Backend — API Routes
Routes are split across two base paths (configurable via basePath in createConsenti(), default /consenti):
Public
/consenti/api/v1Public API Routes
No auth required. Profile lookup and consent submission — used by the UI widget.
Admin
/consenti/adminAdmin API Routes
JWT required. Profile management, consent records, users, roles, audit, stats, and exports.
Error format
All error responses share the same structure:
json
{
"error": "Profile not found"
}ℹ️Stack traces are never included in production error responses (
NODE_ENV === 'production'). They are logged server-side only.OpenAPI / Swagger
When dashboard: true is set in createConsenti(), the interactive Swagger UI is available at:
text
http://localhost:3001/consenti/api/docsThe raw OpenAPI JSON spec is at /consenti/api/openapi.json.
Rate limiting
Rate limiting applies to public API routes only. Admin routes are exempt (they require JWT auth).
typescript
createConsenti({
rateLimit: {
windowMs: 60_000, // 1-minute window
maxRequests: 60, // max requests per IP per window
},
})