HomecareHQ’s public REST API is being finalized. This section documents the concepts and
contracts that are stable today — authentication, multi-tenancy, and the catalog of domain
events. A generated endpoint reference (from an OpenAPI specification) will be added here once
the public API surface is published.
Core concepts
Authentication & tenancy
How requests are authenticated and scoped to a single organization.
Events
The domain events HomecareHQ emits and their naming contract.
Principles
- Multi-tenant by default. Every request acts within exactly one organization; data is isolated by row-level security and never crosses tenants.
- Permissions enforced server-side. Authorization is enforced by the server, not by the client. A token only grants what its holder is permitted to do.
- Assist, not automate. Actions that change a connected system are proposed and, where configured, gated on human approval — not executed silently.
Building an integration and need early access to the API? Contact the HomecareHQ team.