Complete reference for all TerraFerma API endpoints. The platform exposes 67 API routes organized into domain-specific groups.
- Authentication
- Health & Status
- ARPAE Data Pipeline
- Alerts
- Billing
- Compliance
- Insurance
- Municipal & Emergency
- Prediction & Intelligence
- Portfolio & Financial
- Sensors & Watershed
- Data Exchange & Evidence
- Platform Services
- Push Notifications
- Versioned API (v1)
All authenticated endpoints require a valid session. The v1 API endpoints use API key authentication via the authorize middleware.
Create a new user account.
Request Body:
{
"email": "user@example.com",
"password": "securePassword123",
"name": "Mario Rossi"
}Response: 201 Created
{
"user": { "id": "usr-...", "email": "user@example.com", "name": "Mario Rossi" },
"session": { "token": "..." }
}Authenticate and create a session.
Request Body:
{
"email": "user@example.com",
"password": "securePassword123"
}Response: 200 OK
{
"user": { "id": "usr-...", "email": "...", "role": "admin" },
"session": { "token": "...", "expiresAt": "..." }
}Get the current authenticated session.
Response: 200 OK
{
"user": { "id": "usr-...", "email": "...", "role": "...", "organizationId": "..." },
"authenticated": true
}System health check. Returns database and bus status.
Response: 200 OK
{
"status": "ok",
"checks": {
"database": { "status": "ok", "message": "Database reachable" },
"bus": { "status": "ok", "message": "Bus operational", "details": { "totalPublished": 42, "errors": 0 } }
},
"version": "0.1.0",
"uptime": 3600.5,
"timestamp": "2026-05-13T09:30:00.000Z"
}Status Codes:
200— Healthy (okordegraded)503— Unhealthy
Get error and performance statistics from the Sentry buffer.
Response: 200 OK
{
"errors": { "total": 5, "byModule": { "bus": 2, "arpae": 3 }, "bySeverity": { "error": 5 } },
"performance": { "totalRequests": 150, "avgDurationMs": 45, "p95DurationMs": 120, "errorRate": 0.02 },
"recentErrors": [...]
}List all monitored hydrometric stations.
Response: 200 OK
{
"stations": [
{
"id": "montone-forli",
"name": "Montone a Forlì",
"river": "Montone",
"basin": "Montone-Rabbi",
"latitude": 44.2225,
"longitude": 12.0408
}
]
}Get current monitoring data including river levels, rainfall, and soil conditions.
Response: 200 OK
{
"snapshot": {
"hydrometric": { "montone-forli": [{ "level": 2.1, "timestamp": "..." }] },
"rainfall": { "montone-forli": { "last24h": 38 } },
"soilSaturation": { "montone-forli": { "percentage": 68 } }
},
"pipelineStatus": {
"lastFetch": "...",
"totalFetches": 96,
"demoMode": false
}
}Server-sent events stream of real-time ARPAE readings.
Response: text/event-stream
- GET — Get pipeline status and statistics
- POST — Trigger a manual pipeline ingestion cycle
Cron endpoint for scheduled ARPAE data fetch. Requires CRON_SECRET authorization.
Headers: Authorization: Bearer <CRON_SECRET>
List all alerts (historical + operational).
Response: 200 OK
{
"alerts": [
{
"id": "preallerta-rabbi-2026-05",
"title": "Preallerta Rabbi in salita verso soglia arancione",
"severity": "moderata",
"status": "attiva",
"date": "13 mag 2026",
"affectedAreas": ["Predappio", "Forlì sud"]
}
]
}- GET — Retrieve alert preferences for the current user
- POST — Update alert preferences (channels, thresholds, stations)
- GET — Get current alert engine state and active rules
- POST — Manually trigger alert evaluation for a station
- GET — List active correlated alerts (multi-signal compound events)
- POST — Submit signals for correlation analysis
Create a Stripe checkout session for subscription upgrade.
Request Body:
{
"tier": "professional",
"organizationId": "org-..."
}Response: 200 OK
{
"url": "https://checkout.stripe.com/...",
"sessionId": "cs_..."
}Create a Stripe customer portal session for subscription management.
Response: 200 OK
{
"url": "https://billing.stripe.com/..."
}Get current subscription and billing status.
Response: 200 OK
{
"tier": "professional",
"status": "active",
"currentPeriodEnd": "2026-06-13T00:00:00Z",
"usage": { "queriesUsed": 42, "queriesLimit": 500 }
}Stripe webhook handler. Processes checkout.session.completed, invoice.paid, customer.subscription.updated, and customer.subscription.deleted events.
Headers: stripe-signature: <webhook_signature>
List compliance tasks for the current user/organization.
Response: 200 OK
{
"tasks": [
{
"id": "task-...",
"title": "Aggiornare piano emergenza",
"category": "emergency_planning",
"priority": "high",
"status": "pending",
"dueDate": "2026-06-01"
}
]
}List regulatory obligations applicable to the organization's properties.
- GET — Get orchestrator configuration and action history
- POST — Execute compliance orchestration (auto-apply changes, create tasks)
Get regulatory change feed and monitoring source status.
- GET — List insurance claims for the organization
- POST — Create a new insurance claim
POST Request Body:
{
"propertyId": "prop-...",
"damageType": "Apparecchiature elettriche",
"estimatedValue": 9200,
"eventDate": "2024-03-14",
"description": "Flood damage to electrical equipment"
}- GET — List parametric insurance policies and triggers
- POST — Create or activate a parametric policy
Generate a comprehensive insurance report for the organization.
Submit a damage report.
Request Body:
{
"site": "Magazzino via Emilia Ovest",
"damageType": "Danno a scorte",
"estimatedValue": 18500,
"eventDate": "2023-05-17",
"notes": "Flood damage to warehouse inventory"
}Get municipal dashboard data including infrastructure assets and citizen communications.
- GET — List evacuation plans and zones
- POST — Create or activate an evacuation plan
Get the flood event feed.
Response: 200 OK
{
"events": [
{
"id": "evt-...",
"title": "Piena del Montone",
"state": "active",
"severity": "warning",
"affectedBasins": ["Montone-Rabbi"],
"detectedAt": "..."
}
]
}Get current flood predictions for all monitored stations.
Response: 200 OK
{
"predictions": [
{
"stationId": "montone-forli",
"stationName": "Montone a Forlì",
"overallRisk": "moderato",
"confidence": 78,
"probability6h": 15,
"probability12h": 32,
"probability24h": 48
}
]
}- GET — List backtest runs and their results
- POST — Create and execute a new backtest run
Get detailed results for a specific backtest run including precision, recall, F1 score, and confusion matrix.
- GET — List cascade simulation results
- POST — Run a new cascade simulation scenario
Compare multiple cascade scenarios side-by-side.
Request Body:
{
"scenarioIds": ["scenario-montone-4.5", "scenario-ronco-3.8"]
}Get role-specific dashboard intelligence data (business, municipal, or insurer view).
Query Parameters:
role—business|municipal|insurer(default:business)
Get portfolio risk summary across all properties.
Get premium pricing information.
Get impact assessment data for recent events.
Get insurer marketplace listings and premium comparisons.
- GET — Get current onboarding state
- POST — Update onboarding progress
Get business continuity plans for the organization.
Get PNRR projects, bandi (calls), and grant applications.
Get IoT device fleet data including readings and alerts.
Get federated sensor network data from partner organizations.
Get watershed topology and cascade alert data.
Get river monitoring records with current levels and trends.
Get data sharing agreements and exchange history.
- GET — List evidence items and packages
- POST — Collect evidence for an event
Get Risk Intelligence Bus status, statistics, and recent event log.
Response: 200 OK
{
"stats": {
"totalPublished": 142,
"totalDelivered": 138,
"totalDropped": 0,
"errors": 4,
"subscriberCount": 20,
"eventTypes": 30,
"logSize": 142
},
"recentEvents": [...]
}- GET — List registered webhooks
- POST — Register a new webhook
POST Request Body:
{
"url": "https://example.com/webhook",
"eventTypes": ["alert.triggered", "prediction.generated"]
}Subscribe a device for web push notifications.
Request Body:
{
"subscription": {
"endpoint": "https://fcm.googleapis.com/...",
"keys": { "p256dh": "...", "auth": "..." }
}
}Unsubscribe a device from push notifications.
Send a push notification (admin only).
The v1 API is the stable, authenticated API surface for external integrations. All v1 endpoints require API key authentication via the authorize middleware.
Authentication:
Authorization: Bearer <API_KEY>
Get the OpenAPI specification for the v1 API.
List alerts with filtering. Authenticated.
Query Parameters:
severity— Filter by severitystatus— Filter by statuslimit— Max results (default: 50)
Perform a risk assessment for an address.
Request Body:
{
"address": "Via Ravegnana 145, Forlì"
}Response: 200 OK
{
"riskScore": 8,
"floodZone": "Fascia B con possibili esondazioni e ristagni rapidi",
"paiStatus": "PAI: compatibile solo con misure di riduzione del danno.",
"historicalEvents": ["16-17 mag 2023 · Alluvione straordinaria in Romagna"],
"summary": "L'indirizzo ricade in un'area che richiede monitoraggio continuo."
}Generate a comprehensive risk report for a property.
Get an embeddable risk card for a given address.
Query Parameters:
address— Property address (required)apiKey— API key for widget authentication
Render an HTML risk widget for embedding.
Get flood predictions for a specific station.
Path Parameters:
stationId— Station identifier (e.g.,montone-forli)
List properties for the authenticated organization.
Get risk details for a specific property.
Run a cascade simulation.
Generate an optimized investment portfolio for resilience.
Look up PAI (Piano Assetto Idrogeologico) classification for an address.
Query Parameters:
address— Address to look uplat/lng— Coordinates (alternative to address)
All endpoints return consistent error responses:
{
"error": "Error description",
"code": "ERROR_CODE",
"details": {}
}Common Status Codes:
| Code | Meaning |
|---|---|
400 |
Bad Request — Invalid parameters |
401 |
Unauthorized — Missing or invalid auth |
403 |
Forbidden — Insufficient permissions |
404 |
Not Found |
429 |
Rate Limited |
500 |
Internal Server Error |
API rate limits are enforced per API key and subscription tier:
| Tier | Rate Limit | Monthly Queries |
|---|---|---|
| Free | 10 req/min | 5 |
| Professional | 60 req/min | 500 |
| Enterprise | 300 req/min | Unlimited |