`GET /api/notifications/board` — one server-paginated, filtered + sorted page of the caller's notifications plus the total + the facet chips.
const url = 'https://example.com/api/notifications/board';const options = {method: 'GET', headers: {cookie: 'supacloud_session=<supacloud_session>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://example.com/api/notifications/board \ --cookie supacloud_session=<supacloud_session>Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Query Parameters
Section titled “Query Parameters”Free-text search over the title + body.
kind filter chip.
Restrict to unread notifications (default false — the whole inbox).
Whitelisted sort column: created_at | read_at. Default created_at.
asc | desc (default desc).
Recompute the facet chips (default true). The board sends false on a
page/sort change since the chip counts are user-wide.
Responses
Section titled “Responses”One page of notifications.
GET /api/notifications/board body — one page of notifications + total +
facet chips.
object
The user-wide facet chips for the notifications board.
object
Counts per kind.
One filter-chip value and its count. Counts are workspace-wide (independent of the active filter — the chip totals do not shift as the user filters).
object
How many rows fall in this bucket.
The bucket value (e.g. a scope, a role, a framework).
Read notification count.
Unread notification count.
Typed projection of one user_notifications row (the UserNotification
persistence model has no ToSchema derive). Mirrors its wire shape one-to-one;
the handler builds it from the full model so the compiler enforces the match.
The nullable-but-always-present columns (user_id/email/body/read_at) carry
#[schema(required)] (mirroring the admin.rs MeResponse/PendingUserView
pattern) so the generated frontend zod keeps them required-yet-nullable rather than
optional.
object
Body text; null for notifications carrying only a title.
Context JSON (never includes raw tokens) — an open map.
object
Email address; set for unregistered invitees; null for registered users.
When the notification was read; null while unread.
FK to the recipient user; null for a pre-registration email-only target.
Examplegenerated
{ "facets": { "by_kind": [ { "count": 1, "value": "example" } ], "read": 1, "unread": 1 }, "items": [ { "body": "example", "created_at": "2026-04-15T12:00:00Z", "data": { "additionalProperty": "example" }, "email": "example", "id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "kind": "example", "organization_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "read_at": "2026-04-15T12:00:00Z", "title": "example", "user_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0" } ], "total": 1}Structured client error
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Authentication required
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Structured server error
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}