SCOWT

operational

API console — scowt v0.1.0 · production

2026-06-26T14:10:55Z Refresh

Status

Service

v0.1.0

uptime: 28 minutes
Rails: 8.1.3
Ruby: 3.3.6

Database

Connected

adapter: postgresql
database: scowt_production
ping: 0.6 ms
pool: 5

Solid Queue

4 workers

ready: 0
claimed: 0
scheduled: 0
failed: 0

Cache

SolidCache::Store

Endpoints

Method	Path	Auth	Handler	Description
GET	/api/v1/animal_assignments	TBD	api/v1/animal_assignments#index	(no description)
POST	/api/v1/animal_assignments	TBD	api/v1/animal_assignments#create	(no description)
POST	/api/v1/auth/refresh	TBD	api/v1/auth#refresh	(no description)
DELETE	/api/v1/auth/session	TBD	api/v1/auth#destroy	(no description)
POST	/api/v1/auth/sms_otp/request	TBD	api/v1/auth/sms_otp#request_code	(no description)
POST	/api/v1/auth/sms_otp/verify	TBD	api/v1/auth/sms_otp#verify	(no description)
POST	/api/v1/certificates	TBD	api/v1/certificates#create	(no description)
GET	/api/v1/kvk/:kvk	TBD	api/v1/kvk#show	(no description)
GET	/api/v1/kvk/search	TBD	api/v1/kvk#search	(no description)
POST	/api/v1/locations	TBD	api/v1/locations#create	(no description)
GET	/api/v1/me	TBD	api/v1/me#show	(no description)
POST	/api/v1/onboarding/:onboarding_id/complete	TBD	api/v1/onboarding#complete	(no description)
POST	/api/v1/onboarding/:onboarding_id/farm_identity	TBD	api/v1/onboarding#farm_identity	(no description)
POST	/api/v1/onboarding/:onboarding_id/locations	TBD	api/v1/onboarding#locations	(no description)
POST	/api/v1/onboarding/:onboarding_id/otp/request	TBD	api/v1/onboarding#otp_request	(no description)
POST	/api/v1/onboarding/:onboarding_id/otp/verify	TBD	api/v1/onboarding#otp_verify	(no description)
POST	/api/v1/onboarding/:onboarding_id/review	TBD	api/v1/onboarding#review	(no description)
POST	/api/v1/onboarding/:onboarding_id/rvo_challenge	TBD	api/v1/onboarding#rvo_challenge	(no description)
POST	/api/v1/onboarding/:onboarding_id/select_kvk	TBD	api/v1/onboarding#select_kvk	(no description)
POST	/api/v1/onboarding/self_declared/start	TBD	api/v1/onboarding#self_declared_start	(no description)
POST	/api/v1/onboarding/start	TBD	api/v1/onboarding#start	(no description)
GET	/api/v1/ping	none	api/v1/ping#show	Public liveness probe. No auth, no DB hit. Returns service + version + server time + environment. Used by the farmer_phone app on startup.
GET	/api/v1/team	TBD	api/v1/team#index	(no description)
POST	/api/v1/team	TBD	api/v1/team#create	(no description)
DELETE	/api/v1/team/:id	TBD	api/v1/team#destroy	(no description)

25 endpoints · routes discovered at request time from Rails.application.routes.

CORS allowlist

Origins permitted to call /api/v1/*. No wildcards.

https://app.scowt.nl
https://localhost
capacitor://localhost

Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD
Request headers: Authorization, Content-Type, Accept, Idempotency-Key, X-Request-Id
Exposed: X-Request-Id, Retry-After
Preflight TTL: 600s

Rate limits

Enforced by Rack::Attack. 429 + Retry-After on breach.

api/v1/ping by IP 30 / 60s

Public ping endpoint — tighter cap since it requires no auth
api/v1 default by IP 300 / 60s

Default throttle for all other /api/v1/* endpoints (matches §6.7 spec ceiling)
api/v1/kvk by IP 60 / 60s

KvK lookup/search — tighter cap to deter scraping the register
backoffice/login by IP 10 / 60s

Staff login brute-force protection

Response headers stripped

Removed before responses leave the app — reduces fingerprinting + timing-side-channel signal.

Server
X-Powered-By
X-Runtime
Server-Timing

Error envelope

All non-2xx /api/* responses follow this shape (§3.7 of the spec).

{
  "error": {
    "code": "STABLE_MACHINE_READABLE_CODE",
    "message": "Human-readable English explanation.",
    "details": { ... method-specific ... },
    "request_id": "01HXYZAB2C3D4E5F6G7H8J9K0L"
  }
}

Documentation

Data model

docs/datamodel.pdf — full architecture, tables, integration spec, KYC, stack choices.

Signup wireframes

docs/appflow/signup-wireframe.pdf — six-screen happy path with API calls annotated.

Unhappy paths

docs/appflow/signup-unhappy-flows.pdf — five error/branch flows.