REST Controllers

BoardModule.register() registers 5 REST controllers that provide the HTTP API.

BoardController

Board CRUD operations.

Method	Path	Description	Required Role
`POST`	`/boards`	Create a new board	Authenticated
`GET`	`/boards`	List user's boards	Authenticated
`GET`	`/boards/:id`	Get board details	`viewer`
`PATCH`	`/boards/:id`	Update board	`owner`
`DELETE`	`/boards/:id`	Delete board	`owner`
`POST`	`/boards/:id/archive`	Archive board	`owner`

PageController

Page management within a board.

Method	Path	Description	Required Role
`POST`	`/boards/:boardId/pages`	Add a page	`editor`
`GET`	`/boards/:boardId/pages`	List pages	`viewer`
`GET`	`/boards/:boardId/pages/:pageId/elements`	Get page elements	`viewer`
`PUT`	`/boards/:boardId/pages/reorder`	Reorder pages	`editor`
`DELETE`	`/boards/:boardId/pages/:pageId`	Delete a page	`editor`

AssetController

File upload and management.

Method	Path	Description	Required Role
`POST`	`/boards/:boardId/assets`	Upload an asset	`editor`
`GET`	`/boards/:boardId/assets/:storageKey`	Get asset URL	`viewer`
`DELETE`	`/boards/:boardId/assets/:storageKey`	Delete an asset	`editor`
`GET`	`/boards/:boardId/assets/usage`	Get board storage usage	`viewer`

ExportController

Board export to various formats.

Method	Path	Description	Required Role
`POST`	`/boards/:boardId/export`	Export board	`viewer`

Request body:

{
    "format": "png" | "svg" | "pdf",
    "pageIds": ["page-1", "page-2"]  // optional, defaults to all pages
}

ShareController

Share link management.

Method	Path	Description	Required Role
`POST`	`/boards/:boardId/shares`	Create share link	`owner`
`GET`	`/shares/:token`	Resolve share link	Public
`DELETE`	`/boards/:boardId/shares/:id`	Delete share link	`owner`

Authentication

All controllers extract the Bearer token from the Authorization header and call BoardAuthGuard.validateRequest(). Unauthenticated requests receive a 401 response.

Authorization: Bearer <token>

After authentication, role-based access is checked via PermissionService.checkAccess().