API Overview

The public API should be the server-side foundation for web, mobile, and MCP integrations.

REST endpoints and MCP tools should call the same application services and use the same request/response contracts.

Endpoint families

The first rollout has two read-only endpoint families:

• POST /v1/* calculation endpoints accept explicit payloads and return deterministic finance calculations.
• GET /v1/me/* account endpoints load the authenticated user's data through Supabase Row Level Security, then run the same application services.

The /v1/me/* endpoints require a bearer token. In production, Saviqo verifies Supabase JWT claims and uses a request-scoped Supabase client so database policies remain the final access boundary.

Current account endpoints

• GET /v1/me/budget/summary?month=4&currency=INR
• GET /v1/me/analytics/cashflow?currency=INR
• GET /v1/me/analytics/spending-by-category
• GET /v1/me/goals/progress
• GET /v1/me/statements/imports
• GET /v1/me/statements/transactions