Returns service status. Use to verify the API is running.

Returns all organisations registered on the platform with name, subdomain, and branding.

Returns app instances (activities) for organisations. Each activity links an app to an organisation.

Check if a Django user account exists for the given email address.

Exchange a Google ID token (from native Google Sign-In) for an opaque bearer session token. The token is returned alongside the member's profile and organisation.

Exchange an Apple identity token (from ASAuthorizationAppleIDCredential) for a bearer session token. Audience must match the app's bundle ID.

Redirects the browser to Apple's authorize URL. Used by WordPress plugins to initiate Sign in with Apple. Apple POSTs back to the callback endpoint.

Receives Apple's form_post callback with an authorization code + state. Exchanges the code for tokens, verifies the ID token, finds the member, and redirects back to the return_to URL with a signed payload (ok, email, expires, sig). If the member is not found, ok=false and apple_sub is included for linking.

For Hide-My-Email Apple users whose relay email doesn't match a membership. Sends a verification email to the provided club email. The email contains a signed link that binds the Apple subject to the membership.

Consumes a signed link token from email, binds apple_subject to the membership, and redirects back to the WP site with ok=true.

Returns all active members with name, email, mobile, member type, access role, and organisation.

Checks if an email belongs to an active member. Used by WordPress plugins to gate content behind Google SSO.

Returns all active member groups for the organisation.

Returns members of a group for a given year, including ongoing (year-less) memberships. Includes role_label for each member.

Returns group members enriched with their position assignments. Members are derived from both explicit MemberGroupMembership and PositionAssignments where the position is scoped to this group. Sorted by position display_order. Also returns all OrgYears for a year picker.

Returns every active group for the organisation, each with its members and positions for the given year. Groups sorted by display_order; members within each group sorted by position display_order then last name. Designed for committee overview pages.

Returns all positions for the organisation with their current holders. Designed for 'Meet the Team' displays. Positions are ordered by display_order.

Returns notices currently within their visibility window. Includes title, description, event date/time, price, contact details, and access level.

Returns a QR code PNG image encoding the notice's website URL.

Fetches and parses the ICS feed configured for the given activity. Returns events with name, start, end, location, description, and access level.

Returns published events with date, time, location, description, website, QR code URL, and access level.

Returns a QR code PNG image encoding the event's website URL.

Returns the next upcoming breakfast event with title, date, time, and location.

Submit a breakfast choice for an event. Validates the choice code.

Returns the current breakfast activity for the organisation, including deadline and the member's latest choice.

Submit or change a breakfast choice. Validates deadline, normalises choice codes, supports guest bookings.

Full attendance report listing all members with their choices and summary totals.

Returns charities with Charity Commission data, income, contact details, areas served, and tags.

Returns grant funders with type, geographic focus, grant range, eligibility, and how to apply.

Returns the cached Alpaca portfolio for an activity: account summary (equity, cash, buying power), open positions, recent orders (last 10), and intraday portfolio history (5-min intervals). Refreshes from Alpaca if the cache is older than 5 minutes. Respects per-member access control via ActivityMemberAccess and ActivityGroupAccess.

Initiates the QBO OAuth2 flow. Redirects the browser to Intuit's authorisation page. The organisation must have a QboConnection with Client ID and Secret configured in Django admin first.

Intuit redirects here after authorisation. Exchanges the authorisation code for access and refresh tokens, stores the realm_id (QBO Company ID), and confirms the connection.

Returns cached bank account balances and a simplified balance sheet (one level deep with sub-sections). Data is refreshed from QBO if the cache is older than 5 minutes. Access tokens are auto-refreshed if expired.

Returns custom action logs (sign-ins, page views, connections) for the organisation. Paginated with limit and offset.

Returns django-auditlog model change logs (create/update/delete) with field-level old and new values. Paginated.

Called by the WordPress plugin after a successful sign-in to record web platform access for audit tracking.

Returns all active members with their platform access status (web, iOS, Android) and counts. Used by the Member Access summary table.

Compose and immediately dispatch a message to all org members, a group, or explicit recipients via the specified channel. Per-org API key required.

Returns sent message history for the organisation with recipient counts and delivery status. Paginated.