Audience: Admins, Devs, SRE, Compliance
Outcomes: Configure org, export data, monitor health, and evolve safely.
Admin
GET /api/admin/org POST /api/admin/org/branding # logo + invoice footer (multipart) POST /api/admin/users/invite POST /api/admin/partners/invite POST /api/admin/policies/kyc GET /api/admin/audit?from&to&actor&action POST /api/admin/exports # { type: orders|payments|releases|disputes|audit, format: csv|json }
Metrics
GET /metrics # Prometheus exposition format
Versioning & deprecation
REST is additive-first; breaking →
/v2orX-TradeOS-Version.Webhooks add fields; breaking → new event type/endpoint.
SSE adds event names; keep old names until retired.
Maintain a dated Changelog with migration notes.
Error catalog (common)
UNAUTHORIZED,FORBIDDEN,VALIDATION_ERROR,NOT_FOUND,RATE_LIMITED,
WEBHOOK_INVALID_SIGNATURE,PAYMENT_FAILED,ESCROW_RELEASE_FAILED,INTERNAL_ERROR.
Spec
OpenAPI 3.0 file: tradeos_openapi.yaml — import to Swagger UI/Redoc/Postman.