fix: Add Cache-Control to allowed CORS headers (#5252 )

chore: make mock passwords more obvious to test suites (#5240 )
fix: formbricks version on localhost (#5250 )
2026-04-26 11:48:27 -05:00 · 2025-04-07 14:47:02 +00:00 · 2025-04-07 12:40:40 +00:00 · 2025-04-07 10:42:13 +00:00 · 2025-04-07 08:48:56 +00:00 · 2025-04-07 06:07:39 +00:00
396 changed files with 16539 additions and 5855 deletions
@@ -80,6 +80,9 @@ S3_ENDPOINT_URL=
 # Force path style for S3 compatible storage (0 for disabled, 1 for enabled)
 S3_FORCE_PATH_STYLE=0

+# Set this URL to add a custom domain to your survey links(default is WEBAPP_URL)
+# SURVEY_URL=https://survey.example.com
+
 #####################
 # Disable Features  #
 #####################
@@ -114,7 +117,7 @@ IMPRINT_URL=
 IMPRINT_ADDRESS=

 # Configure Turnstile in signup flow
-# NEXT_PUBLIC_TURNSTILE_SITE_KEY=
+# TURNSTILE_SITE_KEY=
 # TURNSTILE_SECRET_KEY=

 # Configure Github Login
@@ -0,0 +1,84 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "npm" # For pnpm monorepos, use npm ecosystem
+    directory: "/" # Root package.json
+    schedule:
+      interval: "weekly"
+    versioning-strategy: increase
+
+  # Apps directory packages
+  - package-ecosystem: "npm"
+    directory: "/apps/demo"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "npm"
+    directory: "/apps/demo-react-native"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "npm"
+    directory: "/apps/storybook"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "npm"
+    directory: "/apps/web"
+    schedule:
+      interval: "weekly"
+
+  # Packages directory
+  - package-ecosystem: "npm"
+    directory: "/packages/database"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "npm"
+    directory: "/packages/lib"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "npm"
+    directory: "/packages/types"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "npm"
+    directory: "/packages/config-eslint"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "npm"
+    directory: "/packages/config-prettier"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "npm"
+    directory: "/packages/config-typescript"
+    schedule:
+      interval: "weekly"
+      
+  - package-ecosystem: "npm"
+    directory: "/packages/js-core"
+    schedule:
+      interval: "weekly"
+      
+  - package-ecosystem: "npm"
+    directory: "/packages/surveys"
+    schedule:
+      interval: "weekly"
+      
+  - package-ecosystem: "npm"
+    directory: "/packages/logger"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
@@ -1,33 +0,0 @@
-name: Cron - Survey status update
-
-on:
-  workflow_dispatch:
-  # "Scheduled workflows run on the latest commit on the default or base branch."
-  # — https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#schedule
-  schedule:
-    # Runs "At 00:00." (see https://crontab.guru)
-    - cron: "0 0 * * *"
-
-permissions:
-  contents: read
-
-jobs:
-  cron-weeklySummary:
-    env:
-      APP_URL: ${{ secrets.APP_URL }}
-      CRON_SECRET: ${{ secrets.CRON_SECRET }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
-        with:
-          egress-policy: audit
-
-      - name: cURL request
-        if: ${{ env.APP_URL && env.CRON_SECRET }}
-        run: |
-          curl ${{ env.APP_URL }}/api/cron/survey-status \
-            -X POST \
-            -H 'content-type: application/json' \
-            -H 'x-api-key: ${{ env.CRON_SECRET }}' \
-            --fail
@@ -1,33 +0,0 @@
-name: Cron - Weekly summary
-
-on:
-  workflow_dispatch:
-  # "Scheduled workflows run on the latest commit on the default or base branch."
-  # — https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#schedule
-  schedule:
-    # Runs “At 08:00 on Monday.” (see https://crontab.guru)
-    - cron: "0 8 * * 1"
-permissions:
-  contents: read
-
-jobs:
-  cron-weeklySummary:
-    permissions:
-      contents: read    
-    env:
-      APP_URL: ${{ secrets.APP_URL }}
-      CRON_SECRET: ${{ secrets.CRON_SECRET }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481
-        with:
-          egress-policy: audit
-      - name: cURL request
-        if: ${{ env.APP_URL && env.CRON_SECRET }}
-        run: |
-          curl ${{ env.APP_URL }}/api/cron/weekly-summary \
-            -X POST \
-            -H 'content-type: application/json' \
-            -H 'x-api-key: ${{ env.CRON_SECRET }}' \
-            --fail
@@ -23,10 +23,10 @@ jobs:
        with:
          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis

-      - name: Setup Node.js 20.x
+      - name: Setup Node.js 22.x
        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
        with:
-          node-version: 20.x
+          node-version: 22.x

      - name: Install pnpm
        uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2
@@ -48,7 +48,7 @@ jobs:
        run: |
          pnpm test:coverage
      - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203
+        uses: SonarSource/sonarqube-scan-action@aa494459d7c39c106cc77b166de8b4250a32bb97
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -6,9 +6,13 @@ on:
  push:
    branches:
      - main
+    paths:
+      - "infra/terraform/**"
  pull_request:
    branches:
      - main
+    paths:
+      - "infra/terraform/**"

 permissions:
  id-token: write
@@ -18,7 +18,7 @@
    "expo-status-bar": "2.0.1",
    "react": "18.3.1",
    "react-dom": "18.3.1",
-    "react-native": "0.76.6",
+    "react-native": "0.78.2",
    "react-native-webview": "13.12.5"
  },
  "devDependencies": {
@@ -27,7 +27,7 @@ const secondaryNavigation = [

 export function Sidebar(): React.JSX.Element {
  return (
-    <div className="flex flex-grow flex-col overflow-y-auto bg-cyan-700 pb-4 pt-5">
+    <div className="flex grow flex-col overflow-y-auto bg-cyan-700 pt-5 pb-4">
      <nav
        className="mt-5 flex flex-1 flex-col divide-y divide-cyan-800 overflow-y-auto"
        aria-label="Sidebar">
@@ -38,10 +38,10 @@ export function Sidebar(): React.JSX.Element {
              href={item.href}
              className={classNames(
                item.current ? "bg-cyan-800 text-white" : "text-cyan-100 hover:bg-cyan-600 hover:text-white",
-                "group flex items-center rounded-md px-2 py-2 text-sm font-medium leading-6"
+                "group flex items-center rounded-md px-2 py-2 text-sm leading-6 font-medium"
              )}
              aria-current={item.current ? "page" : undefined}>
-              <item.icon className="mr-4 h-6 w-6 flex-shrink-0 text-cyan-200" aria-hidden="true" />
+              <item.icon className="mr-4 h-6 w-6 shrink-0 text-cyan-200" aria-hidden="true" />
              {item.name}
            </a>
          ))}
@@ -52,7 +52,7 @@ export function Sidebar(): React.JSX.Element {
              <a
                key={item.name}
                href={item.href}
-                className="group flex items-center rounded-md px-2 py-2 text-sm font-medium leading-6 text-cyan-100 hover:bg-cyan-600 hover:text-white">
+                className="group flex items-center rounded-md px-2 py-2 text-sm leading-6 font-medium text-cyan-100 hover:bg-cyan-600 hover:text-white">
                <item.icon className="mr-4 h-6 w-6 text-cyan-200" aria-hidden="true" />
                {item.name}
              </a>
@@ -1,3 +1,23 @@
-@tailwind base;
-@tailwind components;
-@tailwind utilities;
+@import 'tailwindcss';
+
+@plugin '@tailwindcss/forms';
+
+@custom-variant dark (&:is(.dark *));
+
+/*
+  The default border color has changed to `currentcolor` in Tailwind CSS v4,
+  so we've added these compatibility styles to make sure everything still
+  looks the same as it did with Tailwind CSS v3.
+
+  If we ever want to remove these styles, we need to add an explicit border
+  color utility to any element that depends on these defaults.
+*/
+@layer base {
+  *,
+  ::after,
+  ::before,
+  ::backdrop,
+  ::file-selector-button {
+    border-color: var(--color-gray-200, currentcolor);
+  }
+}
@@ -1,6 +1,6 @@
 {
  "name": "@formbricks/demo",
-  "version": "0.1.0",
+  "version": "0.0.0",
  "private": true,
  "scripts": {
    "clean": "rimraf .turbo node_modules .next",
@@ -12,10 +12,14 @@
  },
  "dependencies": {
    "@formbricks/js": "workspace:*",
-    "lucide-react": "0.468.0",
-    "next": "15.2.3",
+    "@tailwindcss/forms": "0.5.9",
+    "@tailwindcss/postcss": "4.1.3",
+    "lucide-react": "0.486.0",
+    "next": "15.2.4",
+    "postcss": "8.5.3",
    "react": "19.0.0",
-    "react-dom": "19.0.0"
+    "react-dom": "19.0.0",
+    "tailwindcss": "4.1.3"
  },
  "devDependencies": {
    "@formbricks/config-typescript": "workspace:*",
@@ -96,10 +96,10 @@ export default function AppPage(): React.JSX.Element {
            <p className="text-slate-700 dark:text-slate-300">
              Copy the environment ID of your Formbricks app to the env variable in /apps/demo/.env
            </p>
-            <Image src={fbsetup} alt="fb setup" className="mt-4 rounded" priority />
+            <Image src={fbsetup} alt="fb setup" className="mt-4 rounded-xs" priority />

            <div className="mt-4 flex-col items-start text-sm text-slate-700 sm:flex sm:items-center sm:text-base dark:text-slate-300">
-              <p className="mb-1 sm:mb-0 sm:mr-2">You&apos;re connected with env:</p>
+              <p className="mb-1 sm:mr-2 sm:mb-0">You&apos;re connected with env:</p>
              <div className="flex items-center">
                <strong className="w-32 truncate sm:w-auto">
                  {process.env.NEXT_PUBLIC_FORMBRICKS_ENVIRONMENT_ID}
@@ -1,6 +1,5 @@
 module.exports = {
  plugins: {
-    tailwindcss: {},
-    autoprefixer: {},
+    "@tailwindcss/postcss": {},
  },
 };
@@ -1,13 +0,0 @@
-/** @type {import('tailwindcss').Config} */
-module.exports = {
-  content: [
-    "./app/**/*.{js,ts,jsx,tsx}",
-    "./pages/**/*.{js,ts,jsx,tsx}",
-    "./components/**/*.{js,ts,jsx,tsx}",
-  ],
-  darkMode: "class",
-  theme: {
-    extend: {},
-  },
-  plugins: [require("@tailwindcss/forms")],
-};
@@ -11,30 +11,30 @@
    "clean": "rimraf .turbo node_modules dist storybook-static"
  },
  "dependencies": {
-    "eslint-plugin-react-refresh": "0.4.16",
-    "react": "19.0.0",
-    "react-dom": "19.0.0"
+    "eslint-plugin-react-refresh": "0.4.19",
+    "react": "19.1.0",
+    "react-dom": "19.1.0"
  },
  "devDependencies": {
-    "@chromatic-com/storybook": "3.2.2",
+    "@chromatic-com/storybook": "3.2.6",
    "@formbricks/config-typescript": "workspace:*",
-    "@storybook/addon-a11y": "8.4.7",
-    "@storybook/addon-essentials": "8.4.7",
-    "@storybook/addon-interactions": "8.4.7",
-    "@storybook/addon-links": "8.4.7",
-    "@storybook/addon-onboarding": "8.4.7",
-    "@storybook/blocks": "8.4.7",
-    "@storybook/react": "8.4.7",
-    "@storybook/react-vite": "8.4.7",
-    "@storybook/test": "8.4.7",
-    "@typescript-eslint/eslint-plugin": "8.18.0",
-    "@typescript-eslint/parser": "8.18.0",
+    "@storybook/addon-a11y": "8.6.12",
+    "@storybook/addon-essentials": "8.6.12",
+    "@storybook/addon-interactions": "8.6.12",
+    "@storybook/addon-links": "8.6.12",
+    "@storybook/addon-onboarding": "8.6.12",
+    "@storybook/blocks": "8.6.12",
+    "@storybook/react": "8.6.12",
+    "@storybook/react-vite": "8.6.12",
+    "@storybook/test": "8.6.12",
+    "@typescript-eslint/eslint-plugin": "8.29.0",
+    "@typescript-eslint/parser": "8.29.0",
    "@vitejs/plugin-react": "4.3.4",
-    "esbuild": "0.25.1",
-    "eslint-plugin-storybook": "0.11.1",
+    "esbuild": "0.25.2",
+    "eslint-plugin-storybook": "0.12.0",
    "prop-types": "15.8.1",
-    "storybook": "8.4.7",
-    "tsup": "8.3.5",
-    "vite": "6.0.12"
+    "storybook": "8.6.12",
+    "tsup": "8.4.0",
+    "vite": "6.2.4"
  }
 }
@@ -40,7 +40,6 @@ RUN echo '#!/bin/sh' > /tmp/read-secrets.sh && \
    echo 'exec "$@"' >> /tmp/read-secrets.sh && \
    chmod +x /tmp/read-secrets.sh

-ARG NEXT_PUBLIC_SENTRY_DSN
 ARG SENTRY_AUTH_TOKEN

 # Increase Node.js memory limit as a regular build argument
@@ -7,7 +7,7 @@ import { LimitsReachedBanner } from "@/modules/ui/components/limits-reached-bann
 import { PendingDowngradeBanner } from "@/modules/ui/components/pending-downgrade-banner";
 import { getTranslate } from "@/tolgee/server";
 import type { Session } from "next-auth";
-import { IS_FORMBRICKS_CLOUD } from "@formbricks/lib/constants";
+import { IS_DEVELOPMENT, IS_FORMBRICKS_CLOUD } from "@formbricks/lib/constants";
 import { getEnvironment, getEnvironments } from "@formbricks/lib/environment/service";
 import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
 import { getAccessFlags } from "@formbricks/lib/membership/utils";
@@ -111,6 +111,7 @@ export const EnvironmentLayout = async ({ environmentId, session, children }: En
          organizationProjectsLimit={organizationProjectsLimit}
          user={user}
          isFormbricksCloud={IS_FORMBRICKS_CLOUD}
+          isDevelopment={IS_DEVELOPMENT}
          membershipRole={membershipRole}
          isMultiOrgEnabled={isMultiOrgEnabled}
          isLicenseActive={active}
@@ -63,6 +63,7 @@ interface NavigationProps {
  projects: TProject[];
  isMultiOrgEnabled: boolean;
  isFormbricksCloud: boolean;
+  isDevelopment: boolean;
  membershipRole?: TOrganizationRole;
  organizationProjectsLimit: number;
  isLicenseActive: boolean;
@@ -79,6 +80,7 @@ export const MainNavigation = ({
  isFormbricksCloud,
  organizationProjectsLimit,
  isLicenseActive,
+  isDevelopment,
 }: NavigationProps) => {
  const router = useRouter();
  const pathname = usePathname();
@@ -296,7 +298,7 @@ export const MainNavigation = ({

          <div>
            {/* New Version Available */}
-            {!isCollapsed && isOwnerOrManager && latestVersion && !isFormbricksCloud && (
+            {!isCollapsed && isOwnerOrManager && latestVersion && !isFormbricksCloud && !isDevelopment && (
              <Link
                href="https://github.com/formbricks/formbricks/releases"
                target="_blank"
@@ -1,9 +1,7 @@
-// PosthogIdentify.test.tsx
 import "@testing-library/jest-dom/vitest";
 import { cleanup, render } from "@testing-library/react";
 import { Session } from "next-auth";
 import { usePostHog } from "posthog-js/react";
-import React from "react";
 import { beforeEach, describe, expect, it, vi } from "vitest";
 import { TOrganizationBilling } from "@formbricks/types/organizations";
 import { TUser } from "@formbricks/types/user";
@@ -1,3 +0,0 @@
-import { APIKeysLoading } from "@/modules/projects/settings/api-keys/loading";
-
-export default APIKeysLoading;
@@ -1,3 +0,0 @@
-import { APIKeysPage } from "@/modules/projects/settings/api-keys/page";
-
-export default APIKeysPage;
@@ -0,0 +1,6 @@
+import Loading from "@/modules/organization/settings/api-keys/loading";
+import { IS_FORMBRICKS_CLOUD } from "@formbricks/lib/constants";
+
+export default function LoadingPage() {
+  return <Loading isFormbricksCloud={IS_FORMBRICKS_CLOUD} />;
+}
@@ -0,0 +1,3 @@
+import { APIKeysPage } from "@/modules/organization/settings/api-keys/page";
+
+export default APIKeysPage;
@@ -54,6 +54,12 @@ export const OrganizationSettingsNavbar = ({
      hidden: isFormbricksCloud || isPricingDisabled,
      current: pathname?.includes("/enterprise"),
    },
+    {
+      id: "api-keys",
+      label: t("common.api_keys"),
+      href: `/environments/${environmentId}/settings/api-keys`,
+      current: pathname?.includes("/api-keys"),
+    },
  ];

  return <SecondaryNavigation navigation={navigation} activeId={activeId} loading={loading} />;
@@ -33,12 +33,16 @@ vi.mock("@formbricks/lib/constants", () => ({
  WEBAPP_URL: "mock-webapp-url",
  SMTP_HOST: "mock-smtp-host",
  SMTP_PORT: "mock-smtp-port",
-  AI_AZURE_LLM_RESSOURCE_NAME: "mock-azure-llm-resource-name",
-  AI_AZURE_LLM_API_KEY: "mock-azure-llm-api-key",
-  AI_AZURE_LLM_DEPLOYMENT_ID: "mock-azure-llm-deployment-id",
-  AI_AZURE_EMBEDDINGS_RESSOURCE_NAME: "mock-azure-embeddings-resource-name",
-  AI_AZURE_EMBEDDINGS_API_KEY: "mock-azure-embeddings-api-key",
-  AI_AZURE_EMBEDDINGS_DEPLOYMENT_ID: "mock-azure-embeddings-deployment-id",
+  AI_AZURE_LLM_RESSOURCE_NAME: "mock-ai-azure-llm-ressource-name",
+  AI_AZURE_LLM_API_KEY: "mock-ai",
+  AI_AZURE_LLM_DEPLOYMENT_ID: "mock-ai-azure-llm-deployment-id",
+  AI_AZURE_EMBEDDINGS_RESSOURCE_NAME: "mock-ai-azure-embeddings-ressource-name",
+  AI_AZURE_EMBEDDINGS_API_KEY: "mock-ai-azure-embeddings-api-key",
+  AI_AZURE_EMBEDDINGS_DEPLOYMENT_ID: "mock-ai-azure-embeddings-deployment-id",
+}));
+
+vi.mock("next-auth", () => ({
+  getServerSession: vi.fn(),
 }));

 vi.mock("@/tolgee/server", () => ({
@@ -13,6 +13,7 @@ import {
  RESPONSES_PER_PAGE,
  WEBAPP_URL,
 } from "@formbricks/lib/constants";
+import { getSurveyDomain } from "@formbricks/lib/getSurveyUrl";
 import { getResponseCountBySurveyId } from "@formbricks/lib/response/service";
 import { getSurvey } from "@formbricks/lib/survey/service";
 import { getTagsByEnvironmentId } from "@formbricks/lib/tag/service";
@@ -47,6 +48,7 @@ const Page = async (props) => {
  });
  const shouldGenerateInsights = needsInsightsGeneration(survey);
  const locale = await findMatchingLocale();
+  const surveyDomain = getSurveyDomain();

  return (
    <PageContentWrapper>
@@ -57,8 +59,8 @@ const Page = async (props) => {
            environment={environment}
            survey={survey}
            isReadOnly={isReadOnly}
-            webAppUrl={WEBAPP_URL}
            user={user}
+            surveyDomain={surveyDomain}
          />
        }>
        {isAIEnabled && shouldGenerateInsights && (
@@ -23,19 +23,19 @@ import { PanelInfoView } from "./shareEmbedModal/PanelInfoView";

 interface ShareEmbedSurveyProps {
  survey: TSurvey;
+  surveyDomain: string;
  open: boolean;
  modalView: "start" | "embed" | "panel";
  setOpen: React.Dispatch<React.SetStateAction<boolean>>;
-  webAppUrl: string;
  user: TUser;
 }

 export const ShareEmbedSurvey = ({
  survey,
+  surveyDomain,
  open,
  modalView,
  setOpen,
-  webAppUrl,
  user,
 }: ShareEmbedSurveyProps) => {
  const router = useRouter();
@@ -104,8 +104,8 @@ export const ShareEmbedSurvey = ({
              <DialogDescription className="hidden" />
              <ShareSurveyLink
                survey={survey}
-                webAppUrl={webAppUrl}
                surveyUrl={surveyUrl}
+                surveyDomain={surveyDomain}
                setSurveyUrl={setSurveyUrl}
                locale={user.locale}
              />
@@ -159,8 +159,8 @@ export const ShareEmbedSurvey = ({
            survey={survey}
            email={email}
            surveyUrl={surveyUrl}
+            surveyDomain={surveyDomain}
            setSurveyUrl={setSurveyUrl}
-            webAppUrl={webAppUrl}
            locale={user.locale}
          />
        ) : showView === "panel" ? (
@@ -20,8 +20,8 @@ interface SurveyAnalysisCTAProps {
  survey: TSurvey;
  environment: TEnvironment;
  isReadOnly: boolean;
-  webAppUrl: string;
  user: TUser;
+  surveyDomain: string;
 }

 interface ModalState {
@@ -35,8 +35,8 @@ export const SurveyAnalysisCTA = ({
  survey,
  environment,
  isReadOnly,
-  webAppUrl,
  user,
+  surveyDomain,
 }: SurveyAnalysisCTAProps) => {
  const { t } = useTranslate();
  const searchParams = useSearchParams();
@@ -50,7 +50,7 @@ export const SurveyAnalysisCTA = ({
    dropdown: false,
  });

-  const surveyUrl = useMemo(() => `${webAppUrl}/s/${survey.id}`, [survey.id, webAppUrl]);
+  const surveyUrl = useMemo(() => `${surveyDomain}/s/${survey.id}`, [survey.id, surveyDomain]);
  const { refreshSingleUseId } = useSingleUseId(survey);

  const widgetSetupCompleted = survey.type === "app" && environment.appSetupCompleted;
@@ -172,9 +172,9 @@ export const SurveyAnalysisCTA = ({
            <ShareEmbedSurvey
              key={key}
              survey={survey}
+              surveyDomain={surveyDomain}
              open={modalState[key as keyof ModalState]}
              setOpen={setOpen}
-              webAppUrl={webAppUrl}
              user={user}
              modalView={modalView}
            />
@@ -20,8 +20,8 @@ interface EmbedViewProps {
  survey: any;
  email: string;
  surveyUrl: string;
+  surveyDomain: string;
  setSurveyUrl: React.Dispatch<React.SetStateAction<string>>;
-  webAppUrl: string;
  locale: TUserLocale;
 }

@@ -35,8 +35,8 @@ export const EmbedView = ({
  survey,
  email,
  surveyUrl,
+  surveyDomain,
  setSurveyUrl,
-  webAppUrl,
  locale,
 }: EmbedViewProps) => {
  const { t } = useTranslate();
@@ -82,8 +82,8 @@ export const EmbedView = ({
          ) : activeId === "link" ? (
            <LinkTab
              survey={survey}
-              webAppUrl={webAppUrl}
              surveyUrl={surveyUrl}
+              surveyDomain={surveyDomain}
              setSurveyUrl={setSurveyUrl}
              locale={locale}
            />
@@ -8,13 +8,13 @@ import { TUserLocale } from "@formbricks/types/user";

 interface LinkTabProps {
  survey: TSurvey;
-  webAppUrl: string;
  surveyUrl: string;
+  surveyDomain: string;
  setSurveyUrl: (url: string) => void;
  locale: TUserLocale;
 }

-export const LinkTab = ({ survey, webAppUrl, surveyUrl, setSurveyUrl, locale }: LinkTabProps) => {
+export const LinkTab = ({ survey, surveyUrl, surveyDomain, setSurveyUrl, locale }: LinkTabProps) => {
  const { t } = useTranslate();

  const docsLinks = [
@@ -43,8 +43,8 @@ export const LinkTab = ({ survey, webAppUrl, surveyUrl, setSurveyUrl, locale }:
        </p>
        <ShareSurveyLink
          survey={survey}
-          webAppUrl={webAppUrl}
          surveyUrl={surveyUrl}
+          surveyDomain={surveyDomain}
          setSurveyUrl={setSurveyUrl}
          locale={locale}
        />
@@ -78,7 +78,7 @@ const dummySurvey = {
 } as unknown as TSurvey;
 const dummyEnvironment = { id: "env123", appSetupCompleted: true } as TEnvironment;
 const dummyUser = { id: "user123", name: "Test User" } as TUser;
-const webAppUrl = "http://example.com";
+const surveyDomain = "https://surveys.test.formbricks.com";

 describe("SurveyAnalysisCTA - handleCopyLink", () => {
  afterEach(() => {
@@ -91,7 +91,7 @@ describe("SurveyAnalysisCTA - handleCopyLink", () => {
        survey={dummySurvey}
        environment={dummyEnvironment}
        isReadOnly={false}
-        webAppUrl={webAppUrl}
+        surveyDomain={surveyDomain}
        user={dummyUser}
      />
    );
@@ -101,7 +101,9 @@ describe("SurveyAnalysisCTA - handleCopyLink", () => {

    await waitFor(() => {
      expect(refreshSingleUseIdSpy).toHaveBeenCalled();
-      expect(writeTextMock).toHaveBeenCalledWith("http://example.com/s/survey123?id=newSingleUseId");
+      expect(writeTextMock).toHaveBeenCalledWith(
+        "https://surveys.test.formbricks.com/s/survey123?id=newSingleUseId"
+      );
      expect(toast.success).toHaveBeenCalledWith("common.copied_to_clipboard");
    });
  });
@@ -113,7 +115,7 @@ describe("SurveyAnalysisCTA - handleCopyLink", () => {
        survey={dummySurvey}
        environment={dummyEnvironment}
        isReadOnly={false}
-        webAppUrl={webAppUrl}
+        surveyDomain={surveyDomain}
        user={dummyUser}
      />
    );
@@ -1,6 +1,6 @@
 import { getPreviewEmailTemplateHtml } from "@/modules/email/components/preview-email-template";
 import { getTranslate } from "@/tolgee/server";
-import { WEBAPP_URL } from "@formbricks/lib/constants";
+import { getSurveyDomain } from "@formbricks/lib/getSurveyUrl";
 import { getProjectByEnvironmentId } from "@formbricks/lib/project/service";
 import { getSurvey } from "@formbricks/lib/survey/service";
 import { getStyling } from "@formbricks/lib/utils/styling";
@@ -17,7 +17,7 @@ export const getEmailTemplateHtml = async (surveyId: string, locale: string) =>
  }

  const styling = getStyling(project, survey);
-  const surveyUrl = WEBAPP_URL + "/s/" + survey.id;
+  const surveyUrl = getSurveyDomain() + "/s/" + survey.id;
  const html = await getPreviewEmailTemplateHtml(survey, surveyUrl, styling, locale, t);
  const doctype =
    '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
@@ -16,6 +16,7 @@ import {
  MAX_RESPONSES_FOR_INSIGHT_GENERATION,
  WEBAPP_URL,
 } from "@formbricks/lib/constants";
+import { getSurveyDomain } from "@formbricks/lib/getSurveyUrl";
 import { getResponseCountBySurveyId } from "@formbricks/lib/response/service";
 import { getSurvey } from "@formbricks/lib/survey/service";
 import { getUser } from "@formbricks/lib/user/service";
@@ -54,6 +55,7 @@ const SurveyPage = async (props: { params: Promise<{ environmentId: string; surv
    billing: organization.billing,
  });
  const shouldGenerateInsights = needsInsightsGeneration(survey);
+  const surveyDomain = getSurveyDomain();

  return (
    <PageContentWrapper>
@@ -64,8 +66,8 @@ const SurveyPage = async (props: { params: Promise<{ environmentId: string; surv
            environment={environment}
            survey={survey}
            isReadOnly={isReadOnly}
-            webAppUrl={WEBAPP_URL}
            user={user}
+            surveyDomain={surveyDomain}
          />
        }>
        {isAIEnabled && shouldGenerateInsights && (
@@ -47,12 +47,6 @@ vi.mock("@/app/intercom/IntercomClientWrapper", () => ({
 vi.mock("@/modules/ui/components/no-mobile-overlay", () => ({
  NoMobileOverlay: () => <div data-testid="no-mobile-overlay" />,
 }));
-vi.mock("@/modules/ui/components/post-hog-client", () => ({
-  PHProvider: ({ children }: { children: React.ReactNode }) => (
-    <div data-testid="ph-provider">{children}</div>
-  ),
-  PostHogPageview: () => <div data-testid="ph-pageview" />,
-}));
 vi.mock("@/modules/ui/components/toaster-client", () => ({
  ToasterClient: () => <div data-testid="toaster-client" />,
 }));
@@ -74,8 +68,6 @@ describe("(app) AppLayout", () => {
    render(element);

    expect(screen.getByTestId("no-mobile-overlay")).toBeInTheDocument();
-    expect(screen.getByTestId("ph-pageview")).toBeInTheDocument();
-    expect(screen.getByTestId("ph-provider")).toBeInTheDocument();
    expect(screen.getByTestId("mock-intercom-wrapper")).toBeInTheDocument();
    expect(screen.getByTestId("toaster-client")).toBeInTheDocument();
    expect(screen.getByTestId("child-content")).toHaveTextContent("Hello from children");
@@ -1,6 +1,7 @@
 import { FormbricksClient } from "@/app/(app)/components/FormbricksClient";
 import { IntercomClientWrapper } from "@/app/intercom/IntercomClientWrapper";
 import { authOptions } from "@/modules/auth/lib/authOptions";
+import { ClientLogout } from "@/modules/ui/components/client-logout";
 import { NoMobileOverlay } from "@/modules/ui/components/no-mobile-overlay";
 import { PHProvider, PostHogPageview } from "@/modules/ui/components/post-hog-client";
 import { ToasterClient } from "@/modules/ui/components/toaster-client";
@@ -13,6 +14,11 @@ const AppLayout = async ({ children }) => {
  const session = await getServerSession(authOptions);
  const user = session?.user?.id ? await getUser(session.user.id) : null;

+  // If user account is deactivated, log them out instead of rendering the app
+  if (user?.isActive === false) {
+    return <ClientLogout />;
+  }
+
  return (
    <>
      <NoMobileOverlay />
@@ -1,51 +0,0 @@
-import { responses } from "@/app/lib/api/response";
-import { authOptions } from "@/modules/auth/lib/authOptions";
-import { AsyncParser } from "@json2csv/node";
-import { getServerSession } from "next-auth";
-import { NextRequest } from "next/server";
-import { logger } from "@formbricks/logger";
-
-export const POST = async (request: NextRequest) => {
-  const session = await getServerSession(authOptions);
-
-  if (!session) {
-    return responses.unauthorizedResponse();
-  }
-
-  const data = await request.json();
-  let csv: string = "";
-
-  const { json, fields, fileName } = data;
-
-  const fallbackFileName = fileName.replace(/[^A-Za-z0-9_.-]/g, "_");
-  const encodedFileName = encodeURIComponent(fileName)
-    .replace(/['()]/g, (match) => "%" + match.charCodeAt(0).toString(16))
-    .replace(/\*/g, "%2A");
-
-  const parser = new AsyncParser({
-    fields,
-  });
-
-  try {
-    csv = await parser.parse(json).promise();
-  } catch (err) {
-    logger.error({ error: err, url: request.url }, "Failed to convert to CSV");
-    throw new Error("Failed to convert to CSV");
-  }
-
-  const headers = new Headers();
-  headers.set("Content-Type", "text/csv;charset=utf-8;");
-  headers.set(
-    "Content-Disposition",
-    `attachment; filename="${fallbackFileName}"; filename*=UTF-8''${encodedFileName}`
-  );
-
-  return Response.json(
-    {
-      fileResponse: csv,
-    },
-    {
-      headers,
-    }
-  );
-};
@@ -1,46 +0,0 @@
-import { responses } from "@/app/lib/api/response";
-import { authOptions } from "@/modules/auth/lib/authOptions";
-import { getServerSession } from "next-auth";
-import { NextRequest } from "next/server";
-import * as xlsx from "xlsx";
-
-export const POST = async (request: NextRequest) => {
-  const session = await getServerSession(authOptions);
-
-  if (!session) {
-    return responses.unauthorizedResponse();
-  }
-
-  const data = await request.json();
-
-  const { json, fields, fileName } = data;
-
-  const fallbackFileName = fileName.replace(/[^A-Za-z0-9_.-]/g, "_");
-  const encodedFileName = encodeURIComponent(fileName)
-    .replace(/['()]/g, (match) => "%" + match.charCodeAt(0).toString(16))
-    .replace(/\*/g, "%2A");
-
-  const wb = xlsx.utils.book_new();
-  const ws = xlsx.utils.json_to_sheet(json, { header: fields });
-  xlsx.utils.book_append_sheet(wb, ws, "Sheet1");
-
-  const buffer = xlsx.write(wb, { type: "buffer", bookType: "xlsx" }) as Buffer;
-  const base64String = buffer.toString("base64");
-
-  const headers = new Headers();
-
-  headers.set("Content-Type", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
-  headers.set(
-    "Content-Disposition",
-    `attachment; filename="${fallbackFileName}"; filename*=UTF-8''${encodedFileName}`
-  );
-
-  return Response.json(
-    {
-      fileResponse: base64String,
-    },
-    {
-      headers,
-    }
-  );
-};
@@ -0,0 +1,178 @@
+import { hashApiKey } from "@/modules/api/v2/management/lib/utils";
+import { getApiKeyWithPermissions } from "@/modules/organization/settings/api-keys/lib/api-key";
+import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
+import { describe, expect, it, vi } from "vitest";
+import { prisma } from "@formbricks/database";
+import { TAPIKeyEnvironmentPermission } from "@formbricks/types/auth";
+import { authenticateRequest } from "./auth";
+
+vi.mock("@formbricks/database", () => ({
+  prisma: {
+    apiKey: {
+      findUnique: vi.fn(),
+      update: vi.fn(),
+    },
+  },
+}));
+
+vi.mock("@/modules/api/v2/management/lib/utils", () => ({
+  hashApiKey: vi.fn(),
+}));
+
+describe("getApiKeyWithPermissions", () => {
+  it("should return API key data with permissions when valid key is provided", async () => {
+    const mockApiKeyData = {
+      id: "api-key-id",
+      organizationId: "org-id",
+      hashedKey: "hashed-key",
+      createdAt: new Date(),
+      createdBy: "user-id",
+      lastUsedAt: null,
+      label: "Test API Key",
+      apiKeyEnvironments: [
+        {
+          environmentId: "env-1",
+          permission: "manage" as const,
+          environment: { id: "env-1" },
+        },
+      ],
+    };
+
+    vi.mocked(hashApiKey).mockReturnValue("hashed-key");
+    vi.mocked(prisma.apiKey.findUnique).mockResolvedValue(mockApiKeyData);
+    vi.mocked(prisma.apiKey.update).mockResolvedValue(mockApiKeyData);
+
+    const result = await getApiKeyWithPermissions("test-api-key");
+
+    expect(result).toEqual(mockApiKeyData);
+    expect(prisma.apiKey.update).toHaveBeenCalledWith({
+      where: { id: "api-key-id" },
+      data: { lastUsedAt: expect.any(Date) },
+    });
+  });
+
+  it("should return null when API key is not found", async () => {
+    vi.mocked(prisma.apiKey.findUnique).mockResolvedValue(null);
+
+    const result = await getApiKeyWithPermissions("invalid-key");
+
+    expect(result).toBeNull();
+  });
+});
+
+describe("hasPermission", () => {
+  const permissions: TAPIKeyEnvironmentPermission[] = [
+    {
+      environmentId: "env-1",
+      permission: "manage",
+      environmentType: "development",
+      projectId: "project-1",
+      projectName: "Project 1",
+    },
+    {
+      environmentId: "env-2",
+      permission: "write",
+      environmentType: "production",
+      projectId: "project-2",
+      projectName: "Project 2",
+    },
+    {
+      environmentId: "env-3",
+      permission: "read",
+      environmentType: "development",
+      projectId: "project-3",
+      projectName: "Project 3",
+    },
+  ];
+
+  it("should return true for manage permission with any method", () => {
+    expect(hasPermission(permissions, "env-1", "GET")).toBe(true);
+    expect(hasPermission(permissions, "env-1", "POST")).toBe(true);
+    expect(hasPermission(permissions, "env-1", "DELETE")).toBe(true);
+  });
+
+  it("should handle write permission correctly", () => {
+    expect(hasPermission(permissions, "env-2", "GET")).toBe(true);
+    expect(hasPermission(permissions, "env-2", "POST")).toBe(true);
+    expect(hasPermission(permissions, "env-2", "DELETE")).toBe(false);
+  });
+
+  it("should handle read permission correctly", () => {
+    expect(hasPermission(permissions, "env-3", "GET")).toBe(true);
+    expect(hasPermission(permissions, "env-3", "POST")).toBe(false);
+    expect(hasPermission(permissions, "env-3", "DELETE")).toBe(false);
+  });
+
+  it("should return false for non-existent environment", () => {
+    expect(hasPermission(permissions, "env-4", "GET")).toBe(false);
+  });
+});
+
+describe("authenticateRequest", () => {
+  it("should return authentication data for valid API key", async () => {
+    const request = new Request("http://localhost", {
+      headers: { "x-api-key": "valid-api-key" },
+    });
+
+    const mockApiKeyData = {
+      id: "api-key-id",
+      organizationId: "org-id",
+      hashedKey: "hashed-key",
+      createdAt: new Date(),
+      createdBy: "user-id",
+      lastUsedAt: null,
+      label: "Test API Key",
+      apiKeyEnvironments: [
+        {
+          environmentId: "env-1",
+          permission: "manage" as const,
+          environment: {
+            id: "env-1",
+            projectId: "project-1",
+            project: { name: "Project 1" },
+            type: "development",
+          },
+        },
+      ],
+    };
+
+    vi.mocked(hashApiKey).mockReturnValue("hashed-key");
+    vi.mocked(prisma.apiKey.findUnique).mockResolvedValue(mockApiKeyData);
+    vi.mocked(prisma.apiKey.update).mockResolvedValue(mockApiKeyData);
+
+    const result = await authenticateRequest(request);
+
+    expect(result).toEqual({
+      type: "apiKey",
+      environmentPermissions: [
+        {
+          environmentId: "env-1",
+          permission: "manage",
+          environmentType: "development",
+          projectId: "project-1",
+          projectName: "Project 1",
+        },
+      ],
+      hashedApiKey: "hashed-key",
+      apiKeyId: "api-key-id",
+      organizationId: "org-id",
+    });
+  });
+
+  it("should return null when no API key is provided", async () => {
+    const request = new Request("http://localhost");
+    const result = await authenticateRequest(request);
+    expect(result).toBeNull();
+  });
+
+  it("should return null when API key is invalid", async () => {
+    const request = new Request("http://localhost", {
+      headers: { "x-api-key": "invalid-api-key" },
+    });
+
+    vi.mocked(prisma.apiKey.findUnique).mockResolvedValue(null);
+
+    const result = await authenticateRequest(request);
+    expect(result).toBeNull();
+  });
+});
@@ -1,25 +1,38 @@
-import { getEnvironmentIdFromApiKey } from "@/app/api/v1/lib/api-key";
 import { responses } from "@/app/lib/api/response";
 import { hashApiKey } from "@/modules/api/v2/management/lib/utils";
+import { getApiKeyWithPermissions } from "@/modules/organization/settings/api-keys/lib/api-key";
 import { TAuthenticationApiKey } from "@formbricks/types/auth";
 import { DatabaseError, InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";

 export const authenticateRequest = async (request: Request): Promise<TAuthenticationApiKey | null> => {
  const apiKey = request.headers.get("x-api-key");
-  if (apiKey) {
-    const environmentId = await getEnvironmentIdFromApiKey(apiKey);
-    if (environmentId) {
-      const hashedApiKey = hashApiKey(apiKey);
-      const authentication: TAuthenticationApiKey = {
-        type: "apiKey",
-        environmentId,
-        hashedApiKey,
-      };
-      return authentication;
-    }
-    return null;
-  }
-  return null;
+  if (!apiKey) return null;
+
+  // Get API key with permissions
+  const apiKeyData = await getApiKeyWithPermissions(apiKey);
+  if (!apiKeyData) return null;
+
+  // In the route handlers, we'll do more specific permission checks
+  const environmentIds = apiKeyData.apiKeyEnvironments.map((env) => env.environmentId);
+  if (environmentIds.length === 0) return null;
+
+  const hashedApiKey = hashApiKey(apiKey);
+  const authentication: TAuthenticationApiKey = {
+    type: "apiKey",
+    environmentPermissions: apiKeyData.apiKeyEnvironments.map((env) => ({
+      environmentId: env.environmentId,
+      environmentType: env.environment.type,
+      permission: env.permission,
+      projectId: env.environment.projectId,
+      projectName: env.environment.project.name,
+    })),
+    hashedApiKey,
+    apiKeyId: apiKeyData.id,
+    organizationId: apiKeyData.organizationId,
+    organizationAccess: apiKeyData.organizationAccess,
+  };
+
+  return authentication;
 };

 export const handleErrorResponse = (error: any): Response => {
@@ -1,6 +1,6 @@
 import {
  OPTIONS,
  PUT,
-} from "@/modules/ee/contacts/api/client/[environmentId]/contacts/[userId]/attributes/route";
+} from "@/modules/ee/contacts/api/v1/client/[environmentId]/contacts/[userId]/attributes/route";

 export { OPTIONS, PUT };
@@ -1,6 +1,6 @@
 import {
  GET,
  OPTIONS,
-} from "@/modules/ee/contacts/api/client/[environmentId]/identify/contacts/[userId]/route";
+} from "@/modules/ee/contacts/api/v1/client/[environmentId]/identify/contacts/[userId]/route";

 export { GET, OPTIONS };
@@ -1,3 +1,3 @@
-import { OPTIONS, POST } from "@/modules/ee/contacts/api/client/[environmentId]/user/route";
+import { OPTIONS, POST } from "@/modules/ee/contacts/api/v1/client/[environmentId]/user/route";

 export { POST, OPTIONS };
@@ -1,49 +0,0 @@
-import { apiKeyCache } from "@/lib/cache/api-key";
-import { Prisma } from "@prisma/client";
-import { cache as reactCache } from "react";
-import { prisma } from "@formbricks/database";
-import { cache } from "@formbricks/lib/cache";
-import { getHash } from "@formbricks/lib/crypto";
-import { validateInputs } from "@formbricks/lib/utils/validate";
-import { ZString } from "@formbricks/types/common";
-import { DatabaseError, InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
-
-export const getEnvironmentIdFromApiKey = reactCache(async (apiKey: string): Promise<string | null> => {
-  const hashedKey = getHash(apiKey);
-  return cache(
-    async () => {
-      validateInputs([apiKey, ZString]);
-
-      if (!apiKey) {
-        throw new InvalidInputError("API key cannot be null or undefined.");
-      }
-
-      try {
-        const apiKeyData = await prisma.apiKey.findUnique({
-          where: {
-            hashedKey,
-          },
-          select: {
-            environmentId: true,
-          },
-        });
-
-        if (!apiKeyData) {
-          throw new ResourceNotFoundError("apiKey", apiKey);
-        }
-
-        return apiKeyData.environmentId;
-      } catch (error) {
-        if (error instanceof Prisma.PrismaClientKnownRequestError) {
-          throw new DatabaseError(error.message);
-        }
-
-        throw error;
-      }
-    },
-    [`management-api-getEnvironmentIdFromApiKey-${apiKey}`],
-    {
-      tags: [apiKeyCache.tag.byHashedKey(hashedKey)],
-    }
-  )();
-});
@@ -1,6 +1,7 @@
 import { authenticateRequest, handleErrorResponse } from "@/app/api/v1/auth";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
+import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
 import { deleteActionClass, getActionClass, updateActionClass } from "@formbricks/lib/actionClass/service";
 import { logger } from "@formbricks/logger";
 import { TActionClass, ZActionClassInput } from "@formbricks/types/action-classes";
@@ -8,15 +9,20 @@ import { TAuthenticationApiKey } from "@formbricks/types/auth";

 const fetchAndAuthorizeActionClass = async (
  authentication: TAuthenticationApiKey,
-  actionClassId: string
+  actionClassId: string,
+  method: "GET" | "POST" | "PUT" | "DELETE"
 ): Promise<TActionClass | null> => {
+  // Get the action class
  const actionClass = await getActionClass(actionClassId);
  if (!actionClass) {
    return null;
  }
-  if (actionClass.environmentId !== authentication.environmentId) {
+
+  // Check if API key has permission to access this environment with appropriate permissions
+  if (!hasPermission(authentication.environmentPermissions, actionClass.environmentId, method)) {
    throw new Error("Unauthorized");
  }
+
  return actionClass;
 };

@@ -28,7 +34,7 @@ export const GET = async (
  try {
    const authentication = await authenticateRequest(request);
    if (!authentication) return responses.notAuthenticatedResponse();
-    const actionClass = await fetchAndAuthorizeActionClass(authentication, params.actionClassId);
+    const actionClass = await fetchAndAuthorizeActionClass(authentication, params.actionClassId, "GET");
    if (actionClass) {
      return responses.successResponse(actionClass);
    }
@@ -46,7 +52,7 @@ export const PUT = async (
  try {
    const authentication = await authenticateRequest(request);
    if (!authentication) return responses.notAuthenticatedResponse();
-    const actionClass = await fetchAndAuthorizeActionClass(authentication, params.actionClassId);
+    const actionClass = await fetchAndAuthorizeActionClass(authentication, params.actionClassId, "PUT");
    if (!actionClass) {
      return responses.notFoundResponse("Action Class", params.actionClassId);
    }
@@ -88,7 +94,7 @@ export const DELETE = async (
  try {
    const authentication = await authenticateRequest(request);
    if (!authentication) return responses.notAuthenticatedResponse();
-    const actionClass = await fetchAndAuthorizeActionClass(authentication, params.actionClassId);
+    const actionClass = await fetchAndAuthorizeActionClass(authentication, params.actionClassId, "DELETE");
    if (!actionClass) {
      return responses.notFoundResponse("Action Class", params.actionClassId);
    }
@@ -0,0 +1,88 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { prisma } from "@formbricks/database";
+import { DatabaseError } from "@formbricks/types/errors";
+import { getActionClasses } from "./action-classes";
+
+// Mock the prisma client
+vi.mock("@formbricks/database", () => ({
+  prisma: {
+    actionClass: {
+      findMany: vi.fn(),
+    },
+  },
+}));
+
+describe("getActionClasses", () => {
+  const mockEnvironmentIds = ["env1", "env2"];
+  const mockActionClasses = [
+    {
+      id: "action1",
+      createdAt: new Date(),
+      updatedAt: new Date(),
+      name: "Test Action 1",
+      description: "Test Description 1",
+      type: "click",
+      key: "test-key-1",
+      noCodeConfig: {},
+      environmentId: "env1",
+    },
+    {
+      id: "action2",
+      createdAt: new Date(),
+      updatedAt: new Date(),
+      name: "Test Action 2",
+      description: "Test Description 2",
+      type: "pageview",
+      key: "test-key-2",
+      noCodeConfig: {},
+      environmentId: "env2",
+    },
+  ];
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it("should successfully fetch action classes for given environment IDs", async () => {
+    // Mock the prisma findMany response
+    vi.mocked(prisma.actionClass.findMany).mockResolvedValue(mockActionClasses);
+
+    const result = await getActionClasses(mockEnvironmentIds);
+
+    expect(result).toEqual(mockActionClasses);
+    expect(prisma.actionClass.findMany).toHaveBeenCalledWith({
+      where: {
+        environmentId: { in: mockEnvironmentIds },
+      },
+      select: expect.any(Object),
+      orderBy: {
+        createdAt: "asc",
+      },
+    });
+  });
+
+  it("should throw DatabaseError when prisma query fails", async () => {
+    // Mock the prisma findMany to throw an error
+    vi.mocked(prisma.actionClass.findMany).mockRejectedValue(new Error("Database error"));
+
+    await expect(getActionClasses(mockEnvironmentIds)).rejects.toThrow(DatabaseError);
+  });
+
+  it("should handle empty environment IDs array", async () => {
+    // Mock the prisma findMany response
+    vi.mocked(prisma.actionClass.findMany).mockResolvedValue([]);
+
+    const result = await getActionClasses([]);
+
+    expect(result).toEqual([]);
+    expect(prisma.actionClass.findMany).toHaveBeenCalledWith({
+      where: {
+        environmentId: { in: [] },
+      },
+      select: expect.any(Object),
+      orderBy: {
+        createdAt: "asc",
+      },
+    });
+  });
+});
@@ -0,0 +1,51 @@
+"use server";
+
+import "server-only";
+import { Prisma } from "@prisma/client";
+import { cache as reactCache } from "react";
+import { prisma } from "@formbricks/database";
+import { actionClassCache } from "@formbricks/lib/actionClass/cache";
+import { cache } from "@formbricks/lib/cache";
+import { validateInputs } from "@formbricks/lib/utils/validate";
+import { TActionClass } from "@formbricks/types/action-classes";
+import { ZId } from "@formbricks/types/common";
+import { DatabaseError } from "@formbricks/types/errors";
+
+const selectActionClass = {
+  id: true,
+  createdAt: true,
+  updatedAt: true,
+  name: true,
+  description: true,
+  type: true,
+  key: true,
+  noCodeConfig: true,
+  environmentId: true,
+} satisfies Prisma.ActionClassSelect;
+
+export const getActionClasses = reactCache(
+  async (environmentIds: string[]): Promise<TActionClass[]> =>
+    cache(
+      async () => {
+        validateInputs([environmentIds, ZId.array()]);
+
+        try {
+          return await prisma.actionClass.findMany({
+            where: {
+              environmentId: { in: environmentIds },
+            },
+            select: selectActionClass,
+            orderBy: {
+              createdAt: "asc",
+            },
+          });
+        } catch (error) {
+          throw new DatabaseError(`Database error when fetching actions for environment ${environmentIds}`);
+        }
+      },
+      environmentIds.map((environmentId) => `getActionClasses-management-api-${environmentId}`),
+      {
+        tags: environmentIds.map((environmentId) => actionClassCache.tag.byEnvironmentId(environmentId)),
+      }
+    )()
+);
@@ -1,16 +1,24 @@
 import { authenticateRequest } from "@/app/api/v1/auth";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
-import { createActionClass, getActionClasses } from "@formbricks/lib/actionClass/service";
+import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
+import { createActionClass } from "@formbricks/lib/actionClass/service";
 import { logger } from "@formbricks/logger";
 import { TActionClass, ZActionClassInput } from "@formbricks/types/action-classes";
 import { DatabaseError } from "@formbricks/types/errors";
+import { getActionClasses } from "./lib/action-classes";

 export const GET = async (request: Request) => {
  try {
    const authentication = await authenticateRequest(request);
    if (!authentication) return responses.notAuthenticatedResponse();
-    const actionClasses: TActionClass[] = await getActionClasses(authentication.environmentId!);
+
+    const environmentIds = authentication.environmentPermissions.map(
+      (permission) => permission.environmentId
+    );
+
+    const actionClasses = await getActionClasses(environmentIds);
+
    return responses.successResponse(actionClasses);
  } catch (error) {
    if (error instanceof DatabaseError) {
@@ -35,6 +43,12 @@ export const POST = async (request: Request): Promise<Response> => {

    const inputValidation = ZActionClassInput.safeParse(actionClassInput);

+    const environmentId = actionClassInput.environmentId;
+
+    if (!hasPermission(authentication.environmentPermissions, environmentId, "POST")) {
+      return responses.unauthorizedResponse();
+    }
+
    if (!inputValidation.success) {
      return responses.badRequestResponse(
        "Fields are missing or incorrectly formatted",
@@ -43,10 +57,7 @@ export const POST = async (request: Request): Promise<Response> => {
      );
    }

-    const actionClass: TActionClass = await createActionClass(
-      authentication.environmentId!,
-      inputValidation.data
-    );
+    const actionClass: TActionClass = await createActionClass(environmentId, inputValidation.data);
    return responses.successResponse(actionClass);
  } catch (error) {
    if (error instanceof DatabaseError) {
@@ -2,6 +2,6 @@ import {
  DELETE,
  GET,
  PUT,
-} from "@/modules/ee/contacts/api/management/contact-attribute-keys/[contactAttributeKeyId]/route";
+} from "@/modules/ee/contacts/api/v1/management/contact-attribute-keys/[contactAttributeKeyId]/route";

 export { DELETE, GET, PUT };
@@ -1,3 +1,3 @@
-import { GET, POST } from "@/modules/ee/contacts/api/management/contact-attribute-keys/route";
+import { GET, POST } from "@/modules/ee/contacts/api/v1/management/contact-attribute-keys/route";

 export { GET, POST };
@@ -1,3 +1,3 @@
-import { GET } from "@/modules/ee/contacts/api/management/contact-attributes/route";
+import { GET } from "@/modules/ee/contacts/api/v1/management/contact-attributes/route";

 export { GET };
@@ -1,3 +1,3 @@
-import { DELETE, GET } from "@/modules/ee/contacts/api/management/contacts/[contactId]/route";
+import { DELETE, GET } from "@/modules/ee/contacts/api/v1/management/contacts/[contactId]/route";

 export { DELETE, GET };
@@ -1,4 +1,4 @@
-import { GET } from "@/modules/ee/contacts/api/management/contacts/route";
+import { GET } from "@/modules/ee/contacts/api/v1/management/contacts/route";

 export { GET };

@@ -12,29 +12,56 @@ export const GET = async () => {
        hashedKey: hashApiKey(apiKey),
      },
      select: {
-        environment: {
+        apiKeyEnvironments: {
          select: {
-            id: true,
-            createdAt: true,
-            updatedAt: true,
-            type: true,
-            project: {
+            environment: {
              select: {
                id: true,
-                name: true,
+                type: true,
+                createdAt: true,
+                updatedAt: true,
+                projectId: true,
+                widgetSetupCompleted: true,
+                project: {
+                  select: {
+                    id: true,
+                    name: true,
+                  },
+                },
              },
            },
-            appSetupCompleted: true,
+            permission: true,
          },
        },
      },
    });
+
    if (!apiKeyData) {
      return new Response("Not authenticated", {
        status: 401,
      });
    }
-    return Response.json(apiKeyData.environment);
+
+    if (
+      apiKeyData.apiKeyEnvironments.length === 1 &&
+      apiKeyData.apiKeyEnvironments[0].permission === "manage"
+    ) {
+      return Response.json({
+        id: apiKeyData.apiKeyEnvironments[0].environment.id,
+        type: apiKeyData.apiKeyEnvironments[0].environment.type,
+        createdAt: apiKeyData.apiKeyEnvironments[0].environment.createdAt,
+        updatedAt: apiKeyData.apiKeyEnvironments[0].environment.updatedAt,
+        widgetSetupCompleted: apiKeyData.apiKeyEnvironments[0].environment.widgetSetupCompleted,
+        project: {
+          id: apiKeyData.apiKeyEnvironments[0].environment.projectId,
+          name: apiKeyData.apiKeyEnvironments[0].environment.project.name,
+        },
+      });
+    } else {
+      return new Response("You can't use this method with this API key", {
+        status: 400,
+      });
+    }
  } else {
    const sessionUser = await getSessionUser();
    if (!sessionUser) {
@@ -1,32 +1,33 @@
 import { authenticateRequest, handleErrorResponse } from "@/app/api/v1/auth";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
-import { hasUserEnvironmentAccess } from "@formbricks/lib/environment/auth";
+import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
 import { deleteResponse, getResponse, updateResponse } from "@formbricks/lib/response/service";
 import { getSurvey } from "@formbricks/lib/survey/service";
 import { logger } from "@formbricks/logger";
-import { TResponse, ZResponseUpdateInput } from "@formbricks/types/responses";
+import { ZResponseUpdateInput } from "@formbricks/types/responses";

-const fetchAndValidateResponse = async (authentication: any, responseId: string): Promise<TResponse> => {
+async function fetchAndAuthorizeResponse(
+  responseId: string,
+  authentication: any,
+  requiredPermission: "GET" | "PUT" | "DELETE"
+) {
  const response = await getResponse(responseId);
-  if (!response || !(await canUserAccessResponse(authentication, response))) {
-    throw new Error("Unauthorized");
+  if (!response) {
+    return { error: responses.notFoundResponse("Response", responseId) };
  }
-  return response;
-};

-const canUserAccessResponse = async (authentication: any, response: TResponse): Promise<boolean> => {
  const survey = await getSurvey(response.surveyId);
-  if (!survey) return false;
-
-  if (authentication.type === "session") {
-    return await hasUserEnvironmentAccess(authentication.session.user.id, survey.environmentId);
-  } else if (authentication.type === "apiKey") {
-    return survey.environmentId === authentication.environmentId;
-  } else {
-    throw Error("Unknown authentication type");
+  if (!survey) {
+    return { error: responses.notFoundResponse("Survey", response.surveyId, true) };
  }
-};
+
+  if (!hasPermission(authentication.environmentPermissions, survey.environmentId, requiredPermission)) {
+    return { error: responses.unauthorizedResponse() };
+  }
+
+  return { response };
+}

 export const GET = async (
  request: Request,
@@ -36,11 +37,11 @@ export const GET = async (
  try {
    const authentication = await authenticateRequest(request);
    if (!authentication) return responses.notAuthenticatedResponse();
-    const response = await fetchAndValidateResponse(authentication, params.responseId);
-    if (response) {
-      return responses.successResponse(response);
-    }
-    return responses.notFoundResponse("Response", params.responseId);
+
+    const result = await fetchAndAuthorizeResponse(params.responseId, authentication, "GET");
+    if (result.error) return result.error;
+
+    return responses.successResponse(result.response);
  } catch (error) {
    return handleErrorResponse(error);
  }
@@ -54,10 +55,10 @@ export const DELETE = async (
  try {
    const authentication = await authenticateRequest(request);
    if (!authentication) return responses.notAuthenticatedResponse();
-    const response = await fetchAndValidateResponse(authentication, params.responseId);
-    if (!response) {
-      return responses.notFoundResponse("Response", params.responseId);
-    }
+
+    const result = await fetchAndAuthorizeResponse(params.responseId, authentication, "DELETE");
+    if (result.error) return result.error;
+
    const deletedResponse = await deleteResponse(params.responseId);
    return responses.successResponse(deletedResponse);
  } catch (error) {
@@ -73,7 +74,10 @@ export const PUT = async (
  try {
    const authentication = await authenticateRequest(request);
    if (!authentication) return responses.notAuthenticatedResponse();
-    await fetchAndValidateResponse(authentication, params.responseId);
+
+    const result = await fetchAndAuthorizeResponse(params.responseId, authentication, "PUT");
+    if (result.error) return result.error;
+
    let responseUpdate;
    try {
      responseUpdate = await request.json();
@@ -1,6 +1,8 @@
 import "server-only";
 import { Prisma } from "@prisma/client";
+import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
+import { cache } from "@formbricks/lib/cache";
 import { IS_FORMBRICKS_CLOUD } from "@formbricks/lib/constants";
 import {
  getMonthlyOrganizationResponseCount,
@@ -8,11 +10,13 @@ import {
 } from "@formbricks/lib/organization/service";
 import { sendPlanLimitsReachedEventToPosthogWeekly } from "@formbricks/lib/posthogServer";
 import { responseCache } from "@formbricks/lib/response/cache";
+import { getResponseContact } from "@formbricks/lib/response/service";
 import { calculateTtcTotal } from "@formbricks/lib/response/utils";
 import { responseNoteCache } from "@formbricks/lib/responseNote/cache";
 import { captureTelemetry } from "@formbricks/lib/telemetry";
 import { validateInputs } from "@formbricks/lib/utils/validate";
 import { logger } from "@formbricks/logger";
+import { ZId, ZOptionalNumber } from "@formbricks/types/common";
 import { TContactAttributes } from "@formbricks/types/contact-attribute";
 import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { TResponse, TResponseInput, ZResponseInput } from "@formbricks/types/responses";
@@ -25,6 +29,7 @@ export const responseSelection = {
  updatedAt: true,
  surveyId: true,
  finished: true,
+  endingId: true,
  data: true,
  meta: true,
  ttc: true,
@@ -193,3 +198,53 @@ export const createResponse = async (responseInput: TResponseInput): Promise<TRe
    throw error;
  }
 };
+
+export const getResponsesByEnvironmentIds = reactCache(
+  async (environmentIds: string[], limit?: number, offset?: number): Promise<TResponse[]> =>
+    cache(
+      async () => {
+        validateInputs([environmentIds, ZId.array()], [limit, ZOptionalNumber], [offset, ZOptionalNumber]);
+        try {
+          const responses = await prisma.response.findMany({
+            where: {
+              survey: {
+                environmentId: { in: environmentIds },
+              },
+            },
+            select: responseSelection,
+            orderBy: [
+              {
+                createdAt: "desc",
+              },
+            ],
+            take: limit ? limit : undefined,
+            skip: offset ? offset : undefined,
+          });
+
+          const transformedResponses: TResponse[] = await Promise.all(
+            responses.map((responsePrisma) => {
+              return {
+                ...responsePrisma,
+                contact: getResponseContact(responsePrisma),
+                tags: responsePrisma.tags.map((tagPrisma: { tag: TTag }) => tagPrisma.tag),
+              };
+            })
+          );
+
+          return transformedResponses;
+        } catch (error) {
+          if (error instanceof Prisma.PrismaClientKnownRequestError) {
+            throw new DatabaseError(error.message);
+          }
+
+          throw error;
+        }
+      },
+      environmentIds.map(
+        (environmentId) => `getResponses-management-api-${environmentId}-${limit}-${offset}`
+      ),
+      {
+        tags: environmentIds.map((environmentId) => responseCache.tag.byEnvironmentId(environmentId)),
+      }
+    )()
+);
@@ -1,13 +1,14 @@
 import { authenticateRequest } from "@/app/api/v1/auth";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
+import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
 import { NextRequest } from "next/server";
-import { getResponses, getResponsesByEnvironmentId } from "@formbricks/lib/response/service";
+import { getResponses } from "@formbricks/lib/response/service";
 import { getSurvey } from "@formbricks/lib/survey/service";
 import { logger } from "@formbricks/logger";
 import { DatabaseError, InvalidInputError } from "@formbricks/types/errors";
 import { TResponse, ZResponseInput } from "@formbricks/types/responses";
-import { createResponse } from "./lib/response";
+import { createResponse, getResponsesByEnvironmentIds } from "./lib/response";

 export const GET = async (request: NextRequest) => {
  const searchParams = request.nextUrl.searchParams;
@@ -18,14 +19,26 @@ export const GET = async (request: NextRequest) => {
  try {
    const authentication = await authenticateRequest(request);
    if (!authentication) return responses.notAuthenticatedResponse();
-    let environmentResponses: TResponse[] = [];
+    let allResponses: TResponse[] = [];

    if (surveyId) {
-      environmentResponses = await getResponses(surveyId, limit, offset);
+      const survey = await getSurvey(surveyId);
+      if (!survey) {
+        return responses.notFoundResponse("Survey", surveyId, true);
+      }
+      if (!hasPermission(authentication.environmentPermissions, survey.environmentId, "GET")) {
+        return responses.unauthorizedResponse();
+      }
+      const surveyResponses = await getResponses(surveyId, limit, offset);
+      allResponses.push(...surveyResponses);
    } else {
-      environmentResponses = await getResponsesByEnvironmentId(authentication.environmentId, limit, offset);
+      const environmentIds = authentication.environmentPermissions.map(
+        (permission) => permission.environmentId
+      );
+      const environmentResponses = await getResponsesByEnvironmentIds(environmentIds, limit, offset);
+      allResponses.push(...environmentResponses);
    }
-    return responses.successResponse(environmentResponses);
+    return responses.successResponse(allResponses);
  } catch (error) {
    if (error instanceof DatabaseError) {
      return responses.badRequestResponse(error.message);
@@ -39,8 +52,6 @@ export const POST = async (request: Request): Promise<Response> => {
    const authentication = await authenticateRequest(request);
    if (!authentication) return responses.notAuthenticatedResponse();

-    const environmentId = authentication.environmentId;
-
    let jsonInput;

    try {
@@ -50,9 +61,6 @@ export const POST = async (request: Request): Promise<Response> => {
      return responses.badRequestResponse("Malformed JSON input, please check your request body");
    }

-    // add environmentId to response
-    jsonInput.environmentId = environmentId;
-
    const inputValidation = ZResponseInput.safeParse(jsonInput);

    if (!inputValidation.success) {
@@ -65,6 +73,12 @@ export const POST = async (request: Request): Promise<Response> => {

    const responseInput = inputValidation.data;

+    const environmentId = responseInput.environmentId;
+
+    if (!hasPermission(authentication.environmentPermissions, environmentId, "POST")) {
+      return responses.unauthorizedResponse();
+    }
+
    // get and check survey
    const survey = await getSurvey(responseInput.surveyId);
    if (!survey) {
@@ -3,21 +3,28 @@ import { deleteSurvey } from "@/app/api/v1/management/surveys/[surveyId]/lib/sur
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { getMultiLanguagePermission } from "@/modules/ee/license-check/lib/utils";
+import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
 import { getSurveyFollowUpsPermission } from "@/modules/survey/follow-ups/lib/utils";
 import { getOrganizationByEnvironmentId } from "@formbricks/lib/organization/service";
 import { getSurvey, updateSurvey } from "@formbricks/lib/survey/service";
 import { logger } from "@formbricks/logger";
-import { TSurvey, ZSurveyUpdateInput } from "@formbricks/types/surveys/types";
+import { TAuthenticationApiKey } from "@formbricks/types/auth";
+import { ZSurveyUpdateInput } from "@formbricks/types/surveys/types";

-const fetchAndAuthorizeSurvey = async (authentication: any, surveyId: string): Promise<TSurvey | null> => {
+const fetchAndAuthorizeSurvey = async (
+  surveyId: string,
+  authentication: TAuthenticationApiKey,
+  requiredPermission: "GET" | "PUT" | "DELETE"
+) => {
  const survey = await getSurvey(surveyId);
  if (!survey) {
-    return null;
+    return { error: responses.notFoundResponse("Survey", surveyId) };
  }
-  if (survey.environmentId !== authentication.environmentId) {
-    throw new Error("Unauthorized");
+  if (!hasPermission(authentication.environmentPermissions, survey.environmentId, requiredPermission)) {
+    return { error: responses.unauthorizedResponse() };
  }
-  return survey;
+
+  return { survey };
 };

 export const GET = async (
@@ -28,11 +35,9 @@ export const GET = async (
  try {
    const authentication = await authenticateRequest(request);
    if (!authentication) return responses.notAuthenticatedResponse();
-    const survey = await fetchAndAuthorizeSurvey(authentication, params.surveyId);
-    if (survey) {
-      return responses.successResponse(survey);
-    }
-    return responses.notFoundResponse("Survey", params.surveyId);
+    const result = await fetchAndAuthorizeSurvey(params.surveyId, authentication, "GET");
+    if (result.error) return result.error;
+    return responses.successResponse(result.survey);
  } catch (error) {
    return handleErrorResponse(error);
  }
@@ -46,10 +51,8 @@ export const DELETE = async (
  try {
    const authentication = await authenticateRequest(request);
    if (!authentication) return responses.notAuthenticatedResponse();
-    const survey = await fetchAndAuthorizeSurvey(authentication, params.surveyId);
-    if (!survey) {
-      return responses.notFoundResponse("Survey", params.surveyId);
-    }
+    const result = await fetchAndAuthorizeSurvey(params.surveyId, authentication, "DELETE");
+    if (result.error) return result.error;
    const deletedSurvey = await deleteSurvey(params.surveyId);
    return responses.successResponse(deletedSurvey);
  } catch (error) {
@@ -65,13 +68,10 @@ export const PUT = async (
  try {
    const authentication = await authenticateRequest(request);
    if (!authentication) return responses.notAuthenticatedResponse();
+    const result = await fetchAndAuthorizeSurvey(params.surveyId, authentication, "PUT");
+    if (result.error) return result.error;

-    const survey = await fetchAndAuthorizeSurvey(authentication, params.surveyId);
-    if (!survey) {
-      return responses.notFoundResponse("Survey", params.surveyId);
-    }
-
-    const organization = await getOrganizationByEnvironmentId(authentication.environmentId);
+    const organization = await getOrganizationByEnvironmentId(result.survey.environmentId);
    if (!organization) {
      return responses.notFoundResponse("Organization", null);
    }
@@ -85,7 +85,7 @@ export const PUT = async (
    }

    const inputValidation = ZSurveyUpdateInput.safeParse({
-      ...survey,
+      ...result.survey,
      ...surveyUpdate,
    });

@@ -1,6 +1,8 @@
 import { authenticateRequest, handleErrorResponse } from "@/app/api/v1/auth";
 import { responses } from "@/app/lib/api/response";
+import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
 import { NextRequest } from "next/server";
+import { getSurveyDomain } from "@formbricks/lib/getSurveyUrl";
 import { getSurvey } from "@formbricks/lib/survey/service";
 import { generateSurveySingleUseIds } from "@formbricks/lib/utils/singleUseSurveys";

@@ -16,8 +18,8 @@ export const GET = async (
    if (!survey) {
      return responses.notFoundResponse("Survey", params.surveyId);
    }
-    if (survey.environmentId !== authentication.environmentId) {
-      throw new Error("Unauthorized");
+    if (!hasPermission(authentication.environmentPermissions, survey.environmentId, "GET")) {
+      return responses.unauthorizedResponse();
    }

    if (!survey.singleUse || !survey.singleUse.enabled) {
@@ -36,9 +38,10 @@ export const GET = async (

    const singleUseIds = generateSurveySingleUseIds(limit, survey.singleUse.isEncrypted);

+    const surveyDomain = getSurveyDomain();
    // map single use ids to survey links
    const surveyLinks = singleUseIds.map(
-      (singleUseId) => `${process.env.WEBAPP_URL}/s/${survey.id}?suId=${singleUseId}`
+      (singleUseId) => `${surveyDomain}/s/${survey.id}?suId=${singleUseId}`
    );

    return responses.successResponse(surveyLinks);
@@ -0,0 +1,48 @@
+import "server-only";
+import { Prisma } from "@prisma/client";
+import { cache as reactCache } from "react";
+import { prisma } from "@formbricks/database";
+import { cache } from "@formbricks/lib/cache";
+import { surveyCache } from "@formbricks/lib/survey/cache";
+import { selectSurvey } from "@formbricks/lib/survey/service";
+import { transformPrismaSurvey } from "@formbricks/lib/survey/utils";
+import { validateInputs } from "@formbricks/lib/utils/validate";
+import { logger } from "@formbricks/logger";
+import { ZOptionalNumber } from "@formbricks/types/common";
+import { ZId } from "@formbricks/types/common";
+import { DatabaseError } from "@formbricks/types/errors";
+import { TSurvey } from "@formbricks/types/surveys/types";
+
+export const getSurveys = reactCache(
+  async (environmentIds: string[], limit?: number, offset?: number): Promise<TSurvey[]> =>
+    cache(
+      async () => {
+        validateInputs([environmentIds, ZId.array()], [limit, ZOptionalNumber], [offset, ZOptionalNumber]);
+
+        try {
+          const surveysPrisma = await prisma.survey.findMany({
+            where: {
+              environmentId: { in: environmentIds },
+            },
+            select: selectSurvey,
+            orderBy: {
+              updatedAt: "desc",
+            },
+            take: limit,
+            skip: offset,
+          });
+          return surveysPrisma.map((surveyPrisma) => transformPrismaSurvey<TSurvey>(surveyPrisma));
+        } catch (error) {
+          if (error instanceof Prisma.PrismaClientKnownRequestError) {
+            logger.error(error, "Error getting surveys");
+            throw new DatabaseError(error.message);
+          }
+          throw error;
+        }
+      },
+      environmentIds.map((environmentId) => `getSurveys-management-api-${environmentId}-${limit}-${offset}`),
+      {
+        tags: environmentIds.map((environmentId) => surveyCache.tag.byEnvironmentId(environmentId)),
+      }
+    )()
+);
@@ -2,12 +2,14 @@ import { authenticateRequest } from "@/app/api/v1/auth";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { getMultiLanguagePermission } from "@/modules/ee/license-check/lib/utils";
+import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
 import { getSurveyFollowUpsPermission } from "@/modules/survey/follow-ups/lib/utils";
 import { getOrganizationByEnvironmentId } from "@formbricks/lib/organization/service";
-import { createSurvey, getSurveys } from "@formbricks/lib/survey/service";
+import { createSurvey } from "@formbricks/lib/survey/service";
 import { logger } from "@formbricks/logger";
 import { DatabaseError } from "@formbricks/types/errors";
-import { ZSurveyCreateInput } from "@formbricks/types/surveys/types";
+import { ZSurveyCreateInputWithEnvironmentId } from "@formbricks/types/surveys/types";
+import { getSurveys } from "./lib/surveys";

 export const GET = async (request: Request) => {
  try {
@@ -18,7 +20,11 @@ export const GET = async (request: Request) => {
    const limit = searchParams.has("limit") ? Number(searchParams.get("limit")) : undefined;
    const offset = searchParams.has("offset") ? Number(searchParams.get("offset")) : undefined;

-    const surveys = await getSurveys(authentication.environmentId!, limit, offset);
+    const environmentIds = authentication.environmentPermissions.map(
+      (permission) => permission.environmentId
+    );
+    const surveys = await getSurveys(environmentIds, limit, offset);
+
    return responses.successResponse(surveys);
  } catch (error) {
    if (error instanceof DatabaseError) {
@@ -33,11 +39,6 @@ export const POST = async (request: Request): Promise<Response> => {
    const authentication = await authenticateRequest(request);
    if (!authentication) return responses.notAuthenticatedResponse();

-    const organization = await getOrganizationByEnvironmentId(authentication.environmentId);
-    if (!organization) {
-      return responses.notFoundResponse("Organization", null);
-    }
-
    let surveyInput;
    try {
      surveyInput = await request.json();
@@ -45,8 +46,7 @@ export const POST = async (request: Request): Promise<Response> => {
      logger.error({ error, url: request.url }, "Error parsing JSON");
      return responses.badRequestResponse("Malformed JSON input, please check your request body");
    }
-
-    const inputValidation = ZSurveyCreateInput.safeParse(surveyInput);
+    const inputValidation = ZSurveyCreateInputWithEnvironmentId.safeParse(surveyInput);

    if (!inputValidation.success) {
      return responses.badRequestResponse(
@@ -56,8 +56,18 @@ export const POST = async (request: Request): Promise<Response> => {
      );
    }

-    const environmentId = authentication.environmentId;
-    const surveyData = { ...inputValidation.data, environmentId: undefined };
+    const environmentId = inputValidation.data.environmentId;
+
+    if (!hasPermission(authentication.environmentPermissions, environmentId, "POST")) {
+      return responses.unauthorizedResponse();
+    }
+
+    const organization = await getOrganizationByEnvironmentId(environmentId);
+    if (!organization) {
+      return responses.notFoundResponse("Organization", null);
+    }
+
+    const surveyData = { ...inputValidation.data, environmentId };

    if (surveyData.followUps?.length) {
      const isSurveyFollowUpsEnabled = await getSurveyFollowUpsPermission(organization.billing.plan);
@@ -73,7 +83,7 @@ export const POST = async (request: Request): Promise<Response> => {
      }
    }

-    const survey = await createSurvey(environmentId, surveyData);
+    const survey = await createSurvey(environmentId, { ...surveyData, environmentId: undefined });
    return responses.successResponse(survey);
  } catch (error) {
    if (error instanceof DatabaseError) {
@@ -1,18 +1,19 @@
-import { getEnvironmentIdFromApiKey } from "@/app/api/v1/lib/api-key";
+import { authenticateRequest } from "@/app/api/v1/auth";
 import { deleteWebhook, getWebhook } from "@/app/api/v1/webhooks/[webhookId]/lib/webhook";
 import { responses } from "@/app/lib/api/response";
+import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
 import { headers } from "next/headers";
 import { logger } from "@formbricks/logger";

-export const GET = async (_: Request, props: { params: Promise<{ webhookId: string }> }) => {
+export const GET = async (request: Request, props: { params: Promise<{ webhookId: string }> }) => {
  const params = await props.params;
  const headersList = await headers();
  const apiKey = headersList.get("x-api-key");
  if (!apiKey) {
    return responses.notAuthenticatedResponse();
  }
-  const environmentId = await getEnvironmentIdFromApiKey(apiKey);
-  if (!environmentId) {
+  const authentication = await authenticateRequest(request);
+  if (!authentication) {
    return responses.notAuthenticatedResponse();
  }

@@ -21,7 +22,7 @@ export const GET = async (_: Request, props: { params: Promise<{ webhookId: stri
  if (!webhook) {
    return responses.notFoundResponse("Webhook", params.webhookId);
  }
-  if (webhook.environmentId !== environmentId) {
+  if (!hasPermission(authentication.environmentPermissions, webhook.environmentId, "GET")) {
    return responses.unauthorizedResponse();
  }
  return responses.successResponse(webhook);
@@ -34,8 +35,8 @@ export const DELETE = async (request: Request, props: { params: Promise<{ webhoo
  if (!apiKey) {
    return responses.notAuthenticatedResponse();
  }
-  const environmentId = await getEnvironmentIdFromApiKey(apiKey);
-  if (!environmentId) {
+  const authentication = await authenticateRequest(request);
+  if (!authentication) {
    return responses.notAuthenticatedResponse();
  }

@@ -44,7 +45,7 @@ export const DELETE = async (request: Request, props: { params: Promise<{ webhoo
  if (!webhook) {
    return responses.notFoundResponse("Webhook", params.webhookId);
  }
-  if (webhook.environmentId !== environmentId) {
+  if (!hasPermission(authentication.environmentPermissions, webhook.environmentId, "DELETE")) {
    return responses.unauthorizedResponse();
  }

@@ -8,17 +8,20 @@ import { validateInputs } from "@formbricks/lib/utils/validate";
 import { ZId, ZOptionalNumber } from "@formbricks/types/common";
 import { DatabaseError, InvalidInputError } from "@formbricks/types/errors";

-export const createWebhook = async (environmentId: string, webhookInput: TWebhookInput): Promise<Webhook> => {
-  validateInputs([environmentId, ZId], [webhookInput, ZWebhookInput]);
+export const createWebhook = async (webhookInput: TWebhookInput): Promise<Webhook> => {
+  validateInputs([webhookInput, ZWebhookInput]);

  try {
    const createdWebhook = await prisma.webhook.create({
      data: {
-        ...webhookInput,
+        url: webhookInput.url,
+        name: webhookInput.name,
+        source: webhookInput.source,
        surveyIds: webhookInput.surveyIds || [],
+        triggers: webhookInput.triggers || [],
        environment: {
          connect: {
-            id: environmentId,
+            id: webhookInput.environmentId,
          },
        },
      },
@@ -37,22 +40,24 @@ export const createWebhook = async (environmentId: string, webhookInput: TWebhoo
    }

    if (!(error instanceof InvalidInputError)) {
-      throw new DatabaseError(`Database error when creating webhook for environment ${environmentId}`);
+      throw new DatabaseError(
+        `Database error when creating webhook for environment ${webhookInput.environmentId}`
+      );
    }

    throw error;
  }
 };

-export const getWebhooks = (environmentId: string, page?: number): Promise<Webhook[]> =>
+export const getWebhooks = (environmentIds: string[], page?: number): Promise<Webhook[]> =>
  cache(
    async () => {
-      validateInputs([environmentId, ZId], [page, ZOptionalNumber]);
+      validateInputs([environmentIds, ZId.array()], [page, ZOptionalNumber]);

      try {
        const webhooks = await prisma.webhook.findMany({
          where: {
-            environmentId: environmentId,
+            environmentId: { in: environmentIds },
          },
          take: page ? ITEMS_PER_PAGE : undefined,
          skip: page ? ITEMS_PER_PAGE * (page - 1) : undefined,
@@ -66,8 +71,8 @@ export const getWebhooks = (environmentId: string, page?: number): Promise<Webho
        throw error;
      }
    },
-    [`getWebhooks-${environmentId}-${page}`],
+    environmentIds.map((environmentId) => `getWebhooks-${environmentId}-${page}`),
    {
-      tags: [webhookCache.tag.byEnvironmentId(environmentId)],
+      tags: environmentIds.map((environmentId) => webhookCache.tag.byEnvironmentId(environmentId)),
    }
  )();
@@ -1,42 +1,33 @@
-import { getEnvironmentIdFromApiKey } from "@/app/api/v1/lib/api-key";
+import { authenticateRequest } from "@/app/api/v1/auth";
 import { createWebhook, getWebhooks } from "@/app/api/v1/webhooks/lib/webhook";
 import { ZWebhookInput } from "@/app/api/v1/webhooks/types/webhooks";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
-import { headers } from "next/headers";
+import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
 import { DatabaseError, InvalidInputError } from "@formbricks/types/errors";

-export const GET = async () => {
-  const headersList = await headers();
-  const apiKey = headersList.get("x-api-key");
-  if (!apiKey) {
+export const GET = async (request: Request) => {
+  const authentication = await authenticateRequest(request);
+  if (!authentication) {
    return responses.notAuthenticatedResponse();
  }
-  const environmentId = await getEnvironmentIdFromApiKey(apiKey);
-  if (!environmentId) {
-    return responses.notAuthenticatedResponse();
-  }
-
-  // get webhooks from database
  try {
-    const webhooks = await getWebhooks(environmentId);
-    return Response.json({ data: webhooks });
+    const environmentIds = authentication.environmentPermissions.map(
+      (permission) => permission.environmentId
+    );
+    const webhooks = await getWebhooks(environmentIds);
+    return responses.successResponse(webhooks);
  } catch (error) {
    if (error instanceof DatabaseError) {
-      return responses.badRequestResponse(error.message);
+      return responses.internalServerErrorResponse(error.message);
    }
-    return responses.internalServerErrorResponse(error.message);
+    throw error;
  }
 };

 export const POST = async (request: Request) => {
-  const headersList = await headers();
-  const apiKey = headersList.get("x-api-key");
-  if (!apiKey) {
-    return responses.notAuthenticatedResponse();
-  }
-  const environmentId = await getEnvironmentIdFromApiKey(apiKey);
-  if (!environmentId) {
+  const authentication = await authenticateRequest(request);
+  if (!authentication) {
    return responses.notAuthenticatedResponse();
  }
  const webhookInput = await request.json();
@@ -50,9 +41,19 @@ export const POST = async (request: Request) => {
    );
  }

+  const environmentId = inputValidation.data.environmentId;
+
+  if (!environmentId) {
+    return responses.badRequestResponse("Environment ID is required");
+  }
+
+  if (!hasPermission(authentication.environmentPermissions, environmentId, "POST")) {
+    return responses.unauthorizedResponse();
+  }
+
  // add webhook to database
  try {
-    const webhook = await createWebhook(environmentId, inputValidation.data);
+    const webhook = await createWebhook(inputValidation.data);
    return responses.successResponse(webhook);
  } catch (error) {
    if (error instanceof InvalidInputError) {
@@ -11,6 +11,7 @@ export const ZWebhookInput = ZWebhook.partial({
  surveyIds: true,
  triggers: true,
  url: true,
+  environmentId: true,
 });

 export type TWebhookInput = z.infer<typeof ZWebhookInput>;
@@ -1,6 +1,6 @@
 import {
  OPTIONS,
  PUT,
-} from "@/modules/ee/contacts/api/client/[environmentId]/contacts/[userId]/attributes/route";
+} from "@/modules/ee/contacts/api/v1/client/[environmentId]/contacts/[userId]/attributes/route";

 export { OPTIONS, PUT };
@@ -1,6 +1,6 @@
 import {
  GET,
  OPTIONS,
-} from "@/modules/ee/contacts/api/client/[environmentId]/identify/contacts/[userId]/route";
+} from "@/modules/ee/contacts/api/v1/client/[environmentId]/identify/contacts/[userId]/route";

 export { GET, OPTIONS };
@@ -1,3 +1,3 @@
-import { OPTIONS, POST } from "@/modules/ee/contacts/api/client/[environmentId]/user/route";
+import { OPTIONS, POST } from "@/modules/ee/contacts/api/v1/client/[environmentId]/user/route";

 export { POST, OPTIONS };
@@ -0,0 +1,3 @@
+import { PUT } from "@/modules/ee/contacts/api/v2/management/contacts/bulk/route";
+
+export { PUT };
@@ -0,0 +1,3 @@
+import { GET } from "@/modules/api/v2/me/route";
+
+export { GET };
@@ -0,0 +1,3 @@
+import { DELETE, GET, POST, PUT } from "@/modules/api/v2/organizations/[organizationId]/project-teams/route";
+
+export { GET, POST, PUT, DELETE };
@@ -0,0 +1,3 @@
+import { DELETE, GET, PUT } from "@/modules/api/v2/organizations/[organizationId]/teams/[teamId]/route";
+
+export { GET, PUT, DELETE };
@@ -0,0 +1,3 @@
+import { GET, POST } from "@/modules/api/v2/organizations/[organizationId]/teams/route";
+
+export { GET, POST };
@@ -0,0 +1,3 @@
+import { GET, PATCH, POST } from "@/modules/api/v2/organizations/[organizationId]/users/route";
+
+export { GET, POST, PATCH };
@@ -0,0 +1,3 @@
+import { GET } from "@/modules/api/v2/roles/route";
+
+export { GET };
@@ -29,6 +29,7 @@ vi.mock("@formbricks/lib/constants", () => ({
  OIDC_SIGNING_ALGORITHM: "test-oidc-signing-algorithm",
  WEBAPP_URL: "test-webapp-url",
  IS_PRODUCTION: false,
+  SENTRY_DSN: "mock-sentry-dsn",
 }));

 vi.mock("@/tolgee/language", () => ({
@@ -39,10 +40,6 @@ vi.mock("@/tolgee/server", () => ({
  getTolgee: vi.fn(),
 }));

-vi.mock("@vercel/speed-insights/next", () => ({
-  SpeedInsights: () => <div data-testid="speed-insights">SpeedInsights</div>,
-}));
-
 vi.mock("@/modules/ui/components/post-hog-client", () => ({
  PHProvider: ({ children, posthogEnabled }: { children: React.ReactNode; posthogEnabled: boolean }) => (
    <div data-testid="ph-provider">
@@ -69,6 +66,15 @@ vi.mock("@/tolgee/client", () => ({
  ),
 }));

+vi.mock("@/app/sentry/SentryProvider", () => ({
+  SentryProvider: ({ children, sentryDsn }: { children: React.ReactNode; sentryDsn?: string }) => (
+    <div data-testid="sentry-provider">
+      SentryProvider: {sentryDsn}
+      {children}
+    </div>
+  ),
+}));
+
 describe("RootLayout", () => {
  beforeEach(() => {
    cleanup();
@@ -91,12 +97,8 @@ describe("RootLayout", () => {
    const element = await RootLayout({ children });
    render(element);

-    // log env vercel
-    console.log("vercel", process.env.VERCEL);
-
-    expect(screen.getByTestId("speed-insights")).toBeInTheDocument();
-    expect(screen.getByTestId("ph-provider")).toBeInTheDocument();
    expect(screen.getByTestId("tolgee-next-provider")).toBeInTheDocument();
+    expect(screen.getByTestId("sentry-provider")).toBeInTheDocument();
    expect(screen.getByTestId("child")).toHaveTextContent("Child Content");
  });
 });
@@ -1,12 +1,11 @@
-import { PHProvider } from "@/modules/ui/components/post-hog-client";
+import { SentryProvider } from "@/app/sentry/SentryProvider";
 import { TolgeeNextProvider } from "@/tolgee/client";
 import { getLocale } from "@/tolgee/language";
 import { getTolgee } from "@/tolgee/server";
 import { TolgeeStaticData } from "@tolgee/react";
-import { SpeedInsights } from "@vercel/speed-insights/next";
 import { Metadata } from "next";
 import React from "react";
-import { IS_POSTHOG_CONFIGURED } from "@formbricks/lib/constants";
+import { SENTRY_DSN } from "@formbricks/lib/constants";
 import "../modules/ui/globals.css";

 export const metadata: Metadata = {
@@ -26,12 +25,11 @@ const RootLayout = async ({ children }: { children: React.ReactNode }) => {
  return (
    <html lang={locale} translate="no">
      <body className="flex h-dvh flex-col transition-all ease-in-out">
-        {process.env.VERCEL === "1" && <SpeedInsights sampleRate={0.1} />}
-        <PHProvider posthogEnabled={IS_POSTHOG_CONFIGURED}>
+        <SentryProvider sentryDsn={SENTRY_DSN}>
          <TolgeeNextProvider language={locale} staticData={staticData as unknown as TolgeeStaticData}>
            {children}
          </TolgeeNextProvider>
-        </PHProvider>
+        </SentryProvider>
      </body>
    </html>
  );
@@ -1,18 +0,0 @@
-export const fetchFile = async (
-  data: { json: any; fields?: string[]; fileName?: string },
-  filetype: string
-) => {
-  const endpoint = filetype === "csv" ? "csv-conversion" : "excel-conversion";
-
-  const response = await fetch(`/api/${endpoint}`, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify(data),
-  });
-
-  if (!response.ok) throw new Error("Failed to convert to file");
-
-  return response.json();
-};
@@ -0,0 +1,101 @@
+import * as Sentry from "@sentry/nextjs";
+import { cleanup, render, screen } from "@testing-library/react";
+import { afterEach, describe, expect, it, vi } from "vitest";
+import { SentryProvider } from "./SentryProvider";
+
+vi.mock("@sentry/nextjs", async () => {
+  const actual = await vi.importActual<typeof import("@sentry/nextjs")>("@sentry/nextjs");
+  return {
+    ...actual,
+    replayIntegration: (options: any) => {
+      return {
+        name: "Replay",
+        id: "Replay",
+        options,
+      };
+    },
+  };
+});
+
+describe("SentryProvider", () => {
+  afterEach(() => {
+    cleanup();
+  });
+
+  it("calls Sentry.init when sentryDsn is provided", () => {
+    const sentryDsn = "https://examplePublicKey@o0.ingest.sentry.io/0";
+    const initSpy = vi.spyOn(Sentry, "init").mockImplementation(() => undefined);
+
+    render(
+      <SentryProvider sentryDsn={sentryDsn}>
+        <div data-testid="child">Test Content</div>
+      </SentryProvider>
+    );
+
+    // The useEffect runs after mount, so Sentry.init should have been called.
+    expect(initSpy).toHaveBeenCalled();
+    expect(initSpy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        dsn: sentryDsn,
+        tracesSampleRate: 1,
+        debug: false,
+        replaysOnErrorSampleRate: 1.0,
+        replaysSessionSampleRate: 0.1,
+        integrations: expect.any(Array),
+        beforeSend: expect.any(Function),
+      })
+    );
+  });
+
+  it("does not call Sentry.init when sentryDsn is not provided", () => {
+    const initSpy = vi.spyOn(Sentry, "init").mockImplementation(() => undefined);
+
+    render(
+      <SentryProvider>
+        <div data-testid="child">Test Content</div>
+      </SentryProvider>
+    );
+
+    expect(initSpy).not.toHaveBeenCalled();
+  });
+
+  it("renders children", () => {
+    const sentryDsn = "https://examplePublicKey@o0.ingest.sentry.io/0";
+    render(
+      <SentryProvider sentryDsn={sentryDsn}>
+        <div data-testid="child">Test Content</div>
+      </SentryProvider>
+    );
+    expect(screen.getByTestId("child")).toHaveTextContent("Test Content");
+  });
+
+  it("processes beforeSend correctly", () => {
+    const sentryDsn = "https://examplePublicKey@o0.ingest.sentry.io/0";
+    const initSpy = vi.spyOn(Sentry, "init").mockImplementation(() => undefined);
+
+    render(
+      <SentryProvider sentryDsn={sentryDsn}>
+        <div data-testid="child">Test Content</div>
+      </SentryProvider>
+    );
+
+    const config = initSpy.mock.calls[0][0];
+    expect(config).toHaveProperty("beforeSend");
+    const beforeSend = config.beforeSend;
+
+    if (!beforeSend) {
+      throw new Error("beforeSend is not defined");
+    }
+
+    const dummyEvent = { some: "event" } as unknown as Sentry.ErrorEvent;
+
+    const hintWithNextNotFound = { originalException: { digest: "NEXT_NOT_FOUND" } };
+    expect(beforeSend(dummyEvent, hintWithNextNotFound)).toBeNull();
+
+    const hintWithOtherError = { originalException: { digest: "OTHER_ERROR" } };
+    expect(beforeSend(dummyEvent, hintWithOtherError)).toEqual(dummyEvent);
+
+    const hintWithoutError = { originalException: undefined };
+    expect(beforeSend(dummyEvent, hintWithoutError)).toEqual(dummyEvent);
+  });
+});
@@ -0,0 +1,53 @@
+"use client";
+
+import * as Sentry from "@sentry/nextjs";
+import { useEffect } from "react";
+
+interface SentryProviderProps {
+  children: React.ReactNode;
+  sentryDsn?: string;
+}
+
+export const SentryProvider = ({ children, sentryDsn }: SentryProviderProps) => {
+  useEffect(() => {
+    if (sentryDsn) {
+      Sentry.init({
+        dsn: sentryDsn,
+
+        // Adjust this value in production, or use tracesSampler for greater control
+        tracesSampleRate: 1,
+
+        // Setting this option to true will print useful information to the console while you're setting up Sentry.
+        debug: false,
+
+        replaysOnErrorSampleRate: 1.0,
+
+        // This sets the sample rate to be 10%. You may want this to be 100% while
+        // in development and sample at a lower rate in production
+        replaysSessionSampleRate: 0.1,
+
+        // You can remove this option if you're not planning to use the Sentry Session Replay feature:
+        integrations: [
+          Sentry.replayIntegration({
+            // Additional Replay configuration goes in here, for example:
+            maskAllText: true,
+            blockAllMedia: true,
+          }),
+        ],
+
+        beforeSend(event, hint) {
+          const error = hint.originalException as Error;
+
+          // @ts-expect-error
+          if (error && error.digest === "NEXT_NOT_FOUND") {
+            return null;
+          }
+
+          return event;
+        },
+      });
+    }
+  }, []);
+
+  return <>{children}</>;
+};
@@ -19,7 +19,7 @@ export const getFile = async (
        headers: {
          "Content-Type": metaData.contentType,
          "Content-Disposition": "attachment",
-          "Cache-Control": "public, max-age=1200, s-maxage=1200, stale-while-revalidate=300",
+          "Cache-Control": "public, max-age=300, s-maxage=300, stale-while-revalidate=300",
          Vary: "Accept-Encoding",
        },
      });
@@ -35,10 +35,7 @@ export const getFile = async (
      status: 302,
      headers: {
        Location: signedUrl,
-        "Cache-Control":
-          accessType === "public"
-            ? `public, max-age=3600, s-maxage=3600, stale-while-revalidate=300`
-            : `public, max-age=600, s-maxage=3600, stale-while-revalidate=300`,
+        "Cache-Control": "public, max-age=300, s-maxage=300, stale-while-revalidate=300",
      },
    });
  } catch (error: unknown) {
@@ -1,8 +1,14 @@
-import { env } from "@formbricks/lib/env";
+import { PROMETHEUS_ENABLED, SENTRY_DSN } from "@formbricks/lib/constants";

 // instrumentation.ts
 export const register = async () => {
-  if (process.env.NEXT_RUNTIME === "nodejs" && env.PROMETHEUS_ENABLED) {
+  if (process.env.NEXT_RUNTIME === "nodejs" && PROMETHEUS_ENABLED) {
    await import("./instrumentation-node");
  }
+  if (process.env.NEXT_RUNTIME === "nodejs" && SENTRY_DSN) {
+    await import("./sentry.server.config");
+  }
+  if (process.env.NEXT_RUNTIME === "edge" && SENTRY_DSN) {
+    await import("./sentry.edge.config");
+  }
 };
@@ -2,8 +2,8 @@ import { revalidateTag } from "next/cache";

 interface RevalidateProps {
  id?: string;
-  environmentId?: string;
  hashedKey?: string;
+  organizationId?: string;
 }

 export const apiKeyCache = {
@@ -11,24 +11,24 @@ export const apiKeyCache = {
    byId(id: string) {
      return `apiKeys-${id}`;
    },
-    byEnvironmentId(environmentId: string) {
-      return `environments-${environmentId}-apiKeys`;
-    },
    byHashedKey(hashedKey: string) {
      return `apiKeys-${hashedKey}-apiKey`;
    },
+    byOrganizationId(organizationId: string) {
+      return `organizations-${organizationId}-apiKeys`;
+    },
  },
-  revalidate({ id, environmentId, hashedKey }: RevalidateProps): void {
+  revalidate({ id, hashedKey, organizationId }: RevalidateProps): void {
    if (id) {
      revalidateTag(this.tag.byId(id));
    }

-    if (environmentId) {
-      revalidateTag(this.tag.byEnvironmentId(environmentId));
-    }
-
    if (hashedKey) {
      revalidateTag(this.tag.byHashedKey(hashedKey));
    }
+
+    if (organizationId) {
+      revalidateTag(this.tag.byOrganizationId(organizationId));
+    }
  },
 };
@@ -155,7 +155,7 @@ export const getOrganizationIdFromApiKeyId = async (apiKeyId: string) => {
    throw new ResourceNotFoundError("apiKey", apiKeyId);
  }

-  return await getOrganizationIdFromEnvironmentId(apiKeyFromServer.environmentId);
+  return apiKeyFromServer.organizationId;
 };

 export const getOrganizationIdFromInviteId = async (inviteId: string) => {
@@ -240,15 +240,6 @@ export const getProjectIdFromSegmentId = async (segmentId: string) => {
  return await getProjectIdFromEnvironmentId(segment.environmentId);
 };

-export const getProjectIdFromApiKeyId = async (apiKeyId: string) => {
-  const apiKey = await getApiKey(apiKeyId);
-  if (!apiKey) {
-    throw new ResourceNotFoundError("apiKey", apiKeyId);
-  }
-
-  return await getProjectIdFromEnvironmentId(apiKey.environmentId);
-};
-
 export const getProjectIdFromActionClassId = async (actionClassId: string) => {
  const actionClass = await getActionClass(actionClassId);
  if (!actionClass) {
@@ -51,7 +51,7 @@ export const getActionClass = reactCache(
 );

 export const getApiKey = reactCache(
-  async (apiKeyId: string): Promise<{ environmentId: string } | null> =>
+  async (apiKeyId: string): Promise<{ organizationId: string } | null> =>
    cache(
      async () => {
        validateInputs([apiKeyId, ZString]);
@@ -66,7 +66,7 @@ export const getApiKey = reactCache(
              id: apiKeyId,
            },
            select: {
-              environmentId: true,
+              organizationId: true,
            },
          });

@@ -24,15 +24,27 @@ import { ipAddress } from "@vercel/functions";
 import { getToken } from "next-auth/jwt";
 import { NextRequest, NextResponse } from "next/server";
 import { v4 as uuidv4 } from "uuid";
-import { E2E_TESTING, IS_PRODUCTION, RATE_LIMITING_DISABLED, WEBAPP_URL } from "@formbricks/lib/constants";
+import {
+  E2E_TESTING,
+  IS_PRODUCTION,
+  RATE_LIMITING_DISABLED,
+  SURVEY_URL,
+  WEBAPP_URL,
+} from "@formbricks/lib/constants";
 import { isValidCallbackUrl } from "@formbricks/lib/utils/url";
+import { logger } from "@formbricks/logger";

 const enforceHttps = (request: NextRequest): Response | null => {
  const forwardedProto = request.headers.get("x-forwarded-proto") ?? "http";
  if (IS_PRODUCTION && !E2E_TESTING && forwardedProto !== "https") {
    const apiError: ApiErrorResponseV2 = {
      type: "forbidden",
-      details: [{ field: "", issue: "Only HTTPS connections are allowed on the management endpoint." }],
+      details: [
+        {
+          field: "",
+          issue: "Only HTTPS connections are allowed on the management and contacts bulk endpoints.",
+        },
+      ],
    };
    logApiError(request, apiError);
    return NextResponse.json(apiError, { status: 403 });
@@ -78,7 +90,34 @@ const applyRateLimiting = (request: NextRequest, ip: string) => {
  }
 };

+const handleSurveyDomain = (request: NextRequest): Response | null => {
+  try {
+    if (!SURVEY_URL) return null;
+
+    const host = request.headers.get("host") || "";
+    const surveyDomain = SURVEY_URL ? new URL(SURVEY_URL).host : "";
+    if (host !== surveyDomain) return null;
+
+    return new NextResponse(null, { status: 404 });
+  } catch (error) {
+    logger.error(error, "Error handling survey domain");
+    return new NextResponse(null, { status: 404 });
+  }
+};
+
+const isSurveyRoute = (request: NextRequest) => {
+  return request.nextUrl.pathname.startsWith("/c/") || request.nextUrl.pathname.startsWith("/s/");
+};
+
 export const middleware = async (originalRequest: NextRequest) => {
+  if (isSurveyRoute(originalRequest)) {
+    return NextResponse.next();
+  }
+
+  // Handle survey domain routing.
+  const surveyResponse = handleSurveyDomain(originalRequest);
+  if (surveyResponse) return surveyResponse;
+
  // Create a new Request object to override headers and add a unique request ID header
  const request = new NextRequest(originalRequest, {
    headers: new Headers(originalRequest.headers),
@@ -88,6 +127,7 @@ export const middleware = async (originalRequest: NextRequest) => {
  request.headers.set("x-start-time", Date.now().toString());

  // Create a new NextResponse object to forward the new request with headers
+
  const nextResponseWithCustomHeader = NextResponse.next({
    request: {
      headers: request.headers,
@@ -132,20 +172,6 @@ export const middleware = async (originalRequest: NextRequest) => {

 export const config = {
  matcher: [
-    "/api/auth/callback/credentials",
-    "/api/(.*)/client/:path*",
-    "/api/v1/js/actions",
-    "/api/v1/client/storage",
-    "/share/(.*)/:path",
-    "/environments/:path*",
-    "/setup/organization/:path*",
-    "/api/auth/signout",
-    "/auth/login",
-    "/auth/signup",
-    "/api/packages/:path*",
-    "/auth/verification-requested",
-    "/auth/forgot-password",
-    "/api/v1/management/:path*",
-    "/api/v2/management/:path*",
+    "/((?!_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt|js|css|images|fonts|icons|public|api/v1/og).*)", // Exclude the Open Graph image generation route from middleware
  ],
 };
@@ -15,7 +15,7 @@ import { SurveyLinkDisplay } from "./components/SurveyLinkDisplay";

 interface ShareSurveyLinkProps {
  survey: TSurvey;
-  webAppUrl: string;
+  surveyDomain: string;
  surveyUrl: string;
  setSurveyUrl: (url: string) => void;
  locale: TUserLocale;
@@ -23,8 +23,8 @@ interface ShareSurveyLinkProps {

 export const ShareSurveyLink = ({
  survey,
-  webAppUrl,
  surveyUrl,
+  surveyDomain,
  setSurveyUrl,
  locale,
 }: ShareSurveyLinkProps) => {
@@ -32,7 +32,7 @@ export const ShareSurveyLink = ({
  const [language, setLanguage] = useState("default");

  const getUrl = useCallback(async () => {
-    let url = `${webAppUrl}/s/${survey.id}`;
+    let url = `${surveyDomain}/s/${survey.id}`;
    const queryParams: string[] = [];

    if (survey.singleUse?.enabled) {
@@ -58,7 +58,9 @@ export const ShareSurveyLink = ({
    }

    setSurveyUrl(url);
-  }, [survey, webAppUrl, language]);
+
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [survey, surveyDomain, language]);

  const generateNewSingleUseLink = () => {
    getUrl();
@@ -0,0 +1,102 @@
+import { checkRateLimitAndThrowError } from "@/modules/api/v2/lib/rate-limit";
+import { formatZodError, handleApiError } from "@/modules/api/v2/lib/utils";
+import { ZodRawShape, z } from "zod";
+import { TAuthenticationApiKey } from "@formbricks/types/auth";
+import { authenticateRequest } from "./authenticate-request";
+
+export type HandlerFn<TInput = Record<string, unknown>> = ({
+  authentication,
+  parsedInput,
+  request,
+}: {
+  authentication: TAuthenticationApiKey;
+  parsedInput: TInput;
+  request: Request;
+}) => Promise<Response>;
+
+export type ExtendedSchemas = {
+  body?: z.ZodObject<ZodRawShape>;
+  query?: z.ZodObject<ZodRawShape>;
+  params?: z.ZodObject<ZodRawShape>;
+};
+
+// Define a type that returns separate keys for each input type.
+export type ParsedSchemas<S extends ExtendedSchemas | undefined> = {
+  body?: S extends { body: z.ZodObject<any> } ? z.infer<S["body"]> : undefined;
+  query?: S extends { query: z.ZodObject<any> } ? z.infer<S["query"]> : undefined;
+  params?: S extends { params: z.ZodObject<any> } ? z.infer<S["params"]> : undefined;
+};
+
+export const apiWrapper = async <S extends ExtendedSchemas>({
+  request,
+  schemas,
+  externalParams,
+  rateLimit = true,
+  handler,
+}: {
+  request: Request;
+  schemas?: S;
+  externalParams?: Promise<Record<string, any>>;
+  rateLimit?: boolean;
+  handler: HandlerFn<ParsedSchemas<S>>;
+}): Promise<Response> => {
+  const authentication = await authenticateRequest(request);
+  if (!authentication.ok) {
+    return handleApiError(request, authentication.error);
+  }
+
+  let parsedInput: ParsedSchemas<S> = {} as ParsedSchemas<S>;
+
+  if (schemas?.body) {
+    const bodyData = await request.json();
+    const bodyResult = schemas.body.safeParse(bodyData);
+
+    if (!bodyResult.success) {
+      return handleApiError(request, {
+        type: "unprocessable_entity",
+        details: formatZodError(bodyResult.error),
+      });
+    }
+    parsedInput.body = bodyResult.data as ParsedSchemas<S>["body"];
+  }
+
+  if (schemas?.query) {
+    const url = new URL(request.url);
+    const queryObject = Object.fromEntries(url.searchParams.entries());
+    const queryResult = schemas.query.safeParse(queryObject);
+    if (!queryResult.success) {
+      return handleApiError(request, {
+        type: "unprocessable_entity",
+        details: formatZodError(queryResult.error),
+      });
+    }
+    parsedInput.query = queryResult.data as ParsedSchemas<S>["query"];
+  }
+
+  if (schemas?.params) {
+    const paramsObject = (await externalParams) || {};
+    const paramsResult = schemas.params.safeParse(paramsObject);
+    if (!paramsResult.success) {
+      return handleApiError(request, {
+        type: "unprocessable_entity",
+        details: formatZodError(paramsResult.error),
+      });
+    }
+    parsedInput.params = paramsResult.data as ParsedSchemas<S>["params"];
+  }
+
+  if (rateLimit) {
+    const rateLimitResponse = await checkRateLimitAndThrowError({
+      identifier: authentication.data.hashedApiKey,
+    });
+    if (!rateLimitResponse.ok) {
+      return handleApiError(request, rateLimitResponse.error);
+    }
+  }
+
+  return handler({
+    authentication: authentication.data,
+    parsedInput,
+    request,
+  });
+};
@@ -0,0 +1,34 @@
+import { hashApiKey } from "@/modules/api/v2/management/lib/utils";
+import { ApiErrorResponseV2 } from "@/modules/api/v2/types/api-error";
+import { getApiKeyWithPermissions } from "@/modules/organization/settings/api-keys/lib/api-key";
+import { TAuthenticationApiKey } from "@formbricks/types/auth";
+import { Result, err, ok } from "@formbricks/types/error-handlers";
+
+export const authenticateRequest = async (
+  request: Request
+): Promise<Result<TAuthenticationApiKey, ApiErrorResponseV2>> => {
+  const apiKey = request.headers.get("x-api-key");
+  if (!apiKey) return err({ type: "unauthorized" });
+
+  const apiKeyData = await getApiKeyWithPermissions(apiKey);
+
+  if (!apiKeyData) return err({ type: "unauthorized" });
+
+  const hashedApiKey = hashApiKey(apiKey);
+
+  const authentication: TAuthenticationApiKey = {
+    type: "apiKey",
+    environmentPermissions: apiKeyData.apiKeyEnvironments.map((env) => ({
+      environmentId: env.environmentId,
+      environmentType: env.environment.type,
+      permission: env.permission,
+      projectId: env.environment.projectId,
+      projectName: env.environment.project.name,
+    })),
+    hashedApiKey,
+    apiKeyId: apiKeyData.id,
+    organizationId: apiKeyData.organizationId,
+    organizationAccess: apiKeyData.organizationAccess,
+  };
+  return ok(authentication);
+};
@@ -0,0 +1,42 @@
+import { handleApiError, logApiRequest } from "@/modules/api/v2/lib/utils";
+import { ApiErrorResponseV2 } from "@/modules/api/v2/types/api-error";
+import { ExtendedSchemas, HandlerFn, ParsedSchemas, apiWrapper } from "./api-wrapper";
+
+export const authenticatedApiClient = async <S extends ExtendedSchemas>({
+  request,
+  schemas,
+  externalParams,
+  rateLimit = true,
+  handler,
+}: {
+  request: Request;
+  schemas?: S;
+  externalParams?: Promise<Record<string, any>>;
+  rateLimit?: boolean;
+  handler: HandlerFn<ParsedSchemas<S>>;
+}): Promise<Response> => {
+  try {
+    const response = await apiWrapper({
+      request,
+      schemas,
+      externalParams,
+      rateLimit,
+      handler,
+    });
+
+    if (response.ok) {
+      logApiRequest(request, response.status);
+    }
+
+    return response;
+  } catch (err) {
+    if ("type" in err) {
+      return handleApiError(request, err as ApiErrorResponseV2);
+    }
+
+    return handleApiError(request, {
+      type: "internal_server_error",
+      details: [{ field: "error", issue: "An error occurred while processing your request." }],
+    });
+  }
+};
@@ -1,7 +1,7 @@
+import { apiWrapper } from "@/modules/api/v2/auth/api-wrapper";
+import { authenticateRequest } from "@/modules/api/v2/auth/authenticate-request";
 import { checkRateLimitAndThrowError } from "@/modules/api/v2/lib/rate-limit";
 import { handleApiError } from "@/modules/api/v2/lib/utils";
-import { apiWrapper } from "@/modules/api/v2/management/auth/api-wrapper";
-import { authenticateRequest } from "@/modules/api/v2/management/auth/authenticate-request";
 import { ApiErrorResponseV2 } from "@/modules/api/v2/types/api-error";
 import { describe, expect, it, vi } from "vitest";
 import { z } from "zod";
@@ -19,6 +19,11 @@ vi.mock("@/modules/api/v2/lib/utils", () => ({
  handleApiError: vi.fn(),
 }));

+vi.mock("@/modules/api/v2/lib/utils", () => ({
+  formatZodError: vi.fn(),
+  handleApiError: vi.fn(),
+}));
+
 describe("apiWrapper", () => {
  it("should handle request and return response", async () => {
    const request = new Request("http://localhost", {
@@ -0,0 +1,114 @@
+import { hashApiKey } from "@/modules/api/v2/management/lib/utils";
+import { describe, expect, it, vi } from "vitest";
+import { prisma } from "@formbricks/database";
+import { authenticateRequest } from "../authenticate-request";
+
+vi.mock("@formbricks/database", () => ({
+  prisma: {
+    apiKey: {
+      findUnique: vi.fn(),
+      update: vi.fn(),
+    },
+  },
+}));
+
+vi.mock("@/modules/api/v2/management/lib/utils", () => ({
+  hashApiKey: vi.fn(),
+}));
+
+describe("authenticateRequest", () => {
+  it("should return authentication data if apiKey is valid", async () => {
+    const request = new Request("http://localhost", {
+      headers: { "x-api-key": "valid-api-key" },
+    });
+
+    const mockApiKeyData = {
+      id: "api-key-id",
+      organizationId: "org-id",
+      createdAt: new Date(),
+      createdBy: "user-id",
+      lastUsedAt: null,
+      label: "Test API Key",
+      hashedKey: "hashed-api-key",
+      apiKeyEnvironments: [
+        {
+          environmentId: "env-id-1",
+          permission: "manage",
+          environment: {
+            id: "env-id-1",
+            projectId: "project-id-1",
+            type: "development",
+            project: { name: "Project 1" },
+          },
+        },
+        {
+          environmentId: "env-id-2",
+          permission: "read",
+          environment: {
+            id: "env-id-2",
+            projectId: "project-id-2",
+            type: "production",
+            project: { name: "Project 2" },
+          },
+        },
+      ],
+    };
+
+    vi.mocked(hashApiKey).mockReturnValue("hashed-api-key");
+    vi.mocked(prisma.apiKey.findUnique).mockResolvedValue(mockApiKeyData);
+    vi.mocked(prisma.apiKey.update).mockResolvedValue(mockApiKeyData);
+
+    const result = await authenticateRequest(request);
+
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.data).toEqual({
+        type: "apiKey",
+        environmentPermissions: [
+          {
+            environmentId: "env-id-1",
+            permission: "manage",
+            environmentType: "development",
+            projectId: "project-id-1",
+            projectName: "Project 1",
+          },
+          {
+            environmentId: "env-id-2",
+            permission: "read",
+            environmentType: "production",
+            projectId: "project-id-2",
+            projectName: "Project 2",
+          },
+        ],
+        hashedApiKey: "hashed-api-key",
+        apiKeyId: "api-key-id",
+        organizationId: "org-id",
+      });
+    }
+  });
+
+  it("should return unauthorized error if apiKey is not found", async () => {
+    const request = new Request("http://localhost", {
+      headers: { "x-api-key": "invalid-api-key" },
+    });
+    vi.mocked(prisma.apiKey.findUnique).mockResolvedValue(null);
+
+    const result = await authenticateRequest(request);
+
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toEqual({ type: "unauthorized" });
+    }
+  });
+
+  it("should return unauthorized error if apiKey is missing", async () => {
+    const request = new Request("http://localhost");
+
+    const result = await authenticateRequest(request);
+
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toEqual({ type: "unauthorized" });
+    }
+  });
+});
@@ -122,9 +122,11 @@ const notFoundResponse = ({
 const conflictResponse = ({
  cors = false,
  cache = "private, no-store",
+  details = [],
 }: {
  cors?: boolean;
  cache?: string;
+  details?: ApiErrorDetails;
 } = {}) => {
  const headers = {
    ...(cors && corsHeaders),
@@ -136,6 +138,7 @@ const conflictResponse = ({
      error: {
        code: 409,
        message: "Conflict",
+        details,
      },
    },
    {
@@ -232,7 +235,7 @@ const internalServerErrorResponse = ({
 const successResponse = ({
  data,
  meta,
-  cors = false,
+  cors = true,
  cache = "private, no-store",
 }: {
  data: Object;
@@ -257,6 +260,34 @@ const successResponse = ({
  );
 };

+export const multiStatusResponse = ({
+  data,
+  meta,
+  cors = false,
+  cache = "private, no-store",
+}: {
+  data: Object;
+  meta?: Record<string, unknown>;
+  cors?: boolean;
+  cache?: string;
+}) => {
+  const headers = {
+    ...(cors && corsHeaders),
+    "Cache-Control": cache,
+  };
+
+  return Response.json(
+    {
+      data,
+      meta,
+    } as ApiSuccessResponse,
+    {
+      status: 207,
+      headers,
+    }
+  );
+};
+
 export const responses = {
  badRequestResponse,
  unauthorizedResponse,
@@ -267,4 +298,5 @@ export const responses = {
  tooManyRequestsResponse,
  internalServerErrorResponse,
  successResponse,
+  multiStatusResponse,
 };
@@ -85,13 +85,15 @@ describe("API Responses", () => {

  describe("conflictResponse", () => {
    test("return a 409 response", async () => {
-      const res = responses.conflictResponse();
+      const details = [{ field: "resource", issue: "already exists" }];
+      const res = responses.conflictResponse({ details });
      expect(res.status).toBe(409);
      const body = await res.json();
      expect(body).toEqual({
        error: {
          code: 409,
          message: "Conflict",
+          details,
        },
      });
    });
@@ -1,6 +1,6 @@
 import { responses } from "@/modules/api/v2/lib/response";
 import { ApiErrorResponseV2 } from "@/modules/api/v2/types/api-error";
-import { ZodError } from "zod";
+import { ZodCustomIssue, ZodIssue } from "zod";
 import { logger } from "@formbricks/logger";

 export const handleApiError = (request: Request, err: ApiErrorResponseV2): Response => {
@@ -16,7 +16,7 @@ export const handleApiError = (request: Request, err: ApiErrorResponseV2): Respo
    case "not_found":
      return responses.notFoundResponse({ details: err.details });
    case "conflict":
-      return responses.conflictResponse();
+      return responses.conflictResponse({ details: err.details });
    case "unprocessable_entity":
      return responses.unprocessableEntityResponse({ details: err.details });
    case "too_many_requests":
@@ -34,11 +34,16 @@ export const handleApiError = (request: Request, err: ApiErrorResponseV2): Respo
  }
 };

-export const formatZodError = (error: ZodError) => {
-  return error.issues.map((issue) => ({
-    field: issue.path.join("."),
-    issue: issue.message,
-  }));
+export const formatZodError = (error: { issues: (ZodIssue | ZodCustomIssue)[] }) => {
+  return error.issues.map((issue) => {
+    const issueParams = issue.code === "custom" ? issue.params : undefined;
+
+    return {
+      field: issue.path.join("."),
+      issue: issue.message ?? "An error occurred while processing your request. Please try again later.",
+      ...(issueParams && { meta: issueParams }),
+    };
+  });
 };

 export const logApiRequest = (request: Request, responseStatus: number): void => {
@@ -1,105 +0,0 @@
-import { checkRateLimitAndThrowError } from "@/modules/api/v2/lib/rate-limit";
-import { formatZodError, handleApiError } from "@/modules/api/v2/lib/utils";
-import { ZodRawShape, z } from "zod";
-import { TAuthenticationApiKey } from "@formbricks/types/auth";
-import { err } from "@formbricks/types/error-handlers";
-import { authenticateRequest } from "./authenticate-request";
-
-export type HandlerFn<TInput = Record<string, unknown>> = ({
-  authentication,
-  parsedInput,
-  request,
-}: {
-  authentication: TAuthenticationApiKey;
-  parsedInput: TInput;
-  request: Request;
-}) => Promise<Response>;
-
-export type ExtendedSchemas = {
-  body?: z.ZodObject<ZodRawShape>;
-  query?: z.ZodObject<ZodRawShape>;
-  params?: z.ZodObject<ZodRawShape>;
-};
-
-// Define a type that returns separate keys for each input type.
-export type ParsedSchemas<S extends ExtendedSchemas | undefined> = {
-  body?: S extends { body: z.ZodObject<any> } ? z.infer<S["body"]> : undefined;
-  query?: S extends { query: z.ZodObject<any> } ? z.infer<S["query"]> : undefined;
-  params?: S extends { params: z.ZodObject<any> } ? z.infer<S["params"]> : undefined;
-};
-
-export const apiWrapper = async <S extends ExtendedSchemas>({
-  request,
-  schemas,
-  externalParams,
-  rateLimit = true,
-  handler,
-}: {
-  request: Request;
-  schemas?: S;
-  externalParams?: Promise<Record<string, any>>;
-  rateLimit?: boolean;
-  handler: HandlerFn<ParsedSchemas<S>>;
-}): Promise<Response> => {
-  try {
-    const authentication = await authenticateRequest(request);
-    if (!authentication.ok) return handleApiError(request, authentication.error);
-
-    let parsedInput: ParsedSchemas<S> = {} as ParsedSchemas<S>;
-
-    if (schemas?.body) {
-      const bodyData = await request.json();
-      const bodyResult = schemas.body.safeParse(bodyData);
-
-      if (!bodyResult.success) {
-        throw err({
-          type: "bad_request",
-          details: formatZodError(bodyResult.error),
-        });
-      }
-      parsedInput.body = bodyResult.data as ParsedSchemas<S>["body"];
-    }
-
-    if (schemas?.query) {
-      const url = new URL(request.url);
-      const queryObject = Object.fromEntries(url.searchParams.entries());
-      const queryResult = schemas.query.safeParse(queryObject);
-      if (!queryResult.success) {
-        throw err({
-          type: "unprocessable_entity",
-          details: formatZodError(queryResult.error),
-        });
-      }
-      parsedInput.query = queryResult.data as ParsedSchemas<S>["query"];
-    }
-
-    if (schemas?.params) {
-      const paramsObject = (await externalParams) || {};
-      const paramsResult = schemas.params.safeParse(paramsObject);
-      if (!paramsResult.success) {
-        throw err({
-          type: "unprocessable_entity",
-          details: formatZodError(paramsResult.error),
-        });
-      }
-      parsedInput.params = paramsResult.data as ParsedSchemas<S>["params"];
-    }
-
-    if (rateLimit) {
-      const rateLimitResponse = await checkRateLimitAndThrowError({
-        identifier: authentication.data.hashedApiKey,
-      });
-      if (!rateLimitResponse.ok) {
-        throw rateLimitResponse.error;
-      }
-    }
-
-    return handler({
-      authentication: authentication.data,
-      parsedInput,
-      request,
-    });
-  } catch (err) {
-    return handleApiError(request, err.error);
-  }
-};
@@ -1,34 +0,0 @@
-import { getEnvironmentIdFromApiKey } from "@/modules/api/v2/management/lib/api-key";
-import { hashApiKey } from "@/modules/api/v2/management/lib/utils";
-import { ApiErrorResponseV2 } from "@/modules/api/v2/types/api-error";
-import { TAuthenticationApiKey } from "@formbricks/types/auth";
-import { Result, err, ok } from "@formbricks/types/error-handlers";
-
-export const authenticateRequest = async (
-  request: Request
-): Promise<Result<TAuthenticationApiKey, ApiErrorResponseV2>> => {
-  const apiKey = request.headers.get("x-api-key");
-
-  if (apiKey) {
-    const environmentIdResult = await getEnvironmentIdFromApiKey(apiKey);
-    if (!environmentIdResult.ok) {
-      return err(environmentIdResult.error);
-    }
-    const environmentId = environmentIdResult.data;
-    const hashedApiKey = hashApiKey(apiKey);
-    if (environmentId) {
-      const authentication: TAuthenticationApiKey = {
-        type: "apiKey",
-        environmentId,
-        hashedApiKey,
-      };
-      return ok(authentication);
-    }
-    return err({
-      type: "forbidden",
-    });
-  }
-  return err({
-    type: "unauthorized",
-  });
-};
@@ -1,29 +0,0 @@
-import { logApiRequest } from "@/modules/api/v2/lib/utils";
-import { ExtendedSchemas, HandlerFn, ParsedSchemas, apiWrapper } from "./api-wrapper";
-
-export const authenticatedApiClient = async <S extends ExtendedSchemas>({
-  request,
-  schemas,
-  externalParams,
-  rateLimit = true,
-  handler,
-}: {
-  request: Request;
-  schemas?: S;
-  externalParams?: Promise<Record<string, any>>;
-  rateLimit?: boolean;
-  handler: HandlerFn<ParsedSchemas<S>>;
-}): Promise<Response> => {
-  const response = await apiWrapper({
-    request,
-    schemas,
-    externalParams,
-    rateLimit,
-    handler,
-  });
-  if (response.ok) {
-    logApiRequest(request, response.status);
-  }
-
-  return response;
-};
@@ -1,18 +0,0 @@
-import { ApiErrorResponseV2 } from "@/modules/api/v2/types/api-error";
-import { TAuthenticationApiKey } from "@formbricks/types/auth";
-import { Result, err, okVoid } from "@formbricks/types/error-handlers";
-
-export const checkAuthorization = ({
-  authentication,
-  environmentId,
-}: {
-  authentication: TAuthenticationApiKey;
-  environmentId: string;
-}): Result<void, ApiErrorResponseV2> => {
-  if (authentication.type === "apiKey" && authentication.environmentId !== environmentId) {
-    return err({
-      type: "unauthorized",
-    });
-  }
-  return okVoid();
-};
@@ -1,73 +0,0 @@
-import { getEnvironmentIdFromApiKey } from "@/modules/api/v2/management/lib/api-key";
-import { hashApiKey } from "@/modules/api/v2/management/lib/utils";
-import { describe, expect, it, vi } from "vitest";
-import { err, ok } from "@formbricks/types/error-handlers";
-import { authenticateRequest } from "../authenticate-request";
-
-vi.mock("@/modules/api/v2/management/lib/api-key", () => ({
-  getEnvironmentIdFromApiKey: vi.fn(),
-}));
-
-vi.mock("@/modules/api/v2/management/lib/utils", () => ({
-  hashApiKey: vi.fn(),
-}));
-
-describe("authenticateRequest", () => {
-  it("should return authentication data if apiKey is valid", async () => {
-    const request = new Request("http://localhost", {
-      headers: { "x-api-key": "valid-api-key" },
-    });
-    vi.mocked(getEnvironmentIdFromApiKey).mockResolvedValue(ok("env-id"));
-    vi.mocked(hashApiKey).mockReturnValue("hashed-api-key");
-
-    const result = await authenticateRequest(request);
-
-    expect(result.ok).toBe(true);
-    if (result.ok) {
-      expect(result.data).toEqual({
-        type: "apiKey",
-        environmentId: "env-id",
-        hashedApiKey: "hashed-api-key",
-      });
-    }
-  });
-
-  it("should return forbidden error if environmentId is not found", async () => {
-    const request = new Request("http://localhost", {
-      headers: { "x-api-key": "invalid-api-key" },
-    });
-    vi.mocked(getEnvironmentIdFromApiKey).mockResolvedValue(err({ type: "forbidden" }));
-
-    const result = await authenticateRequest(request);
-
-    expect(result.ok).toBe(false);
-    if (!result.ok) {
-      expect(result.error).toEqual({ type: "forbidden" });
-    }
-  });
-
-  it("should return forbidden error if environmentId is empty", async () => {
-    const request = new Request("http://localhost", {
-      headers: { "x-api-key": "invalid-api-key" },
-    });
-    vi.mocked(getEnvironmentIdFromApiKey).mockResolvedValue(ok(""));
-
-    const result = await authenticateRequest(request);
-
-    expect(result.ok).toBe(false);
-    if (!result.ok) {
-      expect(result.error).toEqual({ type: "forbidden" });
-    }
-  });
-
-  it("should return unauthorized error if apiKey is missing", async () => {
-    const request = new Request("http://localhost");
-
-    const result = await authenticateRequest(request);
-
-    expect(result.ok).toBe(false);
-    if (!result.ok) {
-      expect(result.error).toEqual({ type: "unauthorized" });
-    }
-  });
-});
@@ -1,31 +0,0 @@
-import { describe, expect, it } from "vitest";
-import { TAuthenticationApiKey } from "@formbricks/types/auth";
-import { checkAuthorization } from "../check-authorization";
-
-describe("checkAuthorization", () => {
-  it("should return ok if authentication is valid", () => {
-    const authentication: TAuthenticationApiKey = {
-      type: "apiKey",
-      environmentId: "env-id",
-      hashedApiKey: "hashed-api-key",
-    };
-    const result = checkAuthorization({ authentication, environmentId: "env-id" });
-
-    expect(result.ok).toBe(true);
-  });
-
-  it("should return unauthorized error if environmentId does not match", () => {
-    const authentication: TAuthenticationApiKey = {
-      type: "apiKey",
-      environmentId: "env-id",
-      hashedApiKey: "hashed-api-key",
-    };
-    const result = checkAuthorization({ authentication, environmentId: "different-env-id" });
-
-    expect(result.ok).toBe(false);
-
-    if (!result.ok) {
-      expect(result.error).toEqual({ type: "unauthorized" });
-    }
-  });
-});
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Dhruwang Jariwala	81fc97c7e9	fix: Add Cache-Control to allowed CORS headers (#5252 )	2025-04-07 14:47:02 +00:00
Matti Nannt	785c5a59c6	chore: make mock passwords more obvious to test suites (#5240 )	2025-04-07 12:40:40 +00:00
Piyush Gupta	25ecfaa883	fix: formbricks version on localhost (#5250 )	2025-04-07 10:42:13 +00:00
Anshuman Pandey	38e2c019fa	fix: ios package sonarqube fixes (#5249 )	2025-04-07 08:48:56 +00:00
victorvhs017	15878a4ac5	chore: Refactored the Turnstile next public env variable and added test files (#4997 ) Co-authored-by: Piyush Gupta <piyushguptaa2z123@gmail.com>	2025-04-07 06:07:39 +00:00
Matti Nannt	9802536ded	chore: upgrade demo app to tailwind v4 (#5237 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2025-04-07 05:40:10 +00:00
victorvhs017	2c7f92a4d7	feat: user endpoints (#5232 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com> Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-04-06 06:06:18 +00:00
Piyush Gupta	c653841037	chore: block signin with SSO when user is not found (#5233 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-04-06 04:22:53 +00:00
Matti Nannt	ec314c14ea	fix: failing e2e test (#5234 )	2025-04-05 14:20:22 +02:00
victorvhs017	c03e60ac0b	feat: organization endpoints (#5076 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com> Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-04-05 13:54:21 +02:00
Dhruwang Jariwala	cbf2343143	feat: lastLoginAt to user model (#5216 )	2025-04-05 13:22:38 +02:00
Dhruwang Jariwala	9d9b3ac543	chore: added isActive to user model (#5211 ) Co-authored-by: Piyush Gupta <piyushguptaa2z123@gmail.com>	2025-04-05 12:22:45 +02:00
Matti Nannt	591b35a70b	fix: upgrade npm dependencies with high security risk (#5221 )	2025-04-05 06:04:01 +02:00
Piyush Gupta	f0c7b881d3	fix: don't allow spaces as "other" values in select questions (#5224 )	2025-04-04 08:01:26 +00:00
dependabot[bot]	3fd5515db1	chore(deps): bump SonarSource/sonarqube-scan-action from 4.2.1 to 5.1.0 (#5104 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-04-04 05:03:40 +02:00
Matti Nannt	f32401afd6	chore: update vite & vitest dependency versions (#5217 )	2025-04-04 03:40:21 +02:00
Dhruwang Jariwala	1b9d91f1e8	chore: Api keys to org level (#5044 ) Co-authored-by: Victor Santos <victor@formbricks.com> Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-04-03 14:59:42 +02:00
Matti Nannt	1f039d707c	chore: update root npm dependencies (#5208 )	2025-04-03 06:40:29 +02:00
Dhruwang Jariwala	6671d877ad	fix: skip button label validation for required nps and rating questions (#5153 )	2025-04-02 09:53:25 +00:00
Matti Nannt	2867c95494	chore: update SHARE_RATE_LIMIT to 50 request per 5 minute (#5194 ) Co-authored-by: Johannes <72809645+jobenjada@users.noreply.github.com>	2025-04-02 09:48:59 +00:00
Johannes	aa55cec060	fix: bulk member invite and table layout (#5209 )	2025-04-02 09:32:01 +00:00
Matti Nannt	dfb6c4cd9e	chore: update demo app dependencies (#5207 )	2025-04-02 06:34:15 +00:00
Dhruwang Jariwala	a9082f66e8	fix: (Security) implement HSTS (#5206 )	2025-04-02 05:38:33 +00:00
Dhruwang Jariwala	bf39b0fbfb	fix: added cache no-store when formbricksDebug is enabled (#5197 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-04-02 05:19:27 +00:00
Dhruwang Jariwala	e347f2179a	fix: consent/cta back button issue (#5201 )	2025-04-02 02:29:53 +00:00
Matti Nannt	d4f155b6bc	chore: update storybook app dependencies (#5195 )	2025-04-01 19:39:45 +02:00
Matti Nannt	da001834f5	chore: remove unused tailwind import from mobile SDK webviews (#5198 )	2025-04-01 12:59:57 +00:00
Anshuman Pandey	f54352dd82	chore: changes storage cache to 5 minutes (#5196 )	2025-04-01 07:25:17 +00:00
Matti Nannt	0fba0fae73	chore: remove posthog provider from top layout (#5169 )	2025-04-01 06:24:17 +00:00
Anshuman Pandey	406ec88515	fix: adding back hidden fields for backwards compatibility (#5163 )	2025-04-01 05:20:30 +00:00
Matti Nannt	b97957d166	chore(infra): increase ressource limits to 1 cpu & 1Gi mem (#5192 )	2025-04-01 04:50:55 +00:00
Matti Nannt	655ad6b9e0	docs: fix response client api endpoint is missing environmentId (#5161 )	2025-03-31 12:14:44 +02:00
Anshuman Pandey	f5ce42fc2d	feat: api for uploading contacts in bulk (#5053 ) Co-authored-by: Piyush Gupta <piyushguptaa2z123@gmail.com>	2025-03-30 07:44:17 +00:00
dependabot[bot]	709cdf260d	chore(deps): bump react-day-picker from 9.4.4 to 9.6.3 (#5149 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Matthias Nannt <mail@matthiasnannt.com>	2025-03-29 06:29:05 +00:00
Piyush Gupta	5c583028e0	feat: adds second domain (#4989 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-03-28 17:22:17 +00:00
Matti Nannt	c70008d1be	chore: remove unused cron github actions (#5151 )	2025-03-28 12:13:23 +01:00
Piyush Jain	13fa716fe8	chore(eks): add AmazonSSMManagedInstanceCore policy (#5152 )	2025-03-28 08:57:56 +00:00
victorvhs017	c3af5b428f	feat: added the roles endpoint, documentation, unity and e2e tests (#5068 ) Co-authored-by: Piyush Gupta <piyushguptaa2z123@gmail.com>	2025-03-28 04:53:39 +00:00
Matti Nannt	40e2f28e94	chore: add dependabot config (#5084 )	2025-03-28 04:02:29 +01:00
victorvhs017	2964f2e079	chore: Refactored the Sentry next public env variable and added test files (#4979 ) Co-authored-by: Piyush Gupta <piyushguptaa2z123@gmail.com>	2025-03-27 13:04:25 +00:00
Jakob Schott	e1a5291123	fix: unify alert component (#5002 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2025-03-27 12:46:56 +00:00
Piyush Jain	ef41f35209	fix: rds (#5078 )	2025-03-27 12:30:49 +01:00
Jakob Schott	2f64b202c1	fix: billing modal translation (#5079 )	2025-03-27 10:50:24 +00:00
Piyush Gupta	2500c739ae	fix: next-auth inactive session timeout changed 30days -> 1hr (#5066 )	2025-03-27 09:54:35 +00:00