Skip to main content
The TrayLinx platform exposes several REST microservices. All services share a common authentication model and JSON request/response format.

Base URLs

Each functional area of the platform is served by a dedicated microservice. Configure these through environment variables in your deployment.
ServiceEnvironment VariableDefault Base URL
Auth APIREACT_APP_AUTH_API_BASE_URLhttps://api.makakoo.com/ma-authentication-ms/v1/api
Organizations & Metrics APIREACT_APP_ORGANIZATIONS_API_BASE_URLhttps://api.makakoo.com/ma-metrics-wsp-ms/v1/api
Wallets APIREACT_APP_WALLETS_API_BASE_URLFalls back to REACT_APP_ORGANIZATIONS_API_BASE_URL
LLM ProxyREACT_APP_OPENAI_API_BASEhttps://api.makakoo.com/ma-llm-proxy-ms/v1/api
Analytics (Langfuse)REACT_APP_LANGFUSE_API_URLhttps://api.makakoo.com/ma-langfuse-server-ms/v1/api

Request Format

All endpoints accept and return JSON. Include the following headers on every request: 
Content-Type: application/json
Accept: application/json
Api-Key: <your_api_key>
Authorization: Bearer <access_token>
The Api-Key header authenticates your application; the Authorization header authenticates the acting user. See Authentication for details on obtaining tokens.

Response Format

Successful responses return HTTP 2xx and a JSON body. Most collection endpoints follow JSON:API conventions: 
{
  "data": [
    {
      "id": "123",
      "type": "organization",
      "attributes": {
        "name": "Acme Corp"
      }
    }
  ],
  "meta": {
    "page": 1,
    "per_page": 20,
    "total_count": 42
  }
}
Single-resource responses wrap the object in data: 
{
  "data": {
    "id": "123",
    "type": "organization",
    "attributes": { "name": "Acme Corp" }
  },
  "meta": {
    "can": {
      "organization": { "manageSettings": true },
      "project": { "create": true }
    }
  }
}

Error Format

Errors return a non-2xx HTTP status and a JSON body. The shape varies slightly by service, but the most common format is: 
{
  "errors": [
    {
      "status": 422,
      "code": "INVALID_ROLE_TRANSITION",
      "title": "Invalid role transition",
      "detail": "Cannot demote the last owner. Transfer ownership first."
    }
  ]
}
Some endpoints return a simpler error string or message field: 
{ "error": "User not found" }

Common HTTP Status Codes

StatusMeaning
200 OKRequest succeeded
201 CreatedResource created successfully
204 No ContentRequest succeeded, no body returned (e.g. DELETE)
400 Bad RequestMalformed request body or invalid parameters
401 UnauthorizedMissing or expired access token
403 ForbiddenValid token but insufficient permissions
404 Not FoundResource does not exist
409 ConflictResource already exists or state conflict
422 Unprocessable EntityValidation error on the submitted data
429 Too Many RequestsRate limit exceeded
500 Internal Server ErrorUnexpected server error

Rate Limiting

The Auth service enforces rate limits on sensitive operations:
  • Login: Limited per username. Exceeded attempts return a 429 with the message Too many login attempts. Please wait N minutes before trying again.
  • Registration: Limited per username/email.
  • Password reset: Limited per email address.
  • Validation (email/phone): Limited per address.
When you receive a 429, wait for the duration indicated in the error message before retrying. For high-volume integrations, implement exponential backoff. For activity log and metrics endpoints, the recommended auto-refresh interval is 30 seconds.

Authentication

All requests require a Bearer JWT token in the Authorization header. See Authentication for the full token lifecycle, including how to obtain, refresh, and revoke tokens.

Build docs developers (and LLMs) love

Get started for freeTalk to us