Technical Documentation

Comprehensive guide to PhishGuard EDU's features and implementation

Quick Navigation

API Reference Database Schema Security Deployment

API Reference

Campaign Management

Create, manage, and track phishing campaigns

POST/api/campaignsCreate new campaign

GET/api/campaigns/[id]Get campaign details

POST/api/campaigns/[id]/sendSend campaign

Training System

Manage training modules and track user progress

GET/api/training/pathsGet training paths

POST/api/training/startStart training module

POST/api/training/completeComplete training module

Analytics & Reporting

Access campaign metrics and user analytics

GET/api/analytics/campaignsCampaign analytics

GET/api/analytics/usersUser engagement metrics

GET/api/events/exportExport event data

Database Schema

Core Tables

Primary database structure for user management and organizations

profiles

User profile information and organization membership

id, email, full_name, organization_id, role, created_at, updated_at

organizations

Organization details and settings

id, name, domain, settings, created_at, updated_at

Campaign System

Tables for managing phishing campaigns and templates

campaigns

Campaign configuration and metadata

id, name, template_id, organization_id, status, settings, ai_generated, created_at

templates

Email templates for campaigns

id, name, subject, content, category, difficulty, organization_id

Training System

Training modules, paths, and user progress tracking

training_paths

Structured learning paths

id, name, description, difficulty_level, organization_id, is_active

user_progress

Individual user training progress

id, user_id, module_id, status, score, started_at, completed_at

Security & Authentication

Row Level Security (RLS)

Database-level security policies ensure data isolation

• All tables implement organization-scoped RLS policies
• Users can only access data within their organization
• Admin users have elevated permissions within their organization
• System-level operations require service role authentication

Authentication Flow

Supabase-based authentication with organization assignment

User Registration

User signs up with email/password
Profile created with organization assignment
Email verification required
Default role assigned based on organization settings

Session Management

JWT tokens with automatic refresh
Server-side session validation
Secure cookie handling

Content Security Policy

CSP headers protect against XSS and injection attacks

default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'

Deployment & Configuration

Environment Variables

Required configuration for production deployment

Supabase Configuration

NEXT_PUBLIC_SUPABASE_URL

NEXT_PUBLIC_SUPABASE_ANON_KEY

SUPABASE_SERVICE_ROLE_KEY

Email Service

SOCKETLABS_API_KEY

SOCKETLABS_SERVER_ID

AI Integration

OPENAI_API_KEY

Database Migrations

SQL scripts for setting up the database schema

001Initial schema setup

002Campaign system tables

003Training system implementation

004Analytics and reporting

005Security policies and RLS

Health Checks

Monitoring endpoints for system health

GET/api/healthBasic health check

GET/api/health/databaseDatabase connectivity

Need help with implementation?

Back to Help Center Contact Support