Page Registry & Access Review
This registry is prepared for evaluation. It shows public evidence pages clearly, confirms that operational admin pages are protected, and summarizes API/dynamic routes without exposing unnecessary internal details.
Safe pages visible without login.
Operational pages require admin login.
Authenticated API endpoints.
Must remain zero before presentation.
Evaluator-Facing Pages
These pages are intentionally visible for ministry/technical evaluation.
| Page | Purpose | Status | Readiness |
|---|---|---|---|
|
/ https://asp.mazenofficial.net/ |
Public evaluation landing page. | 200 | PASS |
|
/admin https://asp.mazenofficial.net/admin |
Evaluation dashboard and platform overview. | 200 | PASS |
|
/admin/accreditation-readiness https://asp.mazenofficial.net/admin/accreditation-readiness |
Submission readiness matrix and required evidence tracker. | 200 | PASS |
|
/admin/documentation https://asp.mazenofficial.net/admin/documentation |
Technical, security, API, continuity, and evidence documentation. | 200 | PASS |
|
/admin/page-registry https://asp.mazenofficial.net/admin/page-registry |
Page access and route readiness summary. | 200 | PASS |
|
/developers https://asp.mazenofficial.net/developers |
Developer/API integration guide. | 200 | PASS |
|
/health https://asp.mazenofficial.net/health |
Public health endpoint for uptime verification. | 200 | PASS |
Protected Operational Areas
These areas are intentionally hidden from visitors and require secure admin login. This is expected and should be presented as a security control, not a broken page.
| Area | Access |
|---|---|
| API Clients & Onboarding | Admin Login Required |
| Documents & Evidence Packages | Admin Login Required |
| Webhooks & API Logs | Admin Login Required |
| Audit Ledger & Anchors | Admin Login Required |
| Backups & Restore Runbook | Admin Login Required |
| Operations / Health / Security Alerts | Admin Login Required |
API Surface Summary
API endpoints are not public browsing pages. They require API authentication and source controls.
- ✓API Key Authentication
Requests require X-ASP-API-KEY. - ✓Source Tenant Domain
Requests must match allowed tenant domain. - ✓IP Allowlist
Client traffic can be restricted by source IP/CIDR. - ✓Idempotency
Safe retries using Idempotency-Key.
Dynamic Evidence Routes
Dynamic routes require existing records such as document UUID, API client ID, webhook delivery ID, request ID, or backup file name. They are reviewed during live demo after test data is created.
| Dynamic Capability | Example Route Pattern | Review Timing |
|---|---|---|
| Document Details | /admin/documents/{uuid} | After document exists |
| Evidence Package | /admin/documents/{uuid}/evidence-package | After document exists |
| API Client Usage | /admin/api-clients/{client}/usage | After client exists |
| Webhook Details | /admin/webhooks/{delivery}/details | After delivery exists |
| API Document XML/JSON | /api/v1/documents/{uuid}/xml | After authenticated API request |