MinBil Complete API Documentation - CarOwner

Generated from live Swagger on 2026-02-16T10:23:22Z.

Scope

• Audience: Car owner app
• API title: MinBil Car Owner API V1
• API version: development-environment
• Base path: /api/co
• Total paths: 67
• Total operations: 85

Authentication

• Bearer: Authorization: Bearer <token>
• APIKey: x-api-key: <api-key> (used on selected auth/bootstrap endpoints)

Response shape guidance

• Newer endpoints usually return { data, meta } for success and { error: { ... } } for failures.
• Some modules return RFC7807 (type/title/status/code/message) responses.
• Older endpoints may still return simple { error: '...' } payloads.
• Client integrations must always branch by HTTP status first.

Endpoint index

• Auth (5 operations)
• Booking (10 operations)
• BookingStatus (1 operations)
• CarBrands (1 operations)
• CarOwnerPayments (4 operations)
• CarOwnerServiceRecords (2 operations)
• Categories (3 operations)
• Favorites (3 operations)
• Marketplace (2 operations)
• MarketplaceCompat (2 operations)
• MarketplaceFilters (5 operations)
• Messages (16 operations)
• Notifications (6 operations)
• Presence (1 operations)
• Profile (4 operations)
• Ratings (3 operations)
• Realtime (1 operations)
• ServiceLog (8 operations)
• Settings (2 operations)
• Vehicles (6 operations)

Auth

POST /auth/forgot-password

Purpose: Endpoint operation.

Detailed behavior: Triggers a password reset email for the provided account.

Response is generic to avoid account enumeration.

Typical use cases:

• Secure login, registration, refresh and password recovery flows.

Auth: None (public endpoint).

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: CarOwnerForgotPasswordRequest

{
  "email": "owner@minbil.io",
  "redirect_to": "https://platform.minbil.no/reset-password"
}

Responses:

• 200: OK
  • Schema: CarOwnerLogoutResponse

{
  "message": "Sign-out successful."
}

• 400: Bad Request
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 429: Too Many Requests
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Server Error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/auth/forgot-password'\
  -H 'Accept: application/json'\
  -H 'Content-Type: application/json'\
  -d '{"email": "owner@minbil.io", "redirect_to": "https://platform.minbil.no/reset-password"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /auth/refresh

Purpose: Refresh access token

Detailed behavior: Returns a new access token using a refresh token.

Typical use cases:

• Secure login, registration, refresh and password recovery flows.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: OK
  • Schema: CarOwnerRefreshResponse

{
  "message": "Token refreshed.",
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "zbb5d6vmyfqc",
  "expires_in": 3600,
  "expires_at": "2026-02-03T15:31:45Z",
  "expires_at_unix": 1770132705,
  "token_type": "bearer"
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 429: Too Many Requests
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Server Error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/auth/refresh'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /auth/sign-in

Purpose: Sign in Car Owner user

Detailed behavior: Authenticates a Car Owner user and returns access + refresh tokens.

Typical use cases:

• Secure login, registration, refresh and password recovery flows.

Auth: None (public endpoint).

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: CarOwnerSignInRequest

{
  "email": "owner@minbil.io",
  "password": "StrongPass123!"
}

Responses:

• 200: OK
  • Schema: CarOwnerSignInResponse

{
  "message": "Login successful.",
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "zbb5d6vmyfqc",
  "expires_in": 3600,
  "expires_at": "2026-02-03T15:31:45Z",
  "expires_at_unix": 1770132705,
  "token_type": "bearer",
  "user": {}
}

• 400: Bad Request
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 403: Forbidden
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 429: Too Many Requests
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Server Error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/auth/sign-in'\
  -H 'Accept: application/json'\
  -H 'Content-Type: application/json'\
  -d '{"email": "owner@minbil.io", "password": "StrongPass123!"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /auth/sign-out

Purpose: Sign out Car Owner user

Detailed behavior: Signs out the current user and invalidates the refresh token where possible.

Typical use cases:

• Secure login, registration, refresh and password recovery flows.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: OK
  • Schema: CarOwnerLogoutResponse

{
  "message": "Sign-out successful."
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 429: Too Many Requests
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Server Error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/auth/sign-out'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /auth/sign-up

Purpose: Register new Car Owner user

Detailed behavior: Creates a new Car Owner account.

Notes

• Email must be unique.
• Password must be at least 8 characters.

Typical use cases:

• Secure login, registration, refresh and password recovery flows.

Auth: None (public endpoint).

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: CarOwnerSignUpRequest

{
  "email": "owner@minbil.io",
  "password": "StrongPass123!"
}

Responses:

• 201: Created
  • Schema: CarOwnerSignUpResponse

{
  "message": "Registration successful.",
  "uid": "123e4567-e89b-12d3-a456-426614174000"
}

• 400: Bad Request
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 409: Conflict
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 429: Too Many Requests
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Server Error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/auth/sign-up'\
  -H 'Accept: application/json'\
  -H 'Content-Type: application/json'\
  -d '{"email": "owner@minbil.io", "password": "StrongPass123!"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

Booking

GET /bookings

Purpose: Endpoint operation.

Detailed behavior: Lists bookings for the authenticated car owner. Results are grouped by group_id by default.

Query params

• grouped (default 1): return grouped response.
• expand: comma-separated tokens (e.g. co,ws) to include related data.

Typical use cases:

• Drive booking lifecycle in app and workshop UI.
• Load booking lists/details with consistent status flow.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success
  • Schema type: array

[
  {
    "group_id": "string_value",
    "items": [
      {
        "id": {},
        "group_id": {},
        "workshop_org_nr": {},
        "service_id": {},
        "service_title": {},
        "service_description": {},
        "service_price": {},
        "service_start_time": {},
        "service_estimated_end_time": {},
        "service_actual_end_time": {},
        "registration_number": {},
        "attachments": {},
        "status": {},
        "status_display": {},
        "verify_booked": {},
        "verify_canceled": {},
        "verify_service_done": {},
        "cancel_request": {},
        "messages": {},
        "unread_count": {},
        "time_window": {},
        "can_reschedule": {},
        "can_request_cancel": {},
        "rating_allowed": {},
        "service_rating": {},
        "service_rating_message": {},
        "private_service_rating": {},
        "workshop_name": {},
        "service_estimated_hours": {},
        "carowner": {},
        "workshop": {}
      }
    ],
    "summary": {},
    "warnings": [
      {
        "code": {},
        "detail": {},
        "meta": {}
      }
    ]
  }
]

cURL example:

curl -X GET 'https://api.minbil.no/api/co/bookings'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /bookings

Purpose: Create new booking (one or more services)

Detailed behavior: Creates a new booking (one or more services) for the authenticated car owner.

Rules

• All services must belong to the same workshop (org_nr).

• If services[] is not provided, service_id + message are used.

• Response may include warnings[] for potential conflicts.

• all services MUST be from the same workshop (org_nr).

• if services[] is not provided, service_id + message are used.

• response contains warnings[] for double booking etc., but the call still succeeds.

Typical use cases:

• Drive booking lifecycle in app and workshop UI.
• Load booking lists/details with consistent status flow.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: BookingCreateInput

{
  "org_nr": "921460929",
  "service_id": 1,
  "services": [
    {
      "service_id": 77,
      "message": "string_value",
      "attachments": [
        {}
      ]
    }
  ],
  "service_start_time": "2025-11-30 09:00",
  "registration_number": "BT57225",
  "attachments": [
    {}
  ],
  "message": {}
}

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/bookings'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"org_nr": "921460929", "service_id": 1, "services": [{"service_id": 77, "message": "string_value", "attachments": [{}]}], "service_start_time": "2025-11-30 09:00", "registration_number": "BT57225", "attachments": [{}], "message": {}}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /bookings/booking-statuses

Purpose: List all valid statuses for bookings

Detailed behavior: Returns all active booking statuses ordered by sort order.

Typical use cases:

• Drive booking lifecycle in app and workshop UI.
• Load booking lists/details with consistent status flow.

Auth: None (public endpoint).

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success
  • Schema type: array

[
  {
    "id": 1,
    "code": "string_value",
    "display_name": "string_value",
    "sort_order": 1,
    "is_active": true
  }
]

cURL example:

curl -X GET 'https://api.minbil.no/api/co/bookings/booking-statuses'\
  -H 'Accept: application/json'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /bookings/cancel

Purpose: Endpoint operation.

Detailed behavior: Cancels or requests cancellation for a booking group or a single booking.

Typical use cases:

• Drive booking lifecycle in app and workshop UI.
• Load booking lists/details with consistent status flow.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: CarOwnerCancelBookingRequest

{
  "group_id": "string_value",
  "booking_id": 1,
  "cancellation_reason": 59.9139
}

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/bookings/cancel'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"group_id": "string_value", "booking_id": 1, "cancellation_reason": 59.9139}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /bookings/change-requests

Purpose: Endpoint operation.

Typical use cases:

• Drive booking lifecycle in app and workshop UI.
• Load booking lists/details with consistent status flow.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success
  • Schema type: array

[
  {
    "id": 1,
    "booking_id": 1,
    "group_id": "string_value",
    "request_type": "string_value",
    "status": "string_value",
    "reason": "string_value",
    "requested_start_time": "2026-02-12T10:00:00Z",
    "created_at": "string_value",
    "resolved_at": "string_value"
  }
]

cURL example:

curl -X GET 'https://api.minbil.no/api/co/bookings/change-requests'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /bookings/change-requests

Purpose: Endpoint operation.

Typical use cases:

• Drive booking lifecycle in app and workshop UI.
• Load booking lists/details with consistent status flow.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: CarOwnerChangeRequestCreate

{
  "booking_id": 1,
  "request_type": "string_value",
  "requested_start_time": "2026-02-12T10:00:00Z",
  "reason": "string_value"
}

Responses:

• 201: Success
  • Schema: CarOwnerChangeRequestItem

{
  "id": 1,
  "booking_id": 1,
  "group_id": "string_value",
  "request_type": "string_value",
  "status": "string_value",
  "reason": "string_value",
  "requested_start_time": "2026-02-12T10:00:00Z",
  "created_at": "string_value",
  "resolved_at": "string_value"
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/bookings/change-requests'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"booking_id": 1, "request_type": "string_value", "requested_start_time": "2026-02-12T10:00:00Z", "reason": "string_value"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /bookings/rate/{booking_id}

Purpose: Endpoint operation.

Detailed behavior: Submits a service rating for a completed booking.

Rules

• Rating is only allowed when the booking is completed.
• Valid range: 0–5.

Typical use cases:

• Drive booking lifecycle in app and workshop UI.
• Load booking lists/details with consistent status flow.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Request body:

• Schema: RateBookingRequest

{
  "service_rating": 499.0,
  "service_rating_message": "string_value",
  "private_service_rating": true
}

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/bookings/rate/123'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"service_rating": 499.0, "service_rating_message": "string_value", "private_service_rating": true}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /bookings/ratings

Purpose: Endpoint operation.

Detailed behavior: Returns all ratings submitted by the authenticated car owner.

Typical use cases:

• Drive booking lifecycle in app and workshop UI.
• Load booking lists/details with consistent status flow.
• Collect and moderate workshop feedback workflows.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success
  • Schema: CarOwnerRatingsList

{
  "total": 1,
  "items": [
    {
      "booking_id": 1,
      "workshop_org_nr": "921460929",
      "workshop_name": "string_value",
      "service_id": 1,
      "service_title": "string_value",
      "registration_number": "BT57225",
      "status": "string_value",
      "service_start_time": "2026-02-12T10:00:00Z",
      "service_estimated_end_time": "2026-02-12T10:00:00Z",
      "service_actual_end_time": "2026-02-12T10:00:00Z",
      "service_rating": 499.0,
      "service_rating_message": "string_value",
      "private_service_rating": true,
      "rated_at": "string_value"
    }
  ]
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/bookings/ratings'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /bookings/{booking_id}

Purpose: Endpoint operation.

Detailed behavior: Fetches a single booking line for the authenticated car owner.

Query params

• expand: comma-separated tokens (e.g. co,ws) to include related data.

Typical use cases:

• Drive booking lifecycle in app and workshop UI.
• Load booking lists/details with consistent status flow.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success
  • Schema: Booking

{
  "id": 1,
  "group_id": "string_value",
  "workshop_org_nr": "921460929",
  "service_id": 1,
  "service_title": "string_value",
  "service_description": "string_value",
  "service_price": 499.0,
  "service_start_time": "2026-02-12T10:00:00Z",
  "service_estimated_end_time": "2026-02-12T10:00:00Z",
  "service_actual_end_time": "2026-02-12T10:00:00Z",
  "registration_number": "BT57225",
  "attachments": [
    {}
  ],
  "status": "string_value",
  "status_display": "string_value",
  "verify_booked": true,
  "verify_canceled": true,
  "verify_service_done": true,
  "cancel_request": true,
  "messages": {},
  "unread_count": 1,
  "time_window": {},
  "can_reschedule": true,
  "can_request_cancel": true,
  "rating_allowed": true,
  "service_rating": 499.0,
  "service_rating_message": "string_value",
  "private_service_rating": true,
  "workshop_name": "string_value",
  "service_estimated_hours": 499.0,
  "carowner": {},
  "workshop": {}
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/bookings/123'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

PUT /bookings/{booking_id}

Purpose: Endpoint operation.

Detailed behavior: Updates a single booking line. Supported actions:

• Reschedule by providing service_start_time.
• Cancel by sending status=CANCELLED.
• If policy blocks direct mutation, a change request is created.
• Append messages/attachments without changing status.

Typical use cases:

• Drive booking lifecycle in app and workshop UI.
• Load booking lists/details with consistent status flow.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Request body:

• Schema: BookingUpdateInput

{
  "service_start_time": "2026-02-12T10:00:00Z",
  "status": "string_value",
  "cancellation_reason": 59.9139,
  "attachments": [
    {}
  ],
  "message": {}
}

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X PUT 'https://api.minbil.no/api/co/bookings/123'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"service_start_time": "2026-02-12T10:00:00Z", "status": "string_value", "cancellation_reason": 59.9139, "attachments": [{}], "message": {}}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

BookingStatus

GET /booking-statuses

Purpose: Get all booking statuses (from enum_booking_statuses)

Detailed behavior: Return all active booking statuses ordered by sort_order and id. Returns only active statuses, sorted by sort_order then id.

Typical use cases:

• Retrieve data needed by UI screens and API consumers.
• Support read-only integrations and backoffice reporting.

Auth: None (public endpoint).

Request parameters:

• No path/query/header parameters.

Responses:

• 200: OK
  • Schema: BookingStatusListResponse

{
  "data": [
    {
      "id": 1,
      "code": "string_value",
      "display_name": "string_value",
      "sort_order": 1,
      "is_active": true
    }
  ],
  "meta": {
    "count": 1
  }
}

• 500: Database error
  • Schema: BookingStatusProblem

{
  "type": "string_value",
  "title": "string_value",
  "status": 1,
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {
    "layer": "string_value",
    "component": "string_value",
    "step": "string_value"
  },
  "hint": "string_value"
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/booking-statuses'\
  -H 'Accept: application/json'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

CarBrands

GET /car-brands

Purpose: Endpoint operation.

Detailed behavior: List all car brands and their logo URLs.

Typical use cases:

• Retrieve data needed by UI screens and API consumers.
• Support read-only integrations and backoffice reporting.

Auth: API key (x-api-key: <api-key>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: OK
  • Schema: CarBrandListResponse

{
  "data": [
    {
      "id": 123,
      "name": "string_value",
      "slug": "string_value",
      "car_logo": "string_value",
      "created_at": "string_value"
    }
  ],
  "meta": {
    "count": 1
  }
}

• 401: Unauthorized
  • Schema: CarBrandProblem

{
  "type": "string_value",
  "title": "string_value",
  "status": 1,
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {
    "layer": "string_value",
    "component": "string_value",
    "step": "string_value"
  },
  "hint": "string_value"
}

• 500: Internal Server Error
  • Schema: CarBrandProblem

{
  "type": "string_value",
  "title": "string_value",
  "status": 1,
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {
    "layer": "string_value",
    "component": "string_value",
    "step": "string_value"
  },
  "hint": "string_value"
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/car-brands'\
  -H 'Accept: application/json'\
  -H 'x-api-key: <api-key>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

CarOwnerPayments

POST /payments/intents

Purpose: Endpoint operation.

Typical use cases:

• Create and track payment intents for soft-launch pilots.
• Handle webhook callbacks from payment provider safely.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/payments/intents'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /payments/intents/{payment_id}

Purpose: Endpoint operation.

Typical use cases:

• Create and track payment intents for soft-launch pilots.
• Handle webhook callbacks from payment provider safely.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/payments/intents/string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /payments/intents/{payment_id}/confirm

Purpose: Endpoint operation.

Typical use cases:

• Create and track payment intents for soft-launch pilots.
• Handle webhook callbacks from payment provider safely.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/payments/intents/string_value/confirm'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /payments/webhooks/stripe

Purpose: Endpoint operation.

Typical use cases:

• Create and track payment intents for soft-launch pilots.
• Handle webhook callbacks from payment provider safely.

Auth: None (public endpoint).

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/payments/webhooks/stripe'\
  -H 'Accept: application/json'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

CarOwnerServiceRecords

GET /service-records

Purpose: Endpoint operation.

Typical use cases:

• Show maintenance history and service records per vehicle.
• Generate exports and operational summaries.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/service-records'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /service-records/export

Purpose: Endpoint operation.

Typical use cases:

• Show maintenance history and service records per vehicle.
• Generate exports and operational summaries.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/service-records/export'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

Categories

GET /categories

Purpose: Endpoint operation.

Detailed behavior: Combined nested payload of workshop and service categories.

Typical use cases:

• Power category-based filtering and service discovery.

Auth: None (public endpoint).

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/categories?workshop_category_id=string_value&service_category_id=string_value&include_inactive=string_value'\
  -H 'Accept: application/json'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /categories/services

Purpose: Endpoint operation.

Detailed behavior: Read-only list of service categories (ws_service_categories).

Typical use cases:

• Power category-based filtering and service discovery.

Auth: None (public endpoint).

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/categories/services?id=123&workshop_category_id=string_value&parent_id=string_value&level=string_value'\
  -H 'Accept: application/json'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /categories/shops

Purpose: Endpoint operation.

Detailed behavior: Read-only list of workshop categories (ws_workshop_categories).

Typical use cases:

• Handle workshop profile and ownership confirmation flow.
• Power category-based filtering and service discovery.

Auth: None (public endpoint).

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/categories/shops?id=123&include_inactive=string_value&include_counts=string_value&q=string_value'\
  -H 'Accept: application/json'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

Favorites

DELETE /favorits

Purpose: Endpoint operation.

Detailed behavior: Removes a workshop from the authenticated user's favorites (idempotent).

Typical use cases:

• Remove or deactivate entities as part of maintenance flows.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: FavoriteRequest

{
  "org_nr": "999999999"
}

Responses:

• 200: Removed from favorites (or not present)
  • Schema: FavoriteMessageResponse

{
  "data": {
    "message": "string_value"
  }
}

• 400: Invalid org_nr
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Internal server error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X DELETE 'https://api.minbil.no/api/co/favorits'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"org_nr": "999999999"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /favorits

Purpose: Endpoint operation.

Detailed behavior: Returns all workshops marked as favorites by the authenticated user.

Typical use cases:

• Retrieve data needed by UI screens and API consumers.
• Support read-only integrations and backoffice reporting.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Favorites list
  • Schema: FavoriteListResponseEnvelope

{
  "data": {
    "total": 1,
    "items": [
      {}
    ]
  }
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Internal server error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/favorits'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /favorits

Purpose: Endpoint operation.

Detailed behavior: Adds a workshop to the authenticated user's favorites.

Typical use cases:

• Create or update domain state from frontend actions.
• Trigger backend workflows with validated payloads.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: FavoriteRequest

{
  "org_nr": "999999999"
}

Responses:

• 200: Already a favorite
  • Schema: FavoriteMessageResponse

{
  "data": {
    "message": "string_value"
  }
}

• 201: Added to favorites
  • Schema: FavoriteMessageResponse

{
  "data": {
    "message": "string_value"
  }
}

• 400: Invalid org_nr
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 404: Workshop not found
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 409: Conflict
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Internal server error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/favorits'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"org_nr": "999999999"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

Marketplace

GET /shops

Purpose: Endpoint operation.

Detailed behavior: Lists workshops with filtering, pagination, and optional marketplace layout.

Notes

• layout=market returns nearby_top and results.
• workshop_category_id and service_category_id accept CSV or repeated params.
• If a Bearer token is provided, is_favourite is accurate.

Typical use cases:

• Handle workshop profile and ownership confirmation flow.

Auth: None (public endpoint).

Request parameters:

Responses:

• 200: OK
  • Schema: WorkshopListResponse

{
  "data": [
    {
      "org_nr": "921460929",
      "name": "string_value",
      "address_line": "string_value",
      "city": "string_value",
      "postal_code": "string_value",
      "latitude": 499.0,
      "longitude": 499.0,
      "distance_km": 499.0,
      "logo": [
        {}
      ],
      "categories": [
        {}
      ],
      "avg_rating": 499.0,
      "total_reviews": 1,
      "cheapest_service_price": 499.0,
      "services_count": 1
    }
  ],
  "meta": {
    "page": 1,
    "page_size": 1,
    "total": 1,
    "total_pages": 1,
    "has_next": true,
    "has_prev": true,
    "count": 1
  },
  "links": {
    "self": "string_value",
    "first": "string_value",
    "prev": "string_value",
    "next": "string_value",
    "last": "string_value"
  },
  "facets": {}
}

• 404: Not Found
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Server Error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/shops?org=string_value&q=string_value&workshop_category_id=string_value&service_category_id=string_value'\
  -H 'Accept: application/json'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /shops/{org_nr}

Purpose: Endpoint operation.

Detailed behavior: Fetches one workshop by orgNr.

Typical use cases:

• Handle workshop profile and ownership confirmation flow.

Auth: None (public endpoint).

Request parameters:

Responses:

• 200: OK
  • Schema: WorkshopDetail

{
  "orgNr": "921460929",
  "name": "string_value",
  "addressLine": "string_value",
  "description": "string_value",
  "phone": "+4799999999",
  "mobile": "string_value",
  "email": "owner@minbil.io",
  "logo": [
    "string_value"
  ],
  "images": [
    "string_value"
  ],
  "homepage": "string_value",
  "updatedAt": "2026-02-12",
  "categories": [
    "string_value"
  ],
  "addresses": [
    {
      "address": "string_value",
      "postal_code": "string_value",
      "city": "string_value",
      "county": "string_value",
      "latitude": 499.0,
      "longitude": 499.0
    }
  ],
  "contacts": [
    {
      "id": 1,
      "email": "owner@minbil.io",
      "phone": "+4799999999",
      "mobile": "string_value",
      "manager": "string_value"
    }
  ],
  "ratings": [
    {}
  ],
  "total_ratings": {
    "average_rating": 4.5,
    "total_reviews": 12
  },
  "services": [
    {
      "service_id": 1,
      "org_nr": "921460929",
      "title": "string_value",
      "description": "string_value",
      "price": 499.0,
      "estimated_time": 499.0,
      "images": [
        {}
      ],
      "categories": [
        {}
      ],
      "supports_walk_in": true
    }
  ],
  "openingHours": {},
  "isOpenNow": true,
  "is_favourite": true
}

• 404: Not Found
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Server Error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/shops/921460929'\
  -H 'Accept: application/json'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

MarketplaceCompat

GET /marketplace/shops

Purpose: Endpoint operation.

Typical use cases:

• Handle workshop profile and ownership confirmation flow.

Auth: None (public endpoint).

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/marketplace/shops'\
  -H 'Accept: application/json'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /marketplace/shops/{org_nr}

Purpose: Endpoint operation.

Typical use cases:

• Handle workshop profile and ownership confirmation flow.

Auth: None (public endpoint).

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/marketplace/shops/921460929'\
  -H 'Accept: application/json'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

MarketplaceFilters

GET /filters

Purpose: Endpoint operation.

Detailed behavior: Composite filter for marketplace search (text, categories, rating, price, location, and paging).

Typical use cases:

• Retrieve data needed by UI screens and API consumers.
• Support read-only integrations and backoffice reporting.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success
  • Schema: WorkshopList

{
  "results": [
    {
      "org_nr": "921460929",
      "name": "string_value",
      "address_line": "string_value",
      "city": "string_value",
      "postal_code": "string_value",
      "latitude": 499.0,
      "longitude": 499.0,
      "distance_km": 499.0,
      "logo": [
        {}
      ],
      "categories": [
        {}
      ],
      "avg_rating": 499.0,
      "total_reviews": 1,
      "cheapest_service_price": 499.0,
      "services_count": 1
    }
  ],
  "count": 1,
  "total_count": 1,
  "total_pages": 1,
  "current_page": 1,
  "page_size": 1
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/filters?page_size=string_value&page=string_value&order=string_value&sort=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /filters/filterByCategories

Purpose: Endpoint operation.

Detailed behavior: Legacy compatibility endpoint used by older marketplace clients.

Accepts categories as comma-separated WorkshopCategory IDs.

Typical use cases:

• Retrieve data needed by UI screens and API consumers.
• Support read-only integrations and backoffice reporting.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success
  • Schema: WorkshopList

{
  "results": [
    {
      "org_nr": "921460929",
      "name": "string_value",
      "address_line": "string_value",
      "city": "string_value",
      "postal_code": "string_value",
      "latitude": 499.0,
      "longitude": 499.0,
      "distance_km": 499.0,
      "logo": [
        {}
      ],
      "categories": [
        {}
      ],
      "avg_rating": 499.0,
      "total_reviews": 1,
      "cheapest_service_price": 499.0,
      "services_count": 1
    }
  ],
  "count": 1,
  "total_count": 1,
  "total_pages": 1,
  "current_page": 1,
  "page_size": 1
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/filters/filterByCategories?categories=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /filters/filterByHierarchicalCategories

Purpose: Endpoint operation.

Detailed behavior: Legacy compatibility endpoint used by older marketplace clients.

Accepts categories as comma-separated ServiceCategory IDs.

Typical use cases:

• Retrieve data needed by UI screens and API consumers.
• Support read-only integrations and backoffice reporting.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success
  • Schema: WorkshopList

{
  "results": [
    {
      "org_nr": "921460929",
      "name": "string_value",
      "address_line": "string_value",
      "city": "string_value",
      "postal_code": "string_value",
      "latitude": 499.0,
      "longitude": 499.0,
      "distance_km": 499.0,
      "logo": [
        {}
      ],
      "categories": [
        {}
      ],
      "avg_rating": 499.0,
      "total_reviews": 1,
      "cheapest_service_price": 499.0,
      "services_count": 1
    }
  ],
  "count": 1,
  "total_count": 1,
  "total_pages": 1,
  "current_page": 1,
  "page_size": 1
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/filters/filterByHierarchicalCategories?categories=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /filters/location

Purpose: Endpoint operation.

Detailed behavior: Find workshops within a radius (km) from a given latitude/longitude.

Typical use cases:

• Retrieve data needed by UI screens and API consumers.
• Support read-only integrations and backoffice reporting.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success
  • Schema: WorkshopList

{
  "results": [
    {
      "org_nr": "921460929",
      "name": "string_value",
      "address_line": "string_value",
      "city": "string_value",
      "postal_code": "string_value",
      "latitude": 499.0,
      "longitude": 499.0,
      "distance_km": 499.0,
      "logo": [
        {}
      ],
      "categories": [
        {}
      ],
      "avg_rating": 499.0,
      "total_reviews": 1,
      "cheapest_service_price": 499.0,
      "services_count": 1
    }
  ],
  "count": 1,
  "total_count": 1,
  "total_pages": 1,
  "current_page": 1,
  "page_size": 1
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/filters/location?radius=25&lng=10.7522&lat=59.9139'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /filters/search

Purpose: Endpoint operation.

Detailed behavior: Free text search across workshops, addresses, services, and service categories.

Typical use cases:

• Retrieve data needed by UI screens and API consumers.
• Support read-only integrations and backoffice reporting.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success
  • Schema: SearchResults

{
  "results": [
    {
      "org_nr": "921460929",
      "name": "string_value",
      "address_line": "string_value",
      "city": "string_value",
      "postal_code": "string_value",
      "latitude": 499.0,
      "longitude": 499.0,
      "distance_km": 499.0,
      "logo": [
        {}
      ],
      "categories": [
        {}
      ],
      "avg_rating": 499.0,
      "total_reviews": 1,
      "cheapest_service_price": 499.0,
      "services_count": 1
    }
  ],
  "count": 1,
  "query": "string_value"
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/filters/search?q=string_value&query=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

Messages

GET /messages/inbox

Purpose: Endpoint operation.

Detailed behavior: Fetches list of message threads (per booking). Sorted by last activity (newest first).

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success
  • Schema: ThreadListResponse

{
  "data": [
    {
      "id": 123,
      "thread_id": "string_value",
      "booking_id": 1,
      "workshop_org_nr": "921460929",
      "workshop_name": "string_value",
      "org_nr": "921460929",
      "last_message": {},
      "unread_count": 1,
      "total_messages": 1,
      "updated_at": "2026-02-12",
      "read_at": "string_value"
    }
  ],
  "meta": {
    "page": 1,
    "page_size": 1,
    "total": 1,
    "total_pages": 1,
    "has_next": true,
    "has_prev": true,
    "unread_total": 1
  },
  "links": {
    "self": "string_value",
    "first": "string_value",
    "prev": "string_value",
    "next": "string_value",
    "last": "string_value"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/messages/inbox?page=string_value&page_size=string_value&q=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

OPTIONS /messages/inbox

Purpose: Endpoint operation.

Detailed behavior: Fetches list of message threads (per booking). Sorted by last activity (newest first).

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X OPTIONS 'https://api.minbil.no/api/co/messages/inbox?page=string_value&page_size=string_value&q=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

OPTIONS /messages/mark-read

Purpose: Endpoint operation.

Detailed behavior: Marks workshop→car owner messages as read.

Body { thread_id, last_read_id?, last_read_at? }

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X OPTIONS 'https://api.minbil.no/api/co/messages/mark-read'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /messages/mark-read

Purpose: Endpoint operation.

Detailed behavior: Marks workshop→car owner messages as read.

Body { thread_id, last_read_id?, last_read_at? }

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: ReadUpToRequest

{
  "thread_id": "string_value",
  "last_read_id": 1,
  "last_read_at": "string_value"
}

Responses:

• 200: Success
  • Schema: ReadUpToResponse

{
  "updated": 1,
  "json_updated": 1,
  "unread_count": 1,
  "read_at": "string_value"
}

• 400: Bad request

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Bad request",
    "fields": [
      {
        "field": "example_field",
        "reason": "invalid"
      }
    ],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 404: Booking not found

{
  "error": {
    "code": "NOT_FOUND",
    "message": "Booking not found",
    "fields": [],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/messages/mark-read'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"thread_id": "string_value", "last_read_id": 1, "last_read_at": "string_value"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

OPTIONS /messages/send

Purpose: Endpoint operation.

Detailed behavior: Sends a message in the booking thread as the car owner.

Payloads

• JSON: { thread_id, message?, attachments?[] }
• multipart/form-data: thread_id, message (optional), files (1..n)

Notes

• At least one of message or attachment is required.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X OPTIONS 'https://api.minbil.no/api/co/messages/send'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /messages/send

Purpose: Endpoint operation.

Detailed behavior: Sends a message in the booking thread as the car owner.

Payloads

• JSON: { thread_id, message?, attachments?[] }
• multipart/form-data: thread_id, message (optional), files (1..n)

Notes

• At least one of message or attachment is required.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: SendMessageRequest

{
  "thread_id": "string_value",
  "message": "string_value",
  "org_nr": "921460929",
  "attachments": [
    {
      "url": "string_value",
      "content_type": "string_value",
      "name": "string_value",
      "size": 1
    }
  ]
}

Responses:

• 201: Success
  • Schema: SendMessageResponse

{
  "message": {
    "id": 1,
    "booking_id": 1,
    "workshop_org_nr": "921460929",
    "sender_type": "string_value",
    "message_text": "string_value",
    "attachments": [
      {}
    ],
    "is_read": true,
    "created_at": "string_value",
    "text": "string_value",
    "message": "string_value",
    "content": "string_value",
    "sender_role": "string_value",
    "from": "string_value",
    "unread": true
  },
  "unread_count": 1
}

• 400: Bad request

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Bad request",
    "fields": [
      {
        "field": "example_field",
        "reason": "invalid"
      }
    ],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 404: Booking not found

{
  "error": {
    "code": "NOT_FOUND",
    "message": "Booking not found",
    "fields": [],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/messages/send'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"thread_id": "string_value", "message": "string_value", "org_nr": "921460929", "attachments": [{"url": "string_value", "content_type": "string_value", "name": "string_value", "size": 1}]}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /messages/thread/{booking_id}

Purpose: Endpoint operation.

Detailed behavior: Fetches messages in a booking thread (newest at the bottom). Sort: created_at ASC, id ASC.

Notes

• Alias routes: /messages/thread/{booking_id} and /messages/{booking_id}.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success
  • Schema: MessageListResponse

{
  "data": [
    {
      "id": 1,
      "booking_id": 1,
      "workshop_org_nr": "921460929",
      "sender_type": "string_value",
      "message_text": "string_value",
      "attachments": [
        {}
      ],
      "is_read": true,
      "created_at": "string_value",
      "text": "string_value",
      "message": "string_value",
      "content": "string_value",
      "sender_role": "string_value",
      "from": "string_value",
      "unread": true
    }
  ],
  "meta": {
    "org_nr": "921460929",
    "page": 1,
    "page_size": 1,
    "total": 1,
    "total_pages": 1,
    "has_next": true,
    "has_prev": true,
    "unread_count": 1
  },
  "links": {
    "self": "string_value",
    "first": "string_value",
    "prev": "string_value",
    "next": "string_value",
    "last": "string_value"
  }
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 404: Booking not found

{
  "error": {
    "code": "NOT_FOUND",
    "message": "Booking not found",
    "fields": [],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/messages/thread/123?page=string_value&size=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

OPTIONS /messages/thread/{booking_id}

Purpose: Endpoint operation.

Detailed behavior: Fetches messages in a booking thread (newest at the bottom). Sort: created_at ASC, id ASC.

Notes

• Alias routes: /messages/thread/{booking_id} and /messages/{booking_id}.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X OPTIONS 'https://api.minbil.no/api/co/messages/thread/123?page=string_value&size=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

OPTIONS /messages/thread/{booking_id}/read-up-to

Purpose: Endpoint operation.

Detailed behavior: Marks workshop→car owner messages as read up to and including the given message ID.

Notes

• Optional last_read_at applies to JSON thread messages.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X OPTIONS 'https://api.minbil.no/api/co/messages/thread/123/read-up-to'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /messages/thread/{booking_id}/read-up-to

Purpose: Endpoint operation.

Detailed behavior: Marks workshop→car owner messages as read up to and including the given message ID.

Notes

• Optional last_read_at applies to JSON thread messages.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Request body:

• Schema: LegacyReadUpToRequest

{
  "last_read_id": 1,
  "last_read_at": "string_value"
}

Responses:

• 200: Success
  • Schema: ReadUpToResponse

{
  "updated": 1,
  "json_updated": 1,
  "unread_count": 1,
  "read_at": "string_value"
}

• 400: Bad request

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Bad request",
    "fields": [
      {
        "field": "example_field",
        "reason": "invalid"
      }
    ],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 404: Booking not found

{
  "error": {
    "code": "NOT_FOUND",
    "message": "Booking not found",
    "fields": [],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/messages/thread/123/read-up-to'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"last_read_id": 1, "last_read_at": "string_value"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /messages/{booking_id}

Purpose: Endpoint operation.

Detailed behavior: Fetches messages in a booking thread (newest at the bottom). Sort: created_at ASC, id ASC.

Notes

• Alias routes: /messages/thread/{booking_id} and /messages/{booking_id}.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success
  • Schema: MessageListResponse

{
  "data": [
    {
      "id": 1,
      "booking_id": 1,
      "workshop_org_nr": "921460929",
      "sender_type": "string_value",
      "message_text": "string_value",
      "attachments": [
        {}
      ],
      "is_read": true,
      "created_at": "string_value",
      "text": "string_value",
      "message": "string_value",
      "content": "string_value",
      "sender_role": "string_value",
      "from": "string_value",
      "unread": true
    }
  ],
  "meta": {
    "org_nr": "921460929",
    "page": 1,
    "page_size": 1,
    "total": 1,
    "total_pages": 1,
    "has_next": true,
    "has_prev": true,
    "unread_count": 1
  },
  "links": {
    "self": "string_value",
    "first": "string_value",
    "prev": "string_value",
    "next": "string_value",
    "last": "string_value"
  }
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 404: Booking not found

{
  "error": {
    "code": "NOT_FOUND",
    "message": "Booking not found",
    "fields": [],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/messages/123?page=string_value&size=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

OPTIONS /messages/{booking_id}

Purpose: Endpoint operation.

Detailed behavior: Fetches messages in a booking thread (newest at the bottom). Sort: created_at ASC, id ASC.

Notes

• Alias routes: /messages/thread/{booking_id} and /messages/{booking_id}.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X OPTIONS 'https://api.minbil.no/api/co/messages/123?page=string_value&size=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /messages/{booking_id}/messages

Purpose: Endpoint operation.

Detailed behavior: Fetches messages in a booking thread (newest at the bottom). Sort: created_at ASC, id ASC.

Notes

• Alias routes: /messages/thread/{booking_id} and /messages/{booking_id}.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success
  • Schema: MessageListResponse

{
  "data": [
    {
      "id": 1,
      "booking_id": 1,
      "workshop_org_nr": "921460929",
      "sender_type": "string_value",
      "message_text": "string_value",
      "attachments": [
        {}
      ],
      "is_read": true,
      "created_at": "string_value",
      "text": "string_value",
      "message": "string_value",
      "content": "string_value",
      "sender_role": "string_value",
      "from": "string_value",
      "unread": true
    }
  ],
  "meta": {
    "org_nr": "921460929",
    "page": 1,
    "page_size": 1,
    "total": 1,
    "total_pages": 1,
    "has_next": true,
    "has_prev": true,
    "unread_count": 1
  },
  "links": {
    "self": "string_value",
    "first": "string_value",
    "prev": "string_value",
    "next": "string_value",
    "last": "string_value"
  }
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 404: Booking not found

{
  "error": {
    "code": "NOT_FOUND",
    "message": "Booking not found",
    "fields": [],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/messages/123/messages?page=string_value&size=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

OPTIONS /messages/{booking_id}/messages

Purpose: Endpoint operation.

Detailed behavior: Fetches messages in a booking thread (newest at the bottom). Sort: created_at ASC, id ASC.

Notes

• Alias routes: /messages/thread/{booking_id} and /messages/{booking_id}.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X OPTIONS 'https://api.minbil.no/api/co/messages/123/messages?page=string_value&size=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

OPTIONS /messages/{booking_id}/messages/read-up-to

Purpose: Endpoint operation.

Detailed behavior: Marks workshop→car owner messages as read up to and including the given message ID.

Notes

• Optional last_read_at applies to JSON thread messages.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X OPTIONS 'https://api.minbil.no/api/co/messages/123/messages/read-up-to'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /messages/{booking_id}/messages/read-up-to

Purpose: Endpoint operation.

Detailed behavior: Marks workshop→car owner messages as read up to and including the given message ID.

Notes

• Optional last_read_at applies to JSON thread messages.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Request body:

• Schema: LegacyReadUpToRequest

{
  "last_read_id": 1,
  "last_read_at": "string_value"
}

Responses:

• 200: Success
  • Schema: ReadUpToResponse

{
  "updated": 1,
  "json_updated": 1,
  "unread_count": 1,
  "read_at": "string_value"
}

• 400: Bad request

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Bad request",
    "fields": [
      {
        "field": "example_field",
        "reason": "invalid"
      }
    ],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 404: Booking not found

{
  "error": {
    "code": "NOT_FOUND",
    "message": "Booking not found",
    "fields": [],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/messages/123/messages/read-up-to'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"last_read_id": 1, "last_read_at": "string_value"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

Notifications

GET /notifications

Purpose: Endpoint operation.

Detailed behavior: Lists notifications for the authenticated car owner. Sorted newest first.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success
  • Schema: NotificationListResponse

{
  "data": [
    {
      "id": 1,
      "type": "string_value",
      "title": "string_value",
      "body": "string_value",
      "data": {},
      "is_read": true,
      "created_at": "string_value",
      "read_at": "string_value"
    }
  ],
  "meta": {
    "page": 1,
    "page_size": 1,
    "total": 1,
    "total_pages": 1,
    "has_next": true,
    "has_prev": true,
    "unread_total": 1
  },
  "links": {
    "self": "string_value",
    "first": "string_value",
    "prev": "string_value",
    "next": "string_value",
    "last": "string_value"
  }
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/notifications?status=string_value&type=string_value&since=string_value&page=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /notifications/mark-read

Purpose: Endpoint operation.

Detailed behavior: Marks specified notifications as read. Best‑effort: also marks linked messages as read when applicable.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: MarkReadRequest

{
  "ids": [
    1
  ]
}

Responses:

• 200: Success
  • Schema: MarkReadResponse

{
  "updated": 1,
  "messages_marked": 1
}

• 400: Bad request

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Bad request",
    "fields": [
      {
        "field": "example_field",
        "reason": "invalid"
      }
    ],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/notifications/mark-read'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"ids": [1]}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /notifications/read-all

Purpose: Endpoint operation.

Detailed behavior: Marks all notifications as read for the authenticated car owner.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success
  • Schema: MarkReadResponse

{
  "updated": 1,
  "messages_marked": 1
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/notifications/read-all'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /notifications/unread-count

Purpose: Endpoint operation.

Detailed behavior: Returns the number of unread notifications for the authenticated car owner.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: OK

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/notifications/unread-count'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /notifications/{notif_id}

Purpose: Endpoint operation.

Detailed behavior: Fetches a single notification by ID.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success
  • Schema: NotificationItem

{
  "id": 1,
  "type": "string_value",
  "title": "string_value",
  "body": "string_value",
  "data": {},
  "is_read": true,
  "created_at": "string_value",
  "read_at": "string_value"
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 404: Not found

{
  "error": {
    "code": "NOT_FOUND",
    "message": "Not found",
    "fields": [],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/notifications/1'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /notifications/{notif_id}/mark-read

Purpose: Endpoint operation.

Detailed behavior: Marks a single notification as read.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success
  • Schema: MarkReadResponse

{
  "updated": 1,
  "messages_marked": 1
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 404: Not found

{
  "error": {
    "code": "NOT_FOUND",
    "message": "Not found",
    "fields": [],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/notifications/1/mark-read'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

Presence

PUT /presence

Purpose: Endpoint operation.

Detailed behavior: Update user presence status. When going 'online', queued offline events are delivered.

Typical use cases:

• Track online presence in chat/realtime contexts.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: PresenceRequest

{
  "status": "online"
}

Responses:

• 200: Success
  • Schema: PresenceResponse

{
  "status": "string_value",
  "queued_delivered": 1
}

cURL example:

curl -X PUT 'https://api.minbil.no/api/co/presence'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"status": "online"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

Profile

DELETE /profile

Purpose: Endpoint operation.

Detailed behavior: Removes the stored profile image reference for the authenticated user.

Notes

• This does not delete the user account.
• Returns 204 if there is no image to delete.

Typical use cases:

• Remove or deactivate entities as part of maintenance flows.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Profile image deleted (reference cleared)

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

• 204: No image to delete

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 404: User not found
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Internal server error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X DELETE 'https://api.minbil.no/api/co/profile'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /profile

Purpose: Endpoint operation.

Detailed behavior: Returns the authenticated user's profile.

Caching

• Supports If-None-Match and may return 304 Not Modified.

Typical use cases:

• Retrieve data needed by UI screens and API consumers.
• Support read-only integrations and backoffice reporting.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: OK
  • Schema: CarOwnerUserResponse

{
  "uid": "string_value",
  "email": "owner@minbil.io",
  "username": "string_value",
  "firstName": "string_value",
  "lastName": "string_value",
  "phone_number": "+4799999999",
  "address": "string_value",
  "profileImage": "string_value",
  "verify_vehicles": true,
  "created_at": "string_value",
  "updated_at": "2026-02-12"
}

• 304: Not Modified

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 404: User not found
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Internal server error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/profile'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

PUT /profile

Purpose: Endpoint operation.

Detailed behavior: Updates profile fields for the authenticated user. Accepts JSON or multipart/form-data.

Notes

• username must be unique (case-insensitive).
• When uploading a file, use file or profile_image.
• Only provided fields are updated.

Typical use cases:

• Create or update domain state from frontend actions.
• Trigger backend workflows with validated payloads.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: CarOwnerUserUpdate

{
  "username": "string_value",
  "first_name": "string_value",
  "last_name": "string_value",
  "phone_number": "+4799999999",
  "address": "string_value"
}

Responses:

• 200: Updated
  • Schema: CarOwnerUserResponse

{
  "uid": "string_value",
  "email": "owner@minbil.io",
  "username": "string_value",
  "firstName": "string_value",
  "lastName": "string_value",
  "phone_number": "+4799999999",
  "address": "string_value",
  "profileImage": "string_value",
  "verify_vehicles": true,
  "created_at": "string_value",
  "updated_at": "2026-02-12"
}

• 400: Invalid data / No changes
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 404: User not found
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 409: Username already taken
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Internal server error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X PUT 'https://api.minbil.no/api/co/profile'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"username": "string_value", "first_name": "string_value", "last_name": "string_value", "phone_number": "+4799999999", "address": "string_value"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /profile/check-username

Purpose: Endpoint operation.

Detailed behavior: Checks whether a username is available for the authenticated user.

Rules

• 3–30 chars
• Letters, numbers, ., _, -

Typical use cases:

• Retrieve data needed by UI screens and API consumers.
• Support read-only integrations and backoffice reporting.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: OK
  • Schema: UsernameAvailability

{
  "username": "string_value",
  "available": true,
  "message": "string_value"
}

• 400: Bad Request
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Internal Server Error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/profile/check-username?username=string_value'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

Ratings

GET /rating

Purpose: Endpoint operation.

Detailed behavior: Returns all ratings submitted by the authenticated car owner.

Typical use cases:

• Retrieve data needed by UI screens and API consumers.
• Support read-only integrations and backoffice reporting.

Auth: None (public endpoint).

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success
  • Schema: CarOwnerRatingsList

{
  "total": 1,
  "items": [
    {
      "booking_id": 1,
      "workshop_org_nr": "921460929",
      "workshop_name": "string_value",
      "service_id": 1,
      "service_title": "string_value",
      "registration_number": "BT57225",
      "status": "string_value",
      "service_start_time": "2026-02-12T10:00:00Z",
      "service_estimated_end_time": "2026-02-12T10:00:00Z",
      "service_actual_end_time": "2026-02-12T10:00:00Z",
      "service_rating": 499.0,
      "service_rating_message": "string_value",
      "private_service_rating": true,
      "rated_at": "string_value"
    }
  ]
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/rating'\
  -H 'Accept: application/json'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /rating/rate/{booking_id}

Purpose: Endpoint operation.

Detailed behavior: Alias endpoint for submitting a booking rating.

Typical use cases:

• Create or update domain state from frontend actions.
• Trigger backend workflows with validated payloads.

Auth: None (public endpoint).

Request parameters:

Request body:

• Schema: RateBookingRequest

{
  "service_rating": 499.0,
  "service_rating_message": "string_value",
  "private_service_rating": true
}

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/rating/rate/123'\
  -H 'Accept: application/json'\
  -H 'Content-Type: application/json'\
  -d '{"service_rating": 499.0, "service_rating_message": "string_value", "private_service_rating": true}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /rating/{booking_id}

Purpose: Endpoint operation.

Detailed behavior: Creates or updates a rating for a booking (completed bookings only).

Typical use cases:

• Create or update domain state from frontend actions.
• Trigger backend workflows with validated payloads.

Auth: None (public endpoint).

Request parameters:

Request body:

• Schema: RateBookingRequest

{
  "service_rating": 499.0,
  "service_rating_message": "string_value",
  "private_service_rating": true
}

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/rating/123'\
  -H 'Accept: application/json'\
  -H 'Content-Type: application/json'\
  -d '{"service_rating": 499.0, "service_rating_message": "string_value", "private_service_rating": true}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

Realtime

GET /realtime/config

Purpose: Endpoint operation.

Detailed behavior: Returns Supabase Realtime connection config and channel names for the authenticated user.

Typical use cases:

• Expose realtime configuration to connected clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Success
  • Schema: RealtimeConfig

{
  "supabase_url": "string_value",
  "anon_key": "string_value",
  "channels": {},
  "enabled": true
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/realtime/config'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

ServiceLog

GET /service-log/export-token

Purpose: Endpoint operation.

Detailed behavior: Generates a short-lived export token for service log exports.

Notes

• Token TTL is 15 minutes.

Typical use cases:

• Show maintenance history and service records per vehicle.
• Generate exports and operational summaries.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/service-log/export-token?registration_number=BT57225&workshop_org_nr=921460929&date_from=2026-02-12&date_to=2026-02-12'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /service-log/latest

Purpose: Endpoint operation.

Detailed behavior: Returns the latest booking-based service logs.

Typical use cases:

• Show maintenance history and service records per vehicle.
• Generate exports and operational summaries.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/service-log/latest?limit=string_value&registration_number=BT57225&workshop_org_nr=921460929'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /service-log/list

Purpose: Endpoint operation.

Detailed behavior: Paginated list of your booking-based service logs.

Typical use cases:

• Show maintenance history and service records per vehicle.
• Generate exports and operational summaries.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/service-log/list?page=string_value&page_size=string_value&registration_number=BT57225&workshop_org_nr=921460929'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /service-log/messages/{log_id}

Purpose: Endpoint operation.

Detailed behavior: Fetches messages associated with a single service log entry.

Typical use cases:

• Show maintenance history and service records per vehicle.
• Generate exports and operational summaries.
• Power inbox/feed views and unread counters.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/service-log/messages/1'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /service-log/summary

Purpose: Endpoint operation.

Detailed behavior: Returns aggregate stats (count, avg rating, last service date) for your service logs.

Typical use cases:

• Show maintenance history and service records per vehicle.
• Generate exports and operational summaries.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/service-log/summary?registration_number=BT57225&workshop_org_nr=921460929&date_from=2026-02-12&date_to=2026-02-12'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /service-log/vehicle-history/latest

Purpose: Endpoint operation.

Detailed behavior: Returns the latest service history entries for a vehicle. If registration_number is not provided, the user's primary vehicle is used.

Typical use cases:

• Show maintenance history and service records per vehicle.
• Generate exports and operational summaries.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/service-log/vehicle-history/latest?limit=string_value&registration_number=BT57225&workshop_org_nr=921460929'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /service-log/vehicle-history/list

Purpose: Endpoint operation.

Detailed behavior: Paginated service history for a vehicle. If registration_number is not provided, the user's primary vehicle is used.

Typical use cases:

• Show maintenance history and service records per vehicle.
• Generate exports and operational summaries.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/service-log/vehicle-history/list?page=string_value&page_size=string_value&registration_number=BT57225&workshop_org_nr=921460929'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /service-log/vehicle-history/summary

Purpose: Endpoint operation.

Detailed behavior: Returns aggregate stats for a vehicle's service history. If registration_number is not provided, the user's primary vehicle is used.

Typical use cases:

• Show maintenance history and service records per vehicle.
• Generate exports and operational summaries.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Success

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/service-log/vehicle-history/summary?registration_number=BT57225'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

Settings

GET /settings/notifications

Purpose: Return merged preferences (stored overrides + sensible defaults)

Detailed behavior: Returns merged notification preferences (stored overrides + sensible defaults).

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Responses:

• 200: Current notification preferences
  • Schema: NotificationSettingsResponse

{
  "preferences": {
    "booking.requested": {},
    "booking.accepted": {},
    "booking.declined": {},
    "booking.updated": {},
    "booking.completed": {},
    "message.new": {},
    "rating.reminder": {}
  }
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 404: User not found

{
  "error": {
    "code": "NOT_FOUND",
    "message": "User not found",
    "fields": [],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/settings/notifications'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

PUT /settings/notifications

Purpose: Partial update of preferences

Detailed behavior: Partially updates notification preferences. Provide only the events you want to change.

Example { "booking.accepted": { "email": true, "push": false }, "message.new": { "push": true } } Body is an object with the shape: { "booking.accepted": {"email": true, "push": false}, "message.new": {"push": true} } Unknown events or channels are rejected.

Typical use cases:

• Power inbox/feed views and unread counters.
• Drive near-real-time communication state in clients.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: NotificationPreferences

{
  "booking.requested": {
    "email": true,
    "push": true
  },
  "booking.accepted": {
    "email": true,
    "push": true
  },
  "booking.declined": {
    "email": true,
    "push": true
  },
  "booking.updated": {
    "email": true,
    "push": true
  },
  "booking.completed": {
    "email": true,
    "push": true
  },
  "message.new": {
    "email": true,
    "push": true
  },
  "rating.reminder": {
    "email": true,
    "push": true
  }
}

Responses:

• 200: Updated notification preferences
  • Schema: NotificationSettingsResponse

{
  "preferences": {
    "booking.requested": {},
    "booking.accepted": {},
    "booking.declined": {},
    "booking.updated": {},
    "booking.completed": {},
    "message.new": {},
    "rating.reminder": {}
  }
}

• 400: Bad request

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Bad request",
    "fields": [
      {
        "field": "example_field",
        "reason": "invalid"
      }
    ],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 401: Unauthorized

{
  "type": "https://minbil.dev/problems/auth",
  "title": "Unauthorized",
  "status": 401,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized"
}

• 404: User not found

{
  "error": {
    "code": "NOT_FOUND",
    "message": "User not found",
    "fields": [],
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

• 500: Internal server error

{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "Internal server error",
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "retryable": false
  }
}

cURL example:

curl -X PUT 'https://api.minbil.no/api/co/settings/notifications'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"booking.requested": {"email": true, "push": true}, "booking.accepted": {"email": true, "push": true}, "booking.declined": {"email": true, "push": true}, "booking.updated": {"email": true, "push": true}, "booking.completed": {"email": true, "push": true}, "message.new": {"email": true, "push": true}, "rating.reminder": {"email": true, "push": true}}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

Vehicles

DELETE /vehicles

Purpose: Unlink a vehicle from the authenticated user (does not delete the vehicle)

Detailed behavior: Unlinks a vehicle from the authenticated user (does not delete the vehicle record).

Notes

• If the primary vehicle is removed and others remain, the newest updated vehicle becomes primary. Request: DELETE /api/co/vehicles?reg=BT57225 (or ?registration_number=BT57225) If the primary vehicle is removed and others remain, the newest updated vehicle becomes primary.

Typical use cases:

• Manage user vehicle inventory and primary vehicle selection.
• Fetch current vehicle data before booking/service actions.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Unlinked

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

• 400: Invalid data
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 403: Forbidden
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 404: Not found
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Internal server error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X DELETE 'https://api.minbil.no/api/co/vehicles?registration_number=BT57225&reg=BT57225'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

GET /vehicles

Purpose: Fetch vehicles linked to the authenticated user

Detailed behavior: Returns vehicles linked to the authenticated user.

Modes

• Without params: returns a list of vehicles.

• With registration_number or reg: returns full details for that vehicle.

• Without params: returns a list of vehicles.

• With ?registration_number= (or ?reg=): returns full details for that vehicle.

Typical use cases:

• Manage user vehicle inventory and primary vehicle selection.
• Fetch current vehicle data before booking/service actions.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: OK

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 403: Forbidden
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 404: Not found
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X GET 'https://api.minbil.no/api/co/vehicles?registration_number=BT57225&reg=BT57225'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /vehicles

Purpose: Create a vehicle (from Vegvesen) if missing and link it to the authenticated user

Detailed behavior: Creates a vehicle from Vegvesen data if missing and links it to the authenticated user. Idempotent: returns 200 if already linked.

Notes

• Accepts JSON or multipart/form-data.
• Use file or image to upload a vehicle photo. Idempotent: returns 200 if already linked.

Typical use cases:

• Manage user vehicle inventory and primary vehicle selection.
• Fetch current vehicle data before booking/service actions.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: VehicleCreate

{
  "registration_number": "BT57225",
  "nickname": "string_value",
  "image": "string_value"
}

Responses:

• 200: Vehicle already linked to this user

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

• 201: Vehicle created and linked to user successfully

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

• 400: Invalid data
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 404: User not found
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 409: Conflict
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 429: Too Many Requests
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Internal server error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/vehicles'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"registration_number": "BT57225", "nickname": "string_value", "image": "string_value"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /vehicles/refresh/{registration_number}

Purpose: Endpoint operation.

Detailed behavior: Refreshes stored vehicle data from Vegvesen for a linked vehicle.

Notes

• Vehicle data is fetched from an external source and may include Norwegian text.

Typical use cases:

• Manage user vehicle inventory and primary vehicle selection.
• Fetch current vehicle data before booking/service actions.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Responses:

• 200: Refreshed

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

• 400: Invalid data
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 403: Forbidden
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/vehicles/refresh/BT57225'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

POST /vehicles/set-primary

Purpose: Endpoint operation.

Detailed behavior: Sets the primary vehicle for the authenticated user.

Typical use cases:

• Manage user vehicle inventory and primary vehicle selection.
• Fetch current vehicle data before booking/service actions.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

• No path/query/header parameters.

Request body:

• Schema: SetPrimary

{
  "registration_number": "BT57225"
}

Responses:

• 200: Primary vehicle set

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

• 400: Invalid data
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 403: Forbidden
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X POST 'https://api.minbil.no/api/co/vehicles/set-primary'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"registration_number": "BT57225"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.

PUT /vehicles/{registration_number}

Purpose: Endpoint operation.

Detailed behavior: Updates nickname or image for a linked vehicle.

Notes

• Accepts JSON or multipart/form-data.
• Use file or image to upload a new vehicle image.

Typical use cases:

• Manage user vehicle inventory and primary vehicle selection.
• Fetch current vehicle data before booking/service actions.

Auth: Bearer token (Authorization: Bearer <token>)

Request parameters:

Request body:

• Schema: VehicleUpdate

{
  "nickname": "string_value",
  "image": "string_value"
}

Responses:

• 200: Vehicle updated

{
  "data": {},
  "meta": {
    "request_id": "f59ee325-0445-4bd0-9bf1-73edcd7da151",
    "generated_at": "2026-02-12T10:00:00Z"
  }
}

• 400: Invalid data
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 401: Unauthorized
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 403: Forbidden
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

• 500: Internal server error
  • Schema: Problem

{
  "status": 1,
  "type": "string_value",
  "title": "string_value",
  "detail": "string_value",
  "instance": "string_value",
  "code": "string_value",
  "message": "string_value",
  "where": {},
  "hint": "string_value"
}

cURL example:

curl -X PUT 'https://api.minbil.no/api/co/vehicles/BT57225'\
  -H 'Accept: application/json'\
  -H 'Authorization: Bearer <access-token>'\
  -H 'Content-Type: application/json'\
  -d '{"nickname": "string_value", "image": "string_value"}'

Error handling notes:

• Legacy endpoints may return either RFC7807 application/problem+json, { "error": "..." }, or structured { "error": { ... } } depending on module age.
• Always branch on HTTP status first, then parse payload shape.
• Respect 401/403 as auth/scope failures and do not retry blindly.