T Topolo Docs

Application API

Topolo Roadmapper

Clear API and contract surface for Topolo Roadmapper, grouped under the application instead of split across generic reference sections.

curated srv_I0z_mOMxdFVa

Documentation Map

Authority

Service IDs:

srv_I0z_mOMxdFVa

Repos:

Hosts:

https://roadmapper.topolo.app https://roadmapper-api.topolo.app https://roadmapper-api.stg.topolo.us https://roadmapper.stg.topolo.us

Dependencies: topolo-auth, topolo-nexus, topolo-notify, applications-packages

Depends on Topolo Auth: yes

Contract Source

Type: curated

Source: PlatformApplications/TopoloRoadmapper/package.json

Source exists: no

Current contract coverage is curated rather than OpenAPI-backed, and the browser launcher lane now reads Auth-owned catalog data through same-origin /api/auth/* on the Roadmapper host using the current Auth organization and active context. Browser preboot, shared browser auth, API worker Auth validation, widget output, API-key management, TopoloNotify emission, and staging seed validation resolve concrete service ids from Auth service slugs such as `topolo-roadmapper` at runtime instead of carrying concrete service ids in source, Worker vars, build commands, or browser assets. The browser login handoff, embedded password-login surface, and Auth SSO one-time sso_code callback redemption delegate to the shared Topolo auth client, direct bearer-token callback URLs or /sso?token= bridge routes are not supported, Roadmapper keeps same-tab sessionStorage access-token restore enabled by default after login and refresh so normal reloads do not appear logged out before cookie refresh completes, Roadmapper's vendored @topolo/ui-kit snapshot must stay synchronized with the canonical platform package, the API worker now exposes authenticated `GET /api/widget` for TopoloOne live workspace, emits generic `application.notification.created` envelopes through TopoloNotify after successful creation writes, and protected API routes now require Topolo Auth validation plus a validated organization context with no Roadmapper-local JWT secret handoff or vendored local HS256 verifier.

API key scopes in Auth catalog: 9

Auth Requirements

No global OpenAPI security scheme is declared.

  • api_keys.write
  • projects.read
  • projects.write
  • reports.read
  • reports.write
  • roadmaps.read
  • roadmaps.write
  • settings.read
  • settings.write

Runtime and Deployment

Wrangler surfaces: none detected

Environment variables: none derived

Routes: workers.dev or Pages-only delivery

Observability enabled: no explicit signal found

Runtime Surface

Wrangler surfaces: No wrangler file detected in scanned surface

This application does not yet have a source-controlled OpenAPI spec in the docs platform. The current API page is derived from the registered contract source and repository surface.

Failure modes

  • No wrangler.toml surface was discovered under the registered repo paths.
  • The registered contract source is missing: PlatformApplications/TopoloRoadmapper/package.json
  • Neither OpenAPI nor README-derived interface detail was found.