Base Conventions
API base and versioning
Section titled “API base and versioning”- Versioned root is
/api/v1. - Health endpoint is outside versioning:
GET /health.
Authentication
Section titled “Authentication”- Protected modules use
Authorization: Bearer <jwt>. - Auth middleware location:
backend/src/Presentation/Middlewares/AuthMiddleware.ts.
Validation
Section titled “Validation”- Request payload validation runs with Zod middleware before controller logic.
- Validation middleware:
backend/src/Presentation/Middlewares/validationMiddleware.ts.
Error contract
Section titled “Error contract”Errors are serialized in a stable envelope:
{ "code": "VALIDATION_FAILED", "message": "Request validation failed", "error": "walletId is required"}Status and default message mapping source:
backend/src/Shared/Errors.tsbackend/src/Presentation/Middlewares/errorsMiddleware.ts
Rate limiting
Section titled “Rate limiting”- Global limiter applies to the app.
- Auth limiter applies to auth routes.
- Config source:
backend/src/Presentation/Middlewares/rateLimiter.ts.