API Overview - EPR LAPS Backend

Introduction

The EPR LAPS (Extended Producer Responsibility - Local Authority Payment System) Backend API provides endpoints for managing bank details, accessing financial documents, and controlling permissions for local authorities in the EPR system.

Base URL

The API base URL depends on your environment:

http://localhost:3001

The default port for local development is 3001, but this can be configured via the PORT environment variable.

Available Endpoints

All endpoints (except /health) require JWT authentication. See the Authentication page for details.

Health Check

GET /health

Returns the health status of the API. This endpoint does not require authentication. Response:

{
  "message": "success"
}

Bank Details

GET /bank-details/{localAuthority}
Authorization: Bearer <token>

GET - Retrieve bank details for a local authority
POST - Create new bank details
PUT - Confirm bank details

Documents

GET /documents/{localAuthority}
Authorization: Bearer <token>

GET /documents/ - Get document metadata for a local authority
GET /document/ - Retrieve a specific document by ID

Permissions

GET /permissions/config
Authorization: Bearer <token>

Returns the authorization configuration including role-based permissions for:

Viewing full bank details
Confirming bank details
Creating bank details
Listing finance documents
Accessing finance documents

Response Example:

{
  "viewFullBankDetails": ["CEO"],
  "confirmBankDetails": ["CEO", "WO"],
  "createBankDetails": ["CEO"],
  "listFinanceDocuments": ["CEO"],
  "accessFinanceDocument": ["CEO"]
}

Request Headers

All authenticated requests must include:

Header	Required	Description
`Authorization`	Yes	Bearer token with JWT
`Content-Type`	For POST/PUT	`application/json`
`x-cdp-request-id`	No	Request tracing ID for debugging

The health check endpoint (/health) is the only endpoint that does not require authentication.

Example Request

curl -X GET https://api.epr-laps.defra.gov.uk/documents/birmingham-city-council \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "x-cdp-request-id: 12345"

Response Format

All API responses follow standard HTTP status codes:

Status Code	Description
`200`	Success
`201`	Created successfully
`400`	Bad request (validation error)
`401`	Unauthorized (invalid or missing token)
`403`	Forbidden (insufficient permissions)
`404`	Not found
`500`	Internal server error

Service Configuration

The API service is configured with:

Service Name: epr-laps-backend
Default Host: 0.0.0.0
Default Port: 3001
Database: MongoDB
Default Database Name: epr-laps-backend

Configuration values can be overridden using environment variables. See the deployment documentation for details.

Overview

Bank Details

Documents

Health

​Introduction

​Base URL

​Available Endpoints

​Health Check

​Bank Details

​Documents

​Permissions

​Request Headers

​Example Request

​Response Format

​Service Configuration

Build docs developers (and LLMs) love

Introduction

Base URL

Available Endpoints

Health Check

Bank Details

Documents

Permissions

Request Headers

Example Request

Response Format

Service Configuration