The WayFy API is a RESTful HTTP API built with Python Flask, designed for developers integrating with or extending the WayFy accessibility-focused travel platform. Whether you’re building a third-party client, automating trip planning workflows, or extending WayFy’s core feature set, every capability — from user management and AI-powered map chat to accessibility photo submissions — is exposed through a consistent, JSON-based interface secured with JWT Bearer token authentication.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/jhonyes04/new-wayfy/llms.txt
Use this file to discover all available pages before exploring further.
Base URL
The API server runs locally on port 3001. In deployed environments, the base URL is configured via theVITE_BACKEND_URL environment variable on the frontend. All routes are mounted under the /api prefix.
Route Prefixes
All WayFy API endpoints are grouped into six blueprints, each serving a distinct area of the platform:| Prefix | Purpose |
|---|---|
/api/users | User registration, login, profile management, and avatar uploads |
/api/ai | AI-powered map chat (MapGPT), geocoding, and point-of-interest search |
/api/accessibility | Accessibility feature submissions, ratings, and photo uploads |
/api/trips | Trip creation, management, itinerary building, and cover images |
/api/places | Community place submissions and bounding-box map queries |
/api/utils | Open Graph image extraction and Google Places photo enrichment |
Authentication
All protected endpoints require a JWT Bearer token in theAuthorization header. Tokens are issued at login or registration and expire after a configurable period (default: 1 hour). See the Authentication page for the full token flow.
Error Responses
WayFy uses a consistent error envelope across all endpoints. Errors are raised via the internalAPIException class (defined in api/utils.py) and caught globally in app.py. Every error response is a JSON object with an appropriate HTTP status code.
Depending on the origin of the error, the key will be either message (application-level exceptions raised via APIException) or msg (controller-level errors and JWT/auth library errors):
| Status | Meaning |
|---|---|
200 | Success |
201 | Resource created |
400 | Bad request — missing or invalid fields |
401 | Unauthorized — missing, invalid, or expired token |
403 | Forbidden — insufficient permissions |
404 | Resource not found |
429 | Too many requests — rate limit exceeded |
500 | Internal server error |
Rate Limits
Rate limiting is applied via Flask-Limiter on endpoints that perform expensive operations such as AI inference and geocoding. Limits are enforced per client IP address.| Endpoint | Method | Limit |
|---|---|---|
/api/ai/mapgpt | POST | 20 requests / minute |
/api/ai/geocode | GET | 30 requests / minute |
/api/ai/geocode-poi | GET | 30 requests / minute |
/api/utils/og-image | GET | 60 requests / minute |
/api/utils/google-photo | GET | 60 requests / minute |
429 Too Many Requests. Build retry logic with exponential backoff in any client that calls the AI or geocoding endpoints heavily.
Rate limits apply per IP address. If you’re running automated tests or batch jobs, be mindful of the 20 req/min cap on
/api/ai/mapgpt in particular — it is the most restrictive limit in the API.CORS Configuration
Cross-Origin Resource Sharing is configured on the WayFy backend via theCORS_ALLOWED_ORIGINS environment variable. Provide a comma-separated list of allowed origins:
http://localhost:5173 (or whichever port Vite uses) is present in the list.
Static Asset Endpoints
The following endpoints serve binary files (images). The avatar endpoint requires authentication; cover images and accessibility photos are publicly accessible without a token.| Endpoint | Asset Type | Auth Required |
|---|---|---|
GET /api/users/avatar/<filename> | User profile avatar images | Yes |
GET /api/accessibility/photos/<filename> | Accessibility feature photos | No |
GET /api/trips/cover/<filename> | Trip cover images | No |
Filenames for static assets are returned as part of the respective resource objects (e.g., the
avatar field on a user object returns the full path /api/users/avatar/<filename>). Use the path directly as the src for <img> tags.Authenticated Request Example
Here is a completecurl example of a request to a protected WayFy endpoint, including the Authorization header and Content-Type:
Endpoint Groups
Users
Register accounts, log in, manage profiles, and upload avatars.
Trips
Create and manage trips, build itineraries, and upload cover images.
Accessibility
Submit and retrieve accessibility features, ratings, and photos.
Places
Submit community place pins and query the map by bounding box.
AI
Use MapGPT for conversational map queries and geocode addresses or POIs.
Utils
Fetch Open Graph preview images and Google Places photos for place cards.