# SA-2 API Gap Analysis **Generated:** 2026-05-05T06:25:39.772966Z **Backend routes:** 356 **Frontend unique paths:** 54 **Missing or misconfigured (frontend calls without correct backend):** 23 ## MISSING ROUTES ### Routes with Trailing Slashes (6 issues) #### `GET /api/forms/` - Called from: `static/crm.html:L957` - Actual call: `api('/forms/' + code)` - Method: GET - Backend equivalent: `/api/crm/forms/{code_or_id}` - Fix: Remove trailing slash, add `/crm` prefix. Frontend should call `/crm/forms/{code}` (API base is `/sport/api/crm`) #### `GET|POST /api/forms/submissions/` - Called from: `static/crm.html:L1039`, `static/crm.html:L1087`, `static/crm.html:L1126`, `static/crm.html:L1135`, `static/crm.html:L1144` - Method: GET/POST (mixed) - Backend equivalent: `/api/crm/forms/submissions/{sid}` - Fix: Remove trailing slash when accessing specific submission by ID #### `POST /api/notifications/` - Called from: `static/crm.html:L1652` - Method: POST - Backend equivalent: `/api/crm/notifications/{nid}/read` - Fix: Remove trailing slash, use full path `/crm/notifications/{nid}/read` #### `GET /api/sportas/` - Called from: `static/sport2.html:L1582`, `static/sport2_new.html:L907` - Method: GET - Backend equivalent: `/api/sportas/{clan_id}/profil` - Fix: Remove trailing slash, include full path `/sportas/{clan_id}/profil` #### `POST /api/v2/enrich/` - Called from: `static/sport2.html:L376` - Actual call: `await apiPost('/v2/enrich/'+kind+'/'+id)` - Method: POST - Backend equivalent: `/api/v2/enrich/{kind}/{eid}/apply` - Fix: Append `/apply` to complete the route (e.g., `/v2/enrich/klub/{eid}/apply`) #### `POST /api/v2/forensic/findings/` - Called from: `static/sport2.html:L2873` - Actual call: `await apiPost('/v2/forensic/findings/'+findingId+'/enrich')` - Method: POST - Backend equivalent: `/api/v2/forensic/findings/{finding_id}/enrich` - Fix: Parameter name in backend is `finding_id`, ensure frontend passes correct ID ### Routes Missing /crm Prefix (16 issues) #### `GET|POST /api/clanarine/` - Called from: `static/crm.html:L503`, `static/crm.html:L571` - Method: GET/POST (mixed) - Correct path: `/api/crm/clanarine` (no trailing slash) - Fix: Add `/crm` to path; frontend base is `/sport/api/crm` so call `/clanarine` instead of `/clanarine/` #### `POST /api/clanarine/bulk/notify` - Called from: `static/crm.html:L417` - Method: POST - Correct path: `/api/crm/clanarine/bulk/notify` - Fix: Add `/crm` prefix; frontend base is `/sport/api/crm` so call `/clanarine/bulk/notify` #### `POST /api/clanarine/bulk/uplatnice` - Called from: `static/crm.html:L456` - Method: POST - Correct path: `/api/crm/clanarine/bulk/uplatnice` - Fix: Add `/crm` prefix #### `POST /api/clanarine/notify-bulk` - Called from: `static/crm.html:L631` - Method: POST - Correct path: `/api/crm/clanarine/notify-bulk` - Fix: Add `/crm` prefix #### `GET|POST /api/email-templates` - Called from: `static/crm.html:L1675`, `static/crm.html:L1824` - Method: GET/POST (mixed) - Correct path: `/api/crm/email-templates` - Fix: Add `/crm` prefix #### `GET /api/forms` - Called from: `static/crm.html:L900`, `static/crm.html:L1846` - Method: GET - Correct path: `/api/crm/forms` - Fix: Add `/crm` prefix #### `GET|POST /api/forms/submissions` - Called from: `static/crm.html:L901`, `static/crm.html:L1035`, `static/crm.html:L1053` - Method: GET/POST (mixed) - Correct path: `/api/crm/forms/submissions` - Fix: Add `/crm` prefix #### `GET /api/klubovi/` - Called from: `static/app.html:L508`, `static/sport2.html:L1294`, `static/sport2_new.html:L702` - Method: GET - Correct path: `/api/klubovi` (no trailing slash) - Fix: Remove trailing slash (frontend base is `/sport/api` so path becomes `/sport/api/klubovi` → `/api/klubovi` after nginx rewrite) #### `GET|POST /api/lijecnicki/` - Called from: `static/crm.html:L794`, `static/crm.html:L808` - Method: GET/POST (mixed) - Correct path: `/api/crm/lijecnicki` (no trailing slash) - Fix: Add `/crm` prefix, remove trailing slash #### `POST /api/lijecnicki/notify-scan` - Called from: `static/crm.html:L1644` - Method: POST - Correct path: `/api/crm/lijecnicki/notify-scan` - Fix: Add `/crm` prefix #### `GET /api/notifications` - Called from: `static/crm.html:L1591`, `static/crm.html:L1848` - Method: GET - Correct path: `/api/crm/notifications` - Fix: Add `/crm` prefix #### `POST /api/notifications/mark-all-read` - Called from: `static/crm.html:L1661` - Method: POST - Correct path: `/api/crm/notifications/mark-all-read` - Fix: Add `/crm` prefix #### `GET /api/savezi/` - Called from: `static/app.html:L488`, `static/sport2.html:L1146`, `static/sport2_new.html:L558` - Method: GET - Correct path: `/api/savezi` (no trailing slash) - Fix: Remove trailing slash (frontend base is `/sport/api` so path becomes `/sport/api/savezi` → `/api/savezi` after nginx rewrite) #### `GET /api/stats` - Called from: `static/crm.html:L1517` - Method: GET - Correct path: `/api/crm/stats` - Fix: Add `/crm` prefix #### `GET /api/zzjz/info` - Called from: `static/crm.html:L721` - Method: GET - Correct path: `/api/crm/zzjz/info` - Fix: Add `/crm` prefix #### `GET /api/zzjz/termini` - Called from: `static/crm.html:L722` - Method: GET - Correct path: `/api/crm/zzjz/termini` - Fix: Add `/crm` prefix ### Parameter Mismatch (1 issue) #### `POST /api/crm/notifications/{nid}/read` - Called from: `static/app.html:L1310` - Issue: Frontend passes `{n.id}` but backend expects `{nid}` - Fix: Update template variable in frontend to match backend parameter name, or update backend to accept `id` instead of `nid` ## SUMMARY TABLE | Category | Count | |---|---:| | Total unique frontend paths checked | 54 | | Successfully matched to backend | 31 | | Missing routes with issues | 23 | | - Trailing slash issues | 6 | | - Missing /crm prefix | 16 | | - Parameter mismatches | 1 | | **Total call locations with problems** | **39** | ## ROOT CAUSE ANALYSIS 1. **Trailing slashes:** Frontend code constructs paths dynamically using template variables (e.g., `/api/forms/` + code), but leaves trailing slash in base path 2. **Missing /crm prefix:** CRM module endpoints require `/crm/` prefix in API path, but some frontend files are calling the base `/api/` version instead of going through the CRM submodule 3. **Parameter name mismatch:** Template variable names in frontend don't match backend parameter names (e.g., `{n.id}` vs `{nid}`) ## RECOMMENDATIONS 1. Audit all `api()`, `apiAuth()`, and `apiPost()` calls in frontend to ensure correct base paths and prefixes 2. Review nginx rewrite rules to confirm `/sport/api/crm/*` → `/api/crm/*` mapping 3. Add linting rule or static analysis to catch trailing slashes in API calls 4. Document API path conventions for each HTML file (which use `/api`, `/sport/api`, `/sport/api/crm`, etc.) 5. Consider normalizing frontend API call helpers to automatically handle path prefixes consistently --- **Generated by SA-2 API Gap Analysis Agent**