Authentication
Legaciti currently exposes two different HTTP API surfaces with different security models.
Dashboard API
Section titled “Dashboard API”The dashboard API is protected by Cloudflare Access.
- Primary domains:
https://dash.legaciti.organdhttps://my.legaciti.org - Header used by the worker:
Cf-Access-Jwt-Assertion - Intended audience: internal dashboard users and administrative tooling
When an endpoint requires dashboard authentication, the generated reference marks it with Cloudflare Access JWT.
Public API
Section titled “Public API”The public API is intended for read-only publication access.
- Primary domain:
https://api.legaciti.org - Read endpoints are public
POST /api/ingestis intended to be protected by API key policy at the edge or worker layer
The generated reference marks public endpoints as Public and API-key protected operations as API key.
- Internal operational endpoints are included in the dashboard reference but marked as internal when they are administrative in nature.
- The docs site publishes raw OpenAPI JSON so downstream tooling can consume the same machine-readable schema.