Scope
This section documents Meridian HTTP APIs and related contracts as maintained for Study Compass engineering. Narrative pages underapi-reference/ (for example Event management) carry the detailed paths, payloads, and behavior aligned with the Express backend in Meridian/backend/.
Authentication
The Meridian web client uses cookie-backed JWT access and refresh flows; frontend code should go throughuseFetch and postRequest (Web client best practices), not ad hoc clients. Individual API pages state whether a route expects a session cookie, a Bearer token, or a public call.
OpenAPI file
The repository may includeapi-reference/openapi.json for Mintlify tooling or future playground generation. Until that file is fully curated for Meridian, treat the MDX API pages in this tab as authoritative.
Related pages
Event management API
Organization events, agendas, RSVPs, and related HTTP operations.
Backend best practices
Route layout,
req.db, verifyToken, and how Express handlers are structured.Authentication overview
Cookie vs Bearer JWTs, refresh, and which routes require a logged-in user.
Web client best practices
useFetch and postRequest—the supported way to call these APIs from the web app.Multi-tenant identity
How
globalUserId and memberships affect authorization on tenant subdomains.Atlas event dashboard
Organizer-facing flows that sit on top of the event management API.