API Overview
Internal API — Arc
The Sema Link backend API is served on the arc subdomain per environment.
| Environment | Base URL |
|---|---|
| Staging | https://staging-arc.semalink.africa |
| Test | https://test-arc.semalink.africa |
| Production | https://arc.semalink.africa |
Authentication
All API requests must include Cloudflare Access service token headers:
CF-Access-Client-Id: <value>
CF-Access-Client-Secret: <value>Requests without these headers are rejected at the Cloudflare edge with 403 Forbidden before reaching the server. See Zero Trust & API Access for full details.
HTTP Client
All API calls go through the centralised Axios instance at src/core/api/. Do not use fetch or create separate Axios instances — all requests should use the shared client so headers and interceptors are applied consistently.
Work in Progress
API endpoint documentation will be added here as the backend API is built out. Each resource will have its own page covering request format, response shape, and error codes.