ASP.NET Core 8 Minimal API — every endpoint authenticated via Auth0, scoped to the caller's tenant, audit-logged on mutation, and documented in OpenAPI 3. The API is the workhorse layer: the React UI calls it, every service composes through it, and the same 14 modules you license on the frontend show up here as the API's organizing taxonomy.
Endpoint count per module, sorted by surface area. The largest modules (Assessments, AI, Security, Tasks) carry the workflow complexity; smaller ones (Fonts, Legal) are tighter substrate pieces.
Total — 526 endpoints across the 14 modules. Browse every one on the API coverage map.
What happens when a React UI calls POST /assessment/{id}/save — every layer the request touches before the response comes back.
/assessment/{id}/saveThe same SaveAssessment route as it appears at L2 (endpoint definition), L3 (service interface), and L4 (repository call). Idiomatic across all 524 endpoints — learn one, read the rest at a glance.
group.MapPost("/assessment/{id:guid}/save", async (
Guid id,
[FromBody] SaveAssessmentRequest req,
IAssessmentService svc,
UserContext ctx) =>
{
var result = await svc.SaveAsync(id, req, ctx);
return result.IsSuccess
? Results.Ok(result.Value)
: Results.UnprocessableEntity(result.Errors);
})
.RequireAuthorization("Assessment.Write")
.WithName("SaveAssessment")
.Produces<AssessmentDto>(200);public async Task<Result<AssessmentDto>> SaveAsync(
Guid id,
SaveAssessmentRequest req,
UserContext ctx)
{
await _tenantGuard.Check(id, ctx.TenantId);
await _audit.Log("Assessment.Save", id, ctx);
var entity = await _repo.SaveAsync(
id, req.MapToEntity(ctx));
return Result.Ok(entity.MapToDto());
}public async Task<Assessment> SaveAsync(
Guid id, Assessment entity)
{
using var conn = _db.Open();
return await conn.QuerySingleAsync<Assessment>(
"sp_Assessment_Save",
new {
Id = id,
entity.TenantId,
entity.Title,
entity.Questions,
entity.Version
},
commandType: CommandType.StoredProcedure);
}Every endpoint belongs to one tier. The tier determines who can call it, what auth shape applies, and what scope of data the call touches.
Tenant-admin and platform-admin operations — user management, role + permission assignment, translation registry, content moderation, system configuration. Locked behind elevated permissions.
Authenticated end-user surfaces — profile, preferences, notifications, messaging, tasks, assessments. Every endpoint scoped to the calling user's tenant + accessible records.
Unauthenticated surfaces — language list, country list, public help content, news feed previews, legal policy fetch. The thin slice anyone can call without a token.
Sign-in, sign-out, signup, password reset, MFA enrollment, OAuth handoff, magic-link delivery. The handshake surface between Auth0 and the application.
AI provider calls, prompt-runner invocations, agent orchestration, scheduled workflow triggers, async job status. Wraps OpenAI / Anthropic / HeyGen / vendor SDKs with auth + audit + retry.
Every B2B SaaS API has to solve these. CleenUI ships them all already wired — every endpoint inherits them, no copy-paste boilerplate per route.
The API is consistent — same shape across all 524 endpoints. Learn it once, read the rest at a glance.
Every authenticated endpoint resolves the caller's tenant context up front. Repositories scope queries automatically — never up to the endpoint handler to remember.
Mutations don't hard-delete. Every domain entity carries `IsDeleted` + `DeletedAt` + `DeletedBy`. A restore endpoint reverses any soft-delete; admins can see the history.
Every state change emits an audit row — actor, timestamp, before/after diff. Surfaced via the /admin/audit endpoints, retained per tenant policy.
Updates require the version token returned by the prior read. Stale writes 409 cleanly; the client decides whether to retry or merge.
Unsafe operations accept an `Idempotency-Key` header. The same key replays return the cached prior response — safe to retry under network failure.
Error envelopes carry a key + localized text resolved against the translation registry. UI never has to know about server-side i18n.
Type to filter a representative sample of the surface. Try assessment, role, chat, or any HTTP method like post. The full searchable map of all 524 is on the coverage page.
/admin/permission/deleteM01 Security/admin/permission/saveM01 Security/admin/permissiongroups/filterM01 Security/admin/permissions/filterM01 Security/admin/role/deleteM01 Security/admin/role/detailM01 Security/admin/role/permissions/addM01 Security/admin/role/permissions/removeM01 Security/admin/role/saveM01 Security/admin/role/users/addM01 Security/admin/roles/filterM01 Security/admin/users/rolesM01 Security/admin/users/roles/addM01 Security/admin/users/roles/removeM01 Security/auth/change-passwordM01 Security/auth/check-email-and-phone-numberM01 Security/auth/create-social-media-login-urlM01 Security/auth/create-social-media-signup-urlM01 Security/auth/impersonateM01 Security/auth/loginM01 Security/auth/refresh-access-tokenM01 Security/auth/send-forgot-password-emailM01 Security/auth/send-forgot-password-textM01 Security/auth/signupM01 Security/auth/signup-from-auth0M01 Security/auth/social-media-loginM01 Security/auth/verify-forgot-password-textM01 Security/health/auth-securedM01 Security/public/session-tokenM01 Security/account/detailsM02 Accounts/account/filterM02 Accounts/account/plan/saveM02 Accounts/account/saveM02 Accounts/account/subscription/synchronizeM02 Accounts/account/user/addM02 Accounts/account/user/filterM02 Accounts/account/user/inviteM02 Accounts/account/user/removeM02 Accounts/admin/account/change-UserM02 Accounts/admin/account/change-ownerM02 Accounts/admin/account/detailM02 Accounts/admin/account/updateM02 Accounts/admin/accounts/filterM02 Accounts/user/account/set-latestM02 Accounts/user/activity/filterM02 Accounts/user/alerts/addM02 Accounts/user/alerts/allM02 Accounts/user/alerts/removeM02 Accounts/user/assign-handleM02 Accounts/user/bill/downloadM02 Accounts/user/blockM02 Accounts/user/blockedM02 Accounts/user/calendar/availabilityM02 Accounts/user/calendar/event-type/allM02 Accounts/user/calendar/scheduleM02 Accounts/user/case-study/cloneM02 Accounts/user/case-study/deleteM02 Accounts/user/case-study/detailM02 Accounts/user/case-study/filterM02 Accounts/user/case-study/media/addM02 Accounts+ 442 more matches. See all on the coverage map →
All 524 endpoints rendered as filterable pills. Hover for method + path + summary; click a module to deep-dive. The exhaustive companion to this page's narrative.
Try it liveImport the OpenAPI spec into Postman, open Swagger UI, or grab the raw JSON for your tool of choice. Every endpoint is callable against a sandbox tenant.
A 30-minute architecture review walks any endpoint of yours against the CleenUI API surface. Bring a route you'd otherwise spend a week scaffolding.