Skip to main content

API Routes

HostMetrics has 16 API routes organized by feature domain. Most data operations happen client-side via Supabase JS; API routes are used for server-side operations only.

Route Reference

Turo Integration

MethodPathAuthPurpose
POST/api/turo/syncBearer tokenReceive CSV data from Chrome extension, parse, and import into database

Toll Management

MethodPathAuthPurpose
POST/api/tolls/syncBearer tokenTrigger server-side toll scraping for connected accounts
POST/api/tolls/test-connectionBearer tokenTest toll account credentials without importing data

Stripe Billing

MethodPathAuthPurpose
POST/api/stripe/create-checkoutSessionCreate Stripe Checkout session for new subscription
POST/api/stripe/portalSessionRedirect to Stripe Customer Portal for managing subscription
POST/api/stripe/webhookStripe signatureProcess Stripe events (subscription changes, payments)

Integrations

MethodPathAuthPurpose
POST/api/integrations/bouncie/connectSessionOAuth connect to Bouncie GPS tracking
POST/api/integrations/bouncie/syncSessionSync vehicle data from Bouncie
POST/api/integrations/plaid/create-link-tokenSessionCreate Plaid Link token for bank connection
POST/api/integrations/plaid/exchange-tokenSessionExchange Plaid public token for access token
POST/api/integrations/quickbooks/authorizeSessionStart QuickBooks OAuth flow
POST/api/integrations/quickbooks/callbackSessionHandle QuickBooks OAuth callback

Public / Shared

MethodPathAuthPurpose
GET/api/fleet/[slug]NoneFetch public fleet page data by slug
GET/api/portal/[token]TokenInvestor portal access (token in URL)
GET/api/r/[token]TokenInvestor report access (token in URL)
GET/api/investors/[id]/reportsSessionGenerate investor financial reports

Webhook Events (Stripe)

The /api/stripe/webhook endpoint processes these Stripe events:
EventAction
checkout.session.completedCreate subscription record in database
customer.subscription.updatedSync plan and status changes
customer.subscription.deletedMark subscription as cancelled
invoice.paidRecord payment, create invoice record
invoice.payment_failedLog failure, update subscription status

Authentication Patterns

Bearer Token — Used by Chrome extension and toll sync. Token is the Supabase access_token: 
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
Session — Used by browser-initiated API calls. Supabase session cookie is automatically included. Stripe Signature — Webhook validates using stripe.webhooks.constructEvent() with the signing secret. Token in URL — Investor portal/report links use a unique token in the URL path for access control.