You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CREATE POLICY tenant_isolation ON persons
USING (tenant_id = current_setting('app.tenant_id')::uuid);
API Endpoints
Authentication
Method
Endpoint
Description
POST
/api/v1/auth/register
Register new tenant with first user
POST
/api/v1/auth/login
Authenticate and receive tokens
POST
/api/v1/auth/refresh
Refresh access token
POST
/api/v1/auth/logout
Invalidate session
GET
/api/v1/auth/me
Get current user info
GET
/api/v1/auth/verify-email/:token
Verify email address
POST
/api/v1/auth/resend-verification
Resend verification email
GET
/api/v1/auth/oauth/google
Initiate Google OAuth
GET
/api/v1/auth/oauth/google/callback
Google OAuth callback
GET
/api/v1/auth/oauth/apple
Initiate Apple OAuth
GET
/api/v1/auth/oauth/apple/callback
Apple OAuth callback
Persons (CRM)
Method
Endpoint
Description
GET
/api/v1/persons
List persons with filtering
POST
/api/v1/persons
Create new person
GET
/api/v1/persons/:id
Get person by ID
PATCH
/api/v1/persons/:id
Update person
DELETE
/api/v1/persons/:id
Soft delete person
POST
/api/v1/persons/:id/convert
Convert lead to contact
POST
/api/v1/persons/:id/tags
Add tag to person
DELETE
/api/v1/persons/:id/tags
Remove tag
GET
/api/v1/persons/search
Search persons
Companies
Method
Endpoint
Description
GET
/api/v1/companies
List companies
POST
/api/v1/companies
Create company
GET
/api/v1/companies/:id
Get company
PATCH
/api/v1/companies/:id
Update company
DELETE
/api/v1/companies/:id
Delete company
Deals & Pipelines
Method
Endpoint
Description
GET
/api/v1/deals
List deals
POST
/api/v1/deals
Create deal
GET
/api/v1/deals/kanban
Kanban board view
GET
/api/v1/deals/:id
Get deal
PATCH
/api/v1/deals/:id
Update deal
DELETE
/api/v1/deals/:id
Delete deal
PATCH
/api/v1/deals/:id/stage
Move to stage
POST
/api/v1/deals/:id/win
Close as won
POST
/api/v1/deals/:id/lose
Close as lost
Pipelines
Method
Endpoint
Description
GET
/api/v1/pipelines
List pipelines
POST
/api/v1/pipelines
Create pipeline
GET
/api/v1/pipelines/:id
Get pipeline
PATCH
/api/v1/pipelines/:id
Update pipeline
DELETE
/api/v1/pipelines/:id
Delete pipeline
GET
/api/v1/pipelines/:id/stages
List stages
POST
/api/v1/pipelines/:id/stages
Create stage
PATCH
/api/v1/pipelines/:id/stages/reorder
Reorder stages
PATCH
/api/v1/pipelines/:id/stages/:stage_id
Update stage
DELETE
/api/v1/pipelines/:id/stages/:stage_id
Delete stage
Activities
Method
Endpoint
Description
GET
/api/v1/activities
List activities
POST
/api/v1/activities
Create activity
GET
/api/v1/activities/:id
Get activity
PATCH
/api/v1/activities/:id
Update activity
POST
/api/v1/activities/:id/complete
Mark complete
POST
/api/v1/activities/:id/uncomplete
Unmark complete
DELETE
/api/v1/activities/:id
Delete activity
GET
/api/v1/timeline
Entity timeline
Products
Method
Endpoint
Description
GET
/api/v1/products
List products
POST
/api/v1/products
Create product
GET
/api/v1/products/:id
Get product
PATCH
/api/v1/products/:id
Update product
DELETE
/api/v1/products/:id
Delete product
Users & Teams
Method
Endpoint
Description
GET
/api/v1/users
List users
GET
/api/v1/users/:id
Get user
PATCH
/api/v1/users/:id
Update user
PUT
/api/v1/users/:id/roles
Assign roles
GET
/api/v1/teams
List teams
POST
/api/v1/teams
Create team
GET
/api/v1/teams/:id
Get team
PATCH
/api/v1/teams/:id
Update team
DELETE
/api/v1/teams/:id
Delete team
GET
/api/v1/teams/:id/members
List members
POST
/api/v1/teams/:id/members
Add member
DELETE
/api/v1/teams/:id/members/:user_id
Remove member
POST
/api/v1/teams/:id/lead/:user_id
Set team lead
Notifications
Method
Endpoint
Description
GET
/api/v1/notifications
List notifications
GET
/api/v1/notifications/count
Unread count
GET
/api/v1/notifications/:id
Get notification
POST
/api/v1/notifications/:id/read
Mark as read
POST
/api/v1/notifications/read-all
Mark all as read
DELETE
/api/v1/notifications/:id
Delete notification
Invitations
Method
Endpoint
Description
GET
/api/v1/invitations
List invitations
POST
/api/v1/invitations
Send invitation
DELETE
/api/v1/invitations/:id
Cancel invitation
GET
/api/v1/invitations/:token/validate
Validate token
Audit Logs
Method
Endpoint
Description
GET
/api/v1/audit-logs
List audit logs with filtering
GET
/api/v1/audit-logs/:id
Get audit log by ID
Settings & Uploads
Method
Endpoint
Description
GET
/api/v1/settings
Get settings
PATCH
/api/v1/settings
Update settings
POST
/api/v1/upload/avatar
Upload avatar
POST
/api/v1/upload/avatar/confirm
Confirm avatar
GET
/api/v1/avatar/:user_id
Get user avatar
POST
/api/v1/upload/branding/presigned
Get presigned URL
POST
/api/v1/upload/branding/confirm
Confirm branding
Planned Endpoints (Not Yet Implemented)
Feature
Status
Description
Custom Fields API
Pending
CRUD for custom field definitions
Automation API
Pending
CRUD for automation rules
Deal Line Items API
Pending
Products on deals
Quick Start
Prerequisites
Go 1.24 or later
PostgreSQL 16+
Make
Node.js 20+ (for frontend)
Installation
# Clone the repository
git clone https://github.com/oscar/oscar.git
cd oscar
# Install Go dependencies
go mod download
# Copy environment file
cp .env.example .env
# Edit .env with your database credentials
Database Setup
# Apply migrations
make migrate/up
# Seed initial data (optional)
make seed
Run Development Server
# Start backend
go run ./cmd/server
# Or use make
make dev
# In another terminal, start frontendcd web && npm install && npm run dev
The backend starts on http://localhost:8080
The frontend starts on http://localhost:4321
Run Tests
make test# Or directly
go test ./...
Configuration
Environment variables (see .env.example):
Variable
Description
Default
APP_SECRET
Paseto signing secret
-
APP_HOST
Server host
0.0.0.0
APP_PORT
Server port
8080
DATABASE_URL
PostgreSQL connection string
-
AWS_ACCESS_KEY_ID
S3 access key
-
AWS_SECRET_ACCESS_KEY
S3 secret key
-
AWS_REGION
S3 region
us-east-1
AWS_S3_BUCKET
S3 bucket name
-
GOOGLE_CLIENT_ID
Google OAuth client ID
-
GOOGLE_CLIENT_SECRET
Google OAuth secret
-
APPLE_CLIENT_ID
Apple OAuth client ID
-
APPLE_TEAM_ID
Apple team ID
-
APPLE_KEY_ID
Apple key ID
-
APPLE_PRIVATE_KEY
Apple private key path
-
Authentication Flow
Register: POST /auth/register creates tenant + user
Login: POST /auth/login returns access + refresh tokens
Authenticate: Include Authorization: Bearer <token> header
Refresh: POST /auth/refresh with refresh token
OAuth: Use /auth/oauth/{provider} to initiate OAuth flow
Development
Generate SQL Code
# Generate repository code from SQL
make generate
# Watch mode for development
make generate-watch
Create Migration
make migrate/create name=add_new_column
Code Quality
# Run linter
make lint
# Format code
make fmt
# Vet code
go vet ./...
Testing
Tests use the testify framework:
# Run all tests
go test ./...
# Run with coverage
go test -cover ./...
# Run specific package
go test ./internal/domain/person/...