API Contracts - Legends DXP

Health & Status

API durum ve saglik kontrol endpoint'leri

GET /api Public

API durum bilgisi

Response

{
  "status": "ok",
  "version": "1.0.0",
  "timestamp": "2026-01-12T10:00:00Z"
}

GET /api/health Public

Detayli saglik kontrolu

Response

{
  "status": "healthy",
  "database": "connected",
  "redis": "connected",
  "uptime": 86400
}

System Admin - Tenants

Tenant (kiracı) yonetimi. Sadece System Admin yetkisi gerektirir.

POST /api/system-admin/tenants Admin

Yeni tenant olustur

Request Body

{
  "name": "Tersane Nick",
  "slug": "tersane-nick",
  "config": {
    "timezone": "Europe/Istanbul",
    "currency": "TRY",
    "languages": ["tr", "en"]
  }
}

Response Codes

201 Created 400 Validation Error 409 Slug Exists

GET /api/system-admin/tenants Admin

Tum tenant'lari listele

GET /api/system-admin/tenants/active Admin

Sadece aktif tenant'lari listele

GET /api/system-admin/tenants/{id} Admin

ID ile tenant getir

Path Parameters

Name	Type	Description
id	uuid	Tenant ID

GET /api/system-admin/tenants/slug/{slug} Admin

Slug ile tenant getir

PUT /api/system-admin/tenants/{id} Admin

Tenant guncelle

DELETE /api/system-admin/tenants/{id} Admin

Tenant sil

System Admin - Auth

System Admin kimlik dogrulama. Email veya SMS ile OTP.

POST /api/system-admin/auth/email/request-otp Public

Email ile OTP gonder

Request Body

{
  "email": "admin@legendsdxp.com"
}

Response

{
  "message": "OTP sent",
  "expiresIn": 300
}

POST /api/system-admin/auth/email/verify-otp Public

Email OTP dogrula

Request Body

{
  "email": "admin@legendsdxp.com",
  "otp": "123456"
}

Response (AdminAuthResponseDto)

{
  "accessToken": "eyJhbGciOiJIUzI1NiIs...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIs...",
  "expiresIn": 3600,
  "admin": {
    "id": "uuid",
    "email": "admin@legendsdxp.com",
    "role": "SYSTEM_ADMIN"
  }
}

POST /api/system-admin/auth/sms/request-otp Public

SMS ile OTP gonder

POST /api/system-admin/auth/sms/verify-otp Public

SMS OTP dogrula

POST /api/system-admin/session/logout Bearer

Mevcut oturumu sonlandir

POST /api/system-admin/session/force-logout Admin

Baska bir admin'in oturumunu zorla sonlandir (manage-permissions yetkisi gerekli)

POST /api/system-admin/session/refresh Public

Refresh token ile yeni access token al

Request Body

{
  "refreshToken": "eyJhbGciOiJIUzI1NiIs..."
}

System Admin - Permissions

Yetki yonetimi. Granuler permission sistemi.

GET /api/system-admin/permissions/available Public

Mevcut yetkileri listele

Query Parameters

Name	Type	Description
scope	string	system \| project

GET /api/system-admin/permissions/admin/{adminId} Bearer

Belirli bir admin'in yetkilerini getir

Query Parameters

Name	Type	Description
adminType	string	SYSTEM_ADMIN \| PROJECT_ADMIN
tenantId	uuid	Tenant ID (optional)

GET /api/system-admin/permissions/me Bearer

Mevcut kullanicinin yetkilerini getir

POST /api/system-admin/permissions/grant Admin

Admin'e yetki ver

Request Body (GrantPermissionDto)

{
  "adminId": "uuid",
  "adminType": "PROJECT_ADMIN",
  "permission": "tickets:create",
  "tenantId": "uuid"
}

DELETE /api/system-admin/permissions/revoke Admin

Admin'den yetki al

Project Admin - Auth

Project Admin (tenant bazli) kimlik dogrulama

POST /api/project-admin/auth/email/request-otp Public

Email ile OTP gonder

POST /api/project-admin/auth/email/verify-otp Public

Email OTP dogrula

POST /api/project-admin/session/logout Bearer

Oturumu sonlandir

POST /api/project-admin/session/refresh Public

Token yenile

Project Admin - Permissions

Tenant bazli yetki yonetimi

GET /api/project-admin/permissions/available Public

Mevcut project yetkilerini listele

GET /api/project-admin/permissions/me Bearer

Kendi yetkilerini gor

POST /api/project-admin/permissions/grant Admin

Yetki ver

DELETE /api/project-admin/permissions/revoke Admin

Yetki kaldir

Client - Auth

Son kullanici kimlik dogrulama. Email OTP veya guest session.

POST /api/client/auth/request-otp Public

Email ile 6 haneli OTP gonder

Request Body (RequestEmailOtpDto)

{
  "email": "user@example.com"
}

Response

{
  "message": "OTP sent to email",
  "expiresIn": 300
}

POST /api/client/auth/verify-otp Public

OTP dogrula, kullanici yoksa olustur

Request Body (VerifyEmailOtpDto)

{
  "email": "user@example.com",
  "otp": "123456"
}

Response (AuthResponseDto)

{
  "accessToken": "eyJhbGciOiJIUzI1NiIs...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIs...",
  "expiresIn": 3600,
  "user": {
    "id": "uuid",
    "email": "user@example.com",
    "isNewUser": true
  }
}

POST /api/client/auth/guest-session Public

Gecici misafir oturumu olustur (checkout icin)

Request Body (CreateGuestSessionDto)

{
  "email": "guest@example.com",
  "phone": "+905551234567"
}

Response (GuestSessionResponseDto)

{
  "sessionId": "uuid",
  "expiresIn": 1800,
  "token": "guest_token_..."
}

Client - Profile

Kullanici profil yonetimi

GET /api/client/profile/me Bearer

Mevcut kullanici profilini getir

Response

{
  "id": "uuid",
  "email": "user@example.com",
  "phone": "+905551234567",
  "firstName": "Ahmet",
  "lastName": "Yilmaz",
  "createdAt": "2026-01-01T00:00:00Z"
}

GET /api/client/profile/tickets Bearer

Kullanicinin satin aldigi biletleri listele

Events

Etkinlik yonetimi

POST /api/events Admin

Yeni etkinlik olustur

Request Body

{
  "name": { "tr": "Yaz Festivali", "en": "Summer Festival" },
  "slug": "summer-festival-2026",
  "description": { "tr": "...", "en": "..." },
  "category": "concert",
  "startDate": "2026-07-01T18:00:00Z",
  "endDate": "2026-07-01T23:00:00Z",
  "isPublic": true
}

GET /api/events Public

Etkinlikleri listele

Query Parameters

Name	Type	Description
tenantId	uuid	Tenant ID required
category	string	Kategori filtresi
isPublic	boolean	Sadece public etkinlikler

GET /api/events/{id} Public

Etkinlik detayi

PUT /api/events/{id} Admin

Etkinlik guncelle

DELETE /api/events/{id} Admin

Etkinlik sil

Tickets

Bilet urunleri yonetimi

POST /api/tickets Admin

Yeni bilet urunu olustur

Request Body

{
  "name": { "tr": "Yetiskin Bileti", "en": "Adult Ticket" },
  "slug": "adult-ticket",
  "description": { "tr": "...", "en": "..." },
  "price": { "amount": 150, "currency": "TRY" },
  "validFrom": "2026-01-01",
  "validUntil": "2026-12-31",
  "isPublic": true,
  "maxQuantityPerOrder": 10
}

Response Codes

201 Created 400 Validation Error 409 Slug Exists

GET /api/tickets Public

Biletleri listele

Query Parameters

Name	Type	Description
tenantId	uuid	Tenant ID
isPublic	boolean	Gorunurluk filtresi

GET /api/tickets/{id} Public

Bilet detayi

PUT /api/tickets/{id} Admin

Bilet guncelle

DELETE /api/tickets/{id} Admin

Bilet sil

Experiences

Deneyim urunleri (VIP, workshop, vb.)

POST /api/experiences Admin

Yeni deneyim olustur

GET /api/experiences Public

Deneyimleri listele

GET /api/experiences/{id} Public

Deneyim detayi

PUT /api/experiences/{id} Admin

Deneyim guncelle

DELETE /api/experiences/{id} Admin

Deneyim sil

Foods

Yiyecek-icecek urunleri

POST /api/foods Admin

Yeni F&B urunu olustur

GET /api/foods Public

F&B urunlerini listele

GET /api/foods/{id} Public

F&B urun detayi

PUT /api/foods/{id} Admin

F&B urun guncelle

DELETE /api/foods/{id} Admin

F&B urun sil

Unites (Rooms)

Oda/Unite urunleri (party room, VIP lounge, vb.)

POST /api/unites Admin

Yeni unite olustur

GET /api/unites Public

Unite'leri listele

GET /api/unites/{id} Public

Unite detayi

PUT /api/unites/{id} Admin

Unite guncelle

DELETE /api/unites/{id} Admin

Unite sil

Addons

Eklenti urunleri (parking, locker, equipment, vb.)

POST /api/addons Admin

Yeni addon olustur

GET /api/addons Public

Addon'lari listele

GET /api/addons/{id} Public

Addon detayi

PUT /api/addons/{id} Admin

Addon guncelle

DELETE /api/addons/{id} Admin

Addon sil

Product Catalog

Satin alinabilir urunlerin birlesik katalogu

GET /api/products/catalog Public

Tum satin alinabilir urunleri fiyatlarla birlikte getir

Required Headers

Name	Description
X-Tenant-ID	Tenant ID required

Response

{
  "tickets": [...],
  "experiences": [...],
  "foods": [...],
  "addons": [...],
  "unites": [...]
}

Sessions

Urun bazli seans/slot yonetimi

POST /api/products/{productId}/sessions Admin

Yeni seans olustur

Request Body (CreateSessionDto)

{
  "startTime": "2026-01-15T10:00:00Z",
  "endTime": "2026-01-15T12:00:00Z",
  "capacity": 50,
  "price": { "amount": 200, "currency": "TRY" }
}

GET /api/products/{productId}/sessions Public

Musait/gelecek seanslari listele

GET /api/products/{productId}/sessions/{sessionId} Public

Seans detayi

PUT /api/products/{productId}/sessions/{sessionId} Admin

Seans guncelle

DELETE /api/products/{productId}/sessions/{sessionId} Admin

Seans sil

POST /api/products/{productId}/sessions/{sessionId}/reserve Public

Bilet/yer rezerve et

Request Body (ReserveTicketsDto)

{
  "quantity": 2,
  "reservationId": "uuid"
}

POST /api/products/{productId}/sessions/{sessionId}/release Public

Rezervasyonu iptal et / bilet birak

POST /api/products/{productId}/sessions/bulk Admin

Toplu seans olustur (tarih araligi icin)

Request Body (BulkGenerateSessionsDto)

{
  "startDate": "2026-01-01",
  "endDate": "2026-01-31",
  "times": ["10:00", "14:00", "18:00"],
  "capacity": 50,
  "excludeDays": [0, 6]
}

Campaigns

Kampanya ve indirim yonetimi

POST /api/campaigns Admin

Yeni kampanya olustur

Request Body

{
  "name": { "tr": "Yaz Indirimi", "en": "Summer Sale" },
  "type": "PERCENTAGE",
  "value": 20,
  "validFrom": "2026-06-01T00:00:00Z",
  "validUntil": "2026-08-31T23:59:59Z",
  "rules": {
    "minQuantity": 2,
    "applicableProducts": ["ticket-uuid-1", "ticket-uuid-2"]
  },
  "isActive": true
}

GET /api/campaigns Admin

Tenant kampanyalarini listele

GET /api/campaigns/{id} Admin

Kampanya detayi

PUT /api/campaigns/{id} Admin

Kampanya guncelle

DELETE /api/campaigns/{id} Admin

Kampanya sil

Checkout

Odeme oncesi sepet islemleri

POST /api/checkout/validate Public

Sepeti dogrula ve indirimli fiyat hesapla

Required Headers

Name	Description
X-Tenant-ID	Tenant ID
Accept-Language	tr-TR, en-US

Request Body

{
  "items": [
    { "productId": "uuid", "sessionId": "uuid", "quantity": 2 }
  ],
  "couponCode": "SUMMER20"
}

Response

{
  "valid": true,
  "items": [...],
  "subtotal": 300,
  "discount": 60,
  "total": 240,
  "currency": "TRY",
  "appliedCampaigns": ["Summer Sale"]
}

POST /api/checkout Bearer

Checkout isle (siparis olustur + odeme baslat)

Request Body

{
  "items": [
    { "productId": "uuid", "sessionId": "uuid", "quantity": 2 }
  ],
  "couponCode": "SUMMER20",
  "paymentMethod": "CREDIT_CARD"
}

Orders

Siparis yonetimi

GET /api/orders Bearer

Kullanicinin siparislerini listele

GET /api/orders/{id} Bearer

Siparis detayi

Response

{
  "id": "uuid",
  "orderNumber": "ORD-2026-001234",
  "status": "CONFIRMED",
  "items": [...],
  "subtotal": 300,
  "discount": 60,
  "total": 240,
  "currency": "TRY",
  "payment": {...},
  "createdAt": "2026-01-12T10:00:00Z"
}

GET /api/orders/{id}/public Public

Public siparis goruntuleme (X-Tenant-ID gerekli)

POST /api/orders/{id}/confirm Bearer

Odeme sonrasi siparis onayla

DELETE /api/orders/{id} Bearer

Siparis iptal

Payments

Odeme islemleri

POST /api/payments Bearer

Odeme baslat

Required Headers

Name	Description
X-Forwarded-For	Client IP
X-Real-IP	Client IP (alternative)

Request Body

{
  "orderId": "uuid",
  "paymentMethod": "CREDIT_CARD",
  "card": {
    "number": "4111111111111111",
    "expiry": "12/28",
    "cvv": "123",
    "holderName": "AHMET YILMAZ"
  }
}

GET /api/payments/{id} Bearer

Odeme detayi

GET /api/payments/order/{orderId} Bearer

Siparise ait odemeyi getir

POST /api/payments/{id}/refund Admin

Odeme iadesi

Request Body

{
  "amount": 240,
  "reason": "Customer request"
}

GET /api/card-bin/lookup Public

Kart BIN bilgisi sorgula

Query Parameters

Name	Type	Description
bin	string	Kart numarasinin ilk 6-8 hanesi

Response

{
  "bank": "Garanti BBVA",
  "cardType": "CREDIT",
  "cardBrand": "VISA",
  "installments": [1, 2, 3, 6, 9, 12]
}