{
  "openapi": "3.1.0",
  "info": {
    "title": "Client Portal Backend Example OpenAPI Example",
    "version": "1.0.0",
    "description": "Illustrative OpenAPI contract for a Spala-style backend handoff. Not a live API and not generated runtime code."
  },
  "servers": [
    {
      "url": "https://example-project-api.spala.example",
      "description": "Placeholder API base URL. Replace with the published Spala project API base URL."
    }
  ],
  "tags": [
    {
      "name": "client-portal",
      "description": "A public example of the backend contract Spala can help create for a client portal: users, cases, messages, documents, invoices, auth, API docs, and frontend handoff."
    }
  ],
  "paths": {
    "/api/signup": {
      "post": {
        "operationId": "post_signup",
        "summary": "POST /api/signup example route",
        "description": "Illustrative Spala backend contract route. Not a live API endpoint.",
        "parameters": [],
        "security": [],
        "requestBody": {
          "required": false,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "additionalProperties": true
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Example successful response.",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true
                }
              }
            }
          },
          "400": {
            "description": "Validation or request error."
          },
          "401": {
            "description": "Authentication required when the route is protected."
          },
          "403": {
            "description": "Authenticated user does not have access to this resource."
          },
          "404": {
            "description": "Resource not found."
          }
        }
      }
    },
    "/api/login": {
      "post": {
        "operationId": "post_login",
        "summary": "POST /api/login example route",
        "description": "Illustrative Spala backend contract route. Not a live API endpoint.",
        "parameters": [],
        "security": [],
        "requestBody": {
          "required": false,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "additionalProperties": true
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Example successful response.",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true
                }
              }
            }
          },
          "400": {
            "description": "Validation or request error."
          },
          "401": {
            "description": "Authentication required when the route is protected."
          },
          "403": {
            "description": "Authenticated user does not have access to this resource."
          },
          "404": {
            "description": "Resource not found."
          }
        }
      }
    },
    "/api/me": {
      "get": {
        "operationId": "get_me",
        "summary": "GET /api/me example route",
        "description": "Illustrative Spala backend contract route. Not a live API endpoint.",
        "parameters": [],
        "security": [
          {
            "bearerAuth": []
          }
        ],
        "responses": {
          "200": {
            "description": "Example successful response.",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true
                }
              }
            }
          },
          "400": {
            "description": "Validation or request error."
          },
          "401": {
            "description": "Authentication required when the route is protected."
          },
          "403": {
            "description": "Authenticated user does not have access to this resource."
          },
          "404": {
            "description": "Resource not found."
          }
        }
      }
    },
    "/api/cases": {
      "get": {
        "operationId": "get_cases",
        "summary": "GET /api/cases example route",
        "description": "Illustrative Spala backend contract route. Not a live API endpoint.",
        "parameters": [],
        "security": [
          {
            "bearerAuth": []
          }
        ],
        "responses": {
          "200": {
            "description": "Example successful response.",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true
                }
              }
            }
          },
          "400": {
            "description": "Validation or request error."
          },
          "401": {
            "description": "Authentication required when the route is protected."
          },
          "403": {
            "description": "Authenticated user does not have access to this resource."
          },
          "404": {
            "description": "Resource not found."
          }
        }
      },
      "post": {
        "operationId": "post_cases",
        "summary": "POST /api/cases example route",
        "description": "Illustrative Spala backend contract route. Not a live API endpoint.",
        "parameters": [],
        "security": [
          {
            "bearerAuth": []
          }
        ],
        "requestBody": {
          "required": false,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "additionalProperties": true
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Example successful response.",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true
                }
              }
            }
          },
          "400": {
            "description": "Validation or request error."
          },
          "401": {
            "description": "Authentication required when the route is protected."
          },
          "403": {
            "description": "Authenticated user does not have access to this resource."
          },
          "404": {
            "description": "Resource not found."
          }
        }
      }
    },
    "/api/cases/{id}/messages": {
      "get": {
        "operationId": "get_cases_id_messages",
        "summary": "GET /api/cases/{id}/messages example route",
        "description": "Illustrative Spala backend contract route. Not a live API endpoint.",
        "parameters": [
          {
            "name": "id",
            "in": "path",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "security": [
          {
            "bearerAuth": []
          }
        ],
        "responses": {
          "200": {
            "description": "Example successful response.",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true
                }
              }
            }
          },
          "400": {
            "description": "Validation or request error."
          },
          "401": {
            "description": "Authentication required when the route is protected."
          },
          "403": {
            "description": "Authenticated user does not have access to this resource."
          },
          "404": {
            "description": "Resource not found."
          }
        }
      },
      "post": {
        "operationId": "post_cases_id_messages",
        "summary": "POST /api/cases/{id}/messages example route",
        "description": "Illustrative Spala backend contract route. Not a live API endpoint.",
        "parameters": [
          {
            "name": "id",
            "in": "path",
            "required": true,
            "schema": {
              "type": "string"
            }
          }
        ],
        "security": [
          {
            "bearerAuth": []
          }
        ],
        "requestBody": {
          "required": false,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "additionalProperties": true
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Example successful response.",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true
                }
              }
            }
          },
          "400": {
            "description": "Validation or request error."
          },
          "401": {
            "description": "Authentication required when the route is protected."
          },
          "403": {
            "description": "Authenticated user does not have access to this resource."
          },
          "404": {
            "description": "Resource not found."
          }
        }
      }
    },
    "/api/documents": {
      "post": {
        "operationId": "post_documents",
        "summary": "POST /api/documents example route",
        "description": "Illustrative Spala backend contract route. Not a live API endpoint.",
        "parameters": [],
        "security": [
          {
            "bearerAuth": []
          }
        ],
        "requestBody": {
          "required": false,
          "content": {
            "application/json": {
              "schema": {
                "type": "object",
                "additionalProperties": true
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Example successful response.",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true
                }
              }
            }
          },
          "400": {
            "description": "Validation or request error."
          },
          "401": {
            "description": "Authentication required when the route is protected."
          },
          "403": {
            "description": "Authenticated user does not have access to this resource."
          },
          "404": {
            "description": "Resource not found."
          }
        }
      }
    },
    "/api/invoices": {
      "get": {
        "operationId": "get_invoices",
        "summary": "GET /api/invoices example route",
        "description": "Illustrative Spala backend contract route. Not a live API endpoint.",
        "parameters": [],
        "security": [
          {
            "bearerAuth": []
          }
        ],
        "responses": {
          "200": {
            "description": "Example successful response.",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "additionalProperties": true
                }
              }
            }
          },
          "400": {
            "description": "Validation or request error."
          },
          "401": {
            "description": "Authentication required when the route is protected."
          },
          "403": {
            "description": "Authenticated user does not have access to this resource."
          },
          "404": {
            "description": "Resource not found."
          }
        }
      }
    }
  },
  "components": {
    "securitySchemes": {
      "bearerAuth": {
        "type": "http",
        "scheme": "bearer",
        "bearerFormat": "JWT"
      }
    }
  },
  "x-spala-example-boundary": "Illustrative public example only. Not a live customer API, not Spala source code, and not private platform architecture.",
  "x-spala-frontend-handoff": "Frontend receives base API URL, OpenAPI/Markdown docs, auth routes, token handling, CORS origin, upload route, and publish state."
}