Orçamentos.

Fixando Quotes API

HTTP contract between Fixando (the marketplace) and the external Quotes service.

Fixando → Quotes

Endpoints exposed by Fixando and consumed by the Quotes service.

POSThttps://api.fixando.com/oauth/validate-token

Validates the SSO token and returns Pro data.

GEThttps://api.fixando.com/users/:id/premium-status

Premium status and validity.

GEThttps://api.fixando.com/pedidos/:id

Full Request data (Client, category, service, location).

POSThttps://api.fixando.com/pedidos/:id/events

Adds an event to the Request timeline (quote_sent, quote_opened, …).

POSThttps://api.fixando.com/notifications/send

Notifies the Client when direct contact is not allowed.

Quotes (this service)

Authenticated endpoints exposed by the Quotes service.

POST/auth/fixando-token

Exchanges a Fixando token for a local JWT session.

GET/premium/status

Confirms the authenticated user's Premium eligibility.

POST/quotes/from-pedido

Creates a draft pre-filled with Request data.

{ "pedido_id": "12345" }
POST/quotes

Creates a quote with items, VAT and expiry.

POST/quotes/:id/pdf

Generates the PDF and a QR-coded verification URL.

POST/quotes/:id/send

Sends by email or via Fixando notifications.

POST/quotes/:id/whatsapp

Returns a WhatsApp share URL.

Public pages (Client)

Endpoints called by the /q/:token page (no auth, long random token).

GET/api/public/quote/:token

Public quote view. Records quote_opened on first open.

POST/api/public/quote/:token/approve

Marks as approved and records the event.

POST/api/public/quote/:token/reject

Marks as rejected.

POST/api/public/quote/:token/request-changes

Records a change request with the Client's message.

Webhooks

Asynchronous communication between the two systems. Every request is signed with HMAC-SHA256 in the X-Fixando-Signature header over the raw body.

POST/api/public/webhooks/fixando-emit

Mock of the Fixando endpoint that receives quote lifecycle events (quote_sent, quote_opened, quote_approved, quote_rejected, quote_changes_requested) and adds them to the Request timeline.

POST /api/public/webhooks/fixando-emit
X-Fixando-Signature: sha256=<hex>
X-Fixando-Event: quote_approved

{
  "type": "quote_approved",
  "occurred_at": "2025-04-24T10:00:00.000Z",
  "fixando_user_id": "fx_abc123",
  "fixando_pedido_id": "12345",
  "quote_id": "uuid",
  "metadata": {}
}
POST/api/public/webhooks/premium-updated

Webhook received from Fixando when a Pro's Premium status changes (renewal, expiry, downgrade). Updates the local profile immediately.

POST /api/public/webhooks/premium-updated
X-Fixando-Signature: sha256=<hex>

{
  "fixando_user_id": "fx_abc123",
  "premium_status": "active",
  "premium_valid_until": "2026-04-24T00:00:00.000Z"
}
POST/api/public/webhooks/notify-sent

Internal bridge: the authenticated UI calls this endpoint after marking a quote as sent; the server signs and emits the quote_sent event to Fixando.

{ "token": "<public_token>" }

Premium checkout (Fixando mock)

Premium subscription flow. The /premium page calls /api/public/fixando/checkout (with the Pro's Bearer token). The server simulates Fixando billing and fires the signed premium-updated webhook back — the same path that would exist in production.

POST/api/public/fixando/checkout

Mock of the Fixando billing endpoint. Receives { plan: 'monthly' | 'yearly' | 'lifetime' }, simulates the charge and returns the new premium_valid_until. Plans have fixed prices (€19, €149, €499). Renewals extend from the current expiry when still valid.

POST /api/public/fixando/checkout
Authorization: Bearer <supabase-access-token>

{ "plan": "yearly" }

→ {
  "ok": true,
  "plan": "yearly",
  "plan_label": "Yearly Premium",
  "price_eur": 149,
  "premium_status": "active",
  "premium_valid_until": "2027-04-24T...",
  "checkout_id": "chk_..."
}