Legacy Lambda BFF Path Compatibility
Legacy Lambda BFF Path Compatibility
Introduced in: v0.1.75
The myProp Next.js portal exposes its Backend-for-Frontend (BFF) layer under the /api/bff/ prefix. Earlier clients — including the Capacitor mobile app and the legacy Vue.js SPA — were built against the original Lambda deployment where these endpoints had no prefix at all.
Starting with v0.1.75, the portal transparently accepts requests at both the old unprefixed paths and the current /api/bff/* paths.
Background
The original BFF was deployed as a standalone AWS Lambda function. Clients called endpoints like:
POST /accounts
POST /company/verify
POST /messaging/messages
PATCH /accounts/buyer/situation
GET /affiliate/links/{flow}?clientName=...
The Next.js rebuild serves the same logic via a catch-all route at /api/bff/[...path]. Clients that cannot be updated (e.g. a published Capacitor app) would receive a 404 without a compatibility shim.
How it works
Two layers cooperate to make legacy paths work end-to-end.
Layer 1 — Next.js beforeFiles rewrites
Configured in next.config.ts, these rewrites run before filesystem routes are evaluated and silently forward legacy paths to the /api/bff/ handler:
| Client calls | Portal routes to |
|---|---|
/accounts | /api/bff/accounts |
/accounts/:path* | /api/bff/accounts/:path* |
/company/:path* | /api/bff/company/:path* |
/overrides | /api/bff/overrides |
/overrides/:path* | /api/bff/overrides/:path* |
/messaging/:path* | /api/bff/messaging/:path* |
/affiliate/:path* | /api/bff/affiliate/:path* |
Using beforeFiles is important: it gives these rewrites higher priority than the [company] dynamic page route, which would otherwise match paths like /company/* and serve the wrong response.
Layer 2 — Middleware public path allowlist
Next.js middleware runs before rewrites. The auth middleware in src/middleware.ts checks whether a path is public before deciding whether to require a session.
Without an explicit allowlist entry, a request to POST /accounts is seen by the middleware as an unauthenticated call to an unknown path — it gets redirected to sign-in or returned a 401 before the rewrite ever fires.
The five legacy prefixes are therefore added to the LEGACY_BFF_PREFIXES allowlist:
const LEGACY_BFF_PREFIXES = [
"/accounts",
"/company",
"/overrides",
"/messaging",
"/affiliate",
];
The allowlist check uses exact match plus strict prefix matching to avoid false positives:
pathname === prefix || pathname.startsWith(prefix + "/")
This means /accounting and /companies are not treated as legacy BFF paths.
Covered endpoints
The following endpoint shapes are forwarded by the rewrites:
| Prefix | Example endpoints |
|---|---|
/accounts | POST /accounts, POST /accounts/payment-requests, POST /accounts/tenant/active, POST /accounts/buyer, POST /accounts/vendor, POST /accounts/landlord/*, POST /accounts/contractor/*, PATCH /accounts/buyer/*, PATCH /accounts/prospects/* |
/company | POST /company/verify, POST /company/currency, POST /company/urls/generic, POST /company/search |
/overrides | POST /overrides, POST /overrides/fixflo |
/messaging | POST /messaging/messages, POST /messaging/message/send, POST /messaging/message/offer/respond |
/affiliate | GET /affiliate/links/{flow}?clientName=... |
Migration guidance
Legacy paths are supported indefinitely for clients that cannot be updated (e.g. published Capacitor builds). New integrations and updated clients should use the canonical /api/bff/* prefix directly, as this is the stable, documented surface.