# Route all API requests to the router
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /api/
    
    # Allow direct access to index.php
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    
    # Route everything to index.php
    RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>

# Deny access to helper files directly
<FilesMatch "^(helpers|endpoints|migrations)">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</FilesMatch>