Brewski exposes a RESTful API grouped by feature areas (authentication, teams, orders, brewing, etc.). Unless an endpoint is explicitly marked as Public, every request must include a valid bearer token issued by the Brewski Identity Provider and the caller must belong to the team referenced in the request.

• Base URL: https://api.brewskiapp.com in production.
• Authentication: Bearer access tokens (JWT) carried in the Authorization: Bearer <token> header. Tokens are issued via Keycloak (email/password and Google federation).
• Pagination: List endpoints accept page (1-based) and pageSize (max 200 unless documented otherwise) and return total/pages metadata.
• Sorting: Most list endpoints support sort and direction query parameters (asc/desc).
• Team Scoping: Nearly every resource is owned by a team. The caller must be an active member of that team and possess the appropriate role (owner, admin, or member).
• Minor Units: Monetary fields are expressed in minor currency units (pence/cents).

• Authentication
• Users
• Teams
• Clients
• Beers
• Batches
• Batch Gravity Readings
• Containers
• Packaging
• Pricebooks
• Activities
• Orders
• Settings
• Search
• Business Rules
• Planned Endpoints
• Derived Views

Additional domain background lives in AGENTS.md and API/src/db/schema.ts.