API Overview

Base URL: https://ayts-api.jerquinbayudo.workers.dev
Framework: Hono.js on Cloudflare Workers
Auth: JWT (Bearer token)

Health Check

GET /health

Response:

{
  "status": "ok",
  "timestamp": "2026-05-06T12:00:00.000Z",
  "environment": "production",
  "version": "1.0.0"
}

Prefix	Module	Description
`/api/auth`	`routes/auth.ts`	Register, login, password reset, refresh
`/api/users`	`routes/users-simple.ts`	User profile management
`/api/vendors`	`routes/vendors.ts`	Vendor operations + onboarding
`/api/stores`	`routes/stores.ts`	Store listing + discovery
`/api/products`	`routes/products.ts`	Product management
`/api/orders`	`routes/orders-simple.ts`	Order creation + tracking
`/api/payments`	`routes/payments.ts`	PayMongo integration
`/api/reviews`	`routes/reviews.ts`	Product/store reviews
`/api/notifications`	`routes/notifications.ts`	Push subscriptions
`/api/search`	`routes/search.ts`	Full-text search
`/api/webhooks`	`routes/webhooks.ts`	PayMongo webhooks
`/api/admin`	`routes/admin.ts`	Admin-only operations
`/api/riders`	`routes/riders.ts`	Rider management
`/api/public`	`routes/public.ts`	Unauthenticated public data
`/api/upload`	`routes/upload.ts`	File upload to R2
`/api/catalog`	`routes/catalog.ts`	Product catalog browsing

Most endpoints require a JWT token in the Authorization header:

Authorization: Bearer {token}

The token is returned from POST /api/auth/login or POST /api/auth/register.

Role	Access
`customer`	Browse, cart, orders, reviews
`vendor`	+ Manage own store and products
`rider`	+ Accept/update delivery orders
`admin`	Full access to all endpoints

All errors follow this shape:

{
  "success": false,
  "error": "Error message",
  "code": "ERROR_CODE"
}

Endpoint Group	Limit
Auth (login/register)	10 req / 15 min per IP
Forgot password	3 req / hour per IP
All other endpoints	No strict limit (Workers limits apply)

Allowed origins (production):

Localhost origins only in ENVIRONMENT=development.

All requests go through: