Skip to content
AP.00API architecture

API-first by construction.

Every platform capability is reachable through versioned REST + federated GraphQL. Identity-scoped per request, tenant-scoped at the row, signed webhook delivery, MCP discovery surface for agentic clients.

AP.0X·API surface pillars
  • AP.01

    Versioned REST endpoints

    Every platform capability addressable via /api/v{n}/<resource>. Major-version changes are additive within a deprecation window; breaking changes ship behind a new vN. OpenAPI 3.1 spec generated per release.

  • AP.02

    GraphQL federation

    Federated GraphQL gateway composes per-module subgraphs (Identra · Payvera · Transify · Workverge · Civitas · EduPro · Ledgera). Cross-module joins resolved at the gateway; per-module governance preserved.

  • AP.03

    Tenant + identity scope

    Every request authenticates through Identra. Tenant scope is enforced at the gateway (X-Org-ID header signed into the JWT) plus at the database layer via row-level security. No cross-tenant query path.

  • AP.04

    Event + webhook surface

    Outbound webhooks for every domain event (journal.posted, identity.signed_in, payment.settled). HMAC-signed payloads + replay protection via event_id. Inbound webhook ingestion endpoints for upstream integrations.

  • AP.05

    MCP discovery surface

    Model Context Protocol manifest at /.well-known/mcp.json so AI agents (Claude · ChatGPT · Cursor · Copilot) auto-discover the FlyttGo capability surface. Six tools + three resources declared.

  • AP.06

    SDK + sample clients

    First-party SDKs (TypeScript · Python) plus reference clients in Go and Rust. Generated from the OpenAPI spec; pinned to API version. Released alongside the platform on the same Sigstore-signed cadence.

API.RBCode preview ribbon

One request, five client surfaces.

Same endpoint, every SDK + the agent-discovery surface. Snippets are real shapes — run the equivalent live in the API playground.

Auto-cycle 6.5s
REQUEST·curl
curl https://api.flyttgo.tech/v1/journal-entries \
  -H "Authorization: Bearer $FLYTTGO_TOKEN" \
  -H "X-Org-ID: org_2dd5f768" \
  -G --data-urlencode "from=2026-01-01" \
     --data-urlencode "to=2026-03-31"
RESPONSE·200 OKapplication/json
{
  "ok": true,
  "count": 1284,
  "entries": [
    {
      "id": "je_01HV...",
      "entry_number": 1042,
      "entry_date": "2026-03-30",
      "status": "posted",
      "total_amount_base": "12500.00"
    }
  ]
}
Run it live in the playgroundMCP discovery manifestTenant scope enforced server-side · API.RL rate limits apply
AP.RL·Rate-limit matrix

Per-surface limits.

SurfaceTierLimitNote
Public read endpointsTier 11,000 req/min/IPStatus, MCP, sitemap, public docs
Authenticated tenant endpointsTier 210,000 req/min/tenantCRUD on org-scoped resources
Bulk + reporting endpointsTier 360 req/min/tenantStatutory exports, large datasets
Webhook deliveryOUT500 req/min/destinationOutbound; backoff + retry on 5xx

Limits return X-RateLimit-Limit + X-RateLimit-Remaining + Retry-After headers. Exceeding tier-2 returns 429 — backoff guidance built into the SDK clients.

API.PG

Live API playground

Pick an endpoint, hit Send, see the real response inline.

Open playground
MCP.00

MCP discovery manifest

For AI agents auto-discovering the FlyttGo surface.

View manifest

Security & trust signals

SBOM, Sigstore-signed releases, append-only audit trail.

Open