Sayyarat Documentation

Public Docs

Client-safe integration guidance for API usage, auth, listing lifecycle, media, and search.

Public surface

Media Access And Serving

Purpose

This page defines how listing photos are exposed safely to owners and to the public.

Public Versus Private Access

The API must stay the access decision point.

Rules:

  • public listing photos are served through API-managed public routes
  • private or owner-only photos must not leak through raw storage URLs
  • storage bucket keys are not the public contract

URL Direction

Clients should treat API media URLs as the durable integration surface.

Do not assume:

  • permanent direct object-storage URLs
  • storage provider details
  • bucket layout as a client contract

Replacement And Deletion

Replacement and deletion must preserve listing integrity.

Rules:

  • active or sold listings cannot lose their final ready photo
  • the system must keep a ready cover assigned when any ready photo still exists
  • replacement should preserve ownership and moderation rules

Future CDN Direction

CDN work may be added later, but it must sit behind the same access model. CDN choices do not get to redefine visibility rules.