchema |
POST /api/water |
fieldId, method |
createBenchmarkSchema |
POST /api/benchmarking |
farmId |
createExportJobSchema |
POST /api/interoperability |
format, scope |