DashboardSupportWelcome

👤 USER DOCS

Getting Started

Daily Operations

Shift Workspace & TasksPre-Shift SetupLine-Up CardsShift ReportsForms

Staff & Locations

Staff SchedulingManaging Locations

Oversight

Manager ReportsAnalyticsPre-Shift & Compliance

Incidents & Feedback

Incident ReportingAnonymous FeedbackMessages & Announcements

AI & Settings

AI ChatgearApp Settings

Administration

Dashboard & OnboardingAdmin

⚙️ DEVELOPER DOCS

Getting Started

Getting StartedDevelopmentDeployment Guide

Architecture

Architecture OverviewData FlowArchitecture Decision Records

Core Domain

Core DomainDatabase ReferenceLocations DomainAuth & RBACScheduling DomainReports DomainIncidents DomainNotifications DomainAudit Log & OptimizationDesign Audit Findings

Frontend

Frontend ArchitectureFormsLoading SkeletonsComponentsPWA & NotificationsimageScreenshots

API Reference

API Reference

Endpoints

POS Sales APIOptimization Data APISchedule Shifts APIEmployee Export APIReports APIIncidents APIAI Chat APIPush Notifications APIWebhooks APICron API

Contributing

ContributingcodeCode Examples

Security

Security & Compliance
Danvas IconDanvas
Danvas IconDanvas

API Reference

Programmatic access to the Danvas platform

Overview

The Danvas API provides programmatic access to the restaurant operations platform. All endpoints are REST-based and return JSON responses. The API is primarily consumed by the internal @repo/analytics and @repo/ai packages, but is also available for external integrations.

Base URL

EnvironmentURL
Productionhttps://danvas.hartalliance.com
Developmenthttp://localhost:4000

Authentication

Danvas uses multiple authentication methods depending on the endpoint:

MethodUse Case
Bearer TokenUser authentication via Clerk JWT
Session CookieBrowser session authentication
Webhook SignatureVerification for Clerk and Svix webhooks
Bearer (Cron Secret)Authentication for scheduled cron jobs

Rate Limiting

The API implements rate limiting via Upstash Redis.

  • Chat Endpoint: Limited to 20 requests per minute per user.
  • Push Notifications: Limited to 100 requests per minute organization-wide.
  • Cron Jobs: Restricted to internal infrastructure and verified secrets.

API Categories

AI Chat

Streaming SSE responses for conversational data queries.

Push Notifications

Screenshots

Adding UI screenshots to documentation

POS Sales API

Real-time sales data from Toast POS

On this page

OverviewBase URLAuthenticationRate LimitingAPI CategoriesError HandlingOpenAPI SpecificationRelated

Management of Web Push subscriptions and delivery.

Webhooks

Handlers for external lifecycle events.

Cron Jobs

Internal endpoints for scheduled operational tasks.

Error Handling

All API errors follow a consistent format:

{
  "error": "Error message description",
  "code": "MACHINE_READABLE_CODE"
}
Status CodeMeaning
200Success
400Bad request — invalid parameters or payload
401Unauthorized — missing or invalid authentication
403Forbidden — insufficient permissions for this resource
429Too many requests — rate limit exceeded
500Internal server error

OpenAPI Specification

The full API schema is available as an OpenAPI 3.0 specification in content/docs/api-reference/openapi.json. This file is manually maintained — update it whenever new endpoints are added or existing schemas change. Below is the interactive specification:

Related

Auth & RBAC

Database Schema

Frontend Architecture