Eight modules, 634+ versioned endpoints.
OpenAPI 3.1 reference across the FlyttGo platform. Every module addressable via versioned REST; the GraphQL gateway federates across modules where joins span planes. OAuth 2.1, signed webhooks, idempotency keys, full audit envelope.
- AP.TRv1.14 · 86 endpoints
Transify
Mobility infrastructure — orders, providers, routing, capacity, audit log.
POST/ordersCreate a routed orderhttps://api.flyttgo.tech/v1/transify - AP.WKv1.09 · 64 endpoints
Workverge
Workforce coordination — shifts, tasks, dispatch, presence, payroll hooks.
POST/shiftsSchedule a shifthttps://api.flyttgo.tech/v1/workverge - AP.CVv1.18 · 112 endpoints
Civitas
Government services — citizen accounts, applications, fee collection, audit.
POST/applicationsSubmit a service applicationhttps://api.flyttgo.tech/v1/civitas - AP.EDv1.11 · 71 endpoints
EduPro
Education intelligence — students, cohorts, credentials, learning analytics.
GET/credentials/{id}Fetch a verifiable credentialhttps://api.flyttgo.tech/v1/edupro - AP.IDv1.22 · 58 endpoints
Identra
Identity & auth — OIDC, SAML 2.0, eIDAS LoA, MFA, qualified signature.
POST/auth/qualified-signatureRequest a qualified signaturehttps://api.flyttgo.tech/v1/identra - AP.PVv1.19 · 94 endpoints
Payvera
Payment orchestration — PSD2 SCA, SEPA, national rails, escrow, settlement.
POST/payments/intentsCreate a payment intenthttps://api.flyttgo.tech/v1/payvera - AP.LDv1.06 · 47 endpoints
Ledgera
Financial operations — ledger postings, reconciliation, audit trail, exports.
POST/ledger/postingsPost a double-entry transactionhttps://api.flyttgo.tech/v1/ledgera - AP.MPv1.07 · 102 endpoints
FlyttGo Marketplace
Marketplace OS — provider routing, trust, pricing intelligence, dispute resolution.
POST/disputesOpen a dispute case filehttps://api.flyttgo.tech/v1/marketplace
Same contract on every endpoint.
- AP.PR.01
OpenAPI 3.1 across every module
Every endpoint is described in OpenAPI 3.1. Specs are generated per release and shipped alongside the code that implements them — no drift between docs and runtime.
- AP.PR.02
OAuth 2.1 + signed-key auth
Workspace-scoped access tokens via OAuth 2.1 (PKCE for public clients). Sigstore-signed long-lived API keys for server-to-server. mTLS available for sovereign tenants.
- AP.PR.03
Webhooks signed with HMAC-SHA256
Every event signed with HMAC-SHA256 + timestamp; replays rejected outside a 5-minute window. Per-tenant signing keys, rotatable in one call. Receipts are idempotent.
- AP.PR.04
Idempotency keys + audit envelope
POST endpoints take an Idempotency-Key header — the same payload applied twice yields the same result. Every mutation enters the same JSONB before/after audit envelope.
Authenticate, post a payload, audit the response.
Three calls to wire a sandbox tenant. Replace {TOKEN} with a workspace token from the developer portal. Every call returns an x-flyttgo-audit-id header.
# 1. Verify token + workspace
curl https://api.flyttgo.tech/v1/me \
-H "Authorization: Bearer {TOKEN}"
# 2. Create a routed order (idempotent)
curl https://api.flyttgo.tech/v1/transify/orders \
-H "Authorization: Bearer {TOKEN}" \
-H "Idempotency-Key: ord_$(uuidgen)" \
-H "Content-Type: application/json" \
-d '{
"origin": { "lat": 59.91, "lon": 10.75 },
"destination": { "lat": 59.33, "lon": 18.07 },
"service": "express",
"constraints": { "cabotage": false }
}'
# 3. Subscribe to order events (HMAC-signed webhook)
curl https://api.flyttgo.tech/v1/webhooks \
-H "Authorization: Bearer {TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"url": "https://yourapp.example.com/hooks/transify",
"events": ["order.created", "order.routed", "order.completed"]
}'