Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Jason-AML/MonzaSport-Nextjs/llms.txt

Use this file to discover all available pages before exploring further.

Monza Motors handles all server-side logic through Next.js Route Handlers located in src/app/api/. There are two routes — both accept POST requests and both require an authenticated Supabase session before performing any work. These handlers are invoked exclusively by the Monza Motors frontend; they are not a public API surface.

POST /api/chat

AI-powered vehicle catalog assistant powered by Groq’s LLaMA-3.3-70b model. Accepts a user message, fetches catalog context, and persists the AI reply to Supabase.

POST /api/checkout

Creates a Stripe Checkout session for a vehicle purchase. Validates the authenticated user, loads vehicle data, and returns the Stripe session for client-side redirect.

Authentication

Both routes enforce authentication before any business logic executes.
  • /api/chat — The route trusts the user_id sent in the request body to scope message history. It instantiates a Supabase client with SUPABASE_SERVICE_ROLE_KEY, which grants privileged database access for reading the messages table and inserting AI replies without being gated by Row Level Security.
  • /api/checkout — The route calls getUser() using the server-side Supabase client, which reads the session from the request cookie. If no valid session is found, the route immediately returns a 401 Unauthorized response before touching Stripe or the database.

Error Handling

Both routes wrap their entire logic in a try/catch block and return a consistent JSON error shape on failure.
StatusBodyTrigger
401 Unauthorized{ "error": "Unauthorized" }/api/checkout only — user not signed in
500 Internal Server Error{ "error": "<message>" }Any unhandled exception in either route
Errors are also written to the server console via console.error for observability in Vercel Function logs.
These are internal routes — they are not a public API. They are called only by the Monza Motors frontend and rely on shared environment variables (SUPABASE_SERVICE_ROLE_KEY, NEXT_STRIPE_SECRET_KEY) that are never exposed to the browser. Do not call these endpoints from third-party services or external scripts.

Build docs developers (and LLMs) love