AndgatePOS
REST API  ·  OpenAPI 3.0  ·  v1.0.0

The AndgatePOS
Backend API

A comprehensive multi-tenant Point-of-Sale REST API — covering products, orders, inventory, accounting, e-commerce storefront, reports, and more.

Interactive Swagger UI Browse Endpoints
218
API Operations
147
Route Paths
29
API Groups
22
Schemas
POST /api/login → 200 OK
// Request { "email": "admin@myshop.com", "password": "••••••••" } // Response { "success": true, "message": "Login successful", "data": { "token": "1|abc123xyz...", "user": { "id": 1, "role": "store_admin", ... }, "permissions": ["products.view", "orders.create", ...] } }

API Reference

Everything your POS needs

Organised into logical groups — each group maps directly to a tag in the Swagger UI.

🔐
Authentication
Register, login, logout, password reset, staff creation, and permission management.
POST /login POST /register POST /logout POST /forgot-password
🏪
Store Management
Multi-store setup with currencies, payment methods, payment statuses, members, and units.
GET /store PUT /store GET /store/members POST /store/currencies
📦
Products
Full product lifecycle — CRUD, availability toggle, barcode/QR generation, and Excel bulk upload.
GET /products POST /products POST /products/barcode POST /products/bulk-upload
🛒
Orders (POS Sales)
Create POS transactions with line items, serial tracking, discounts, and payment recording.
GET /orders POST /orders GET /orders/{id}/items PUT /orders/{id}
↩️
Order Returns
Process full or partial order returns with configurable reasons and optional stock restoration.
POST /order-returns GET /order-return-reasons POST /order-return-reasons
🏭
Purchase Orders
Manage supplier purchase orders, drafts, payments, and due clearances to keep stock updated.
GET /purchase-order POST /purchase-order POST /purchase-order/{id}/payment POST /purchase-drafts
📊
Inventory & Stock
Stock summary, movement history, category-wise analysis, serial tracking, and adjustments.
GET /stock/summary GET /stock/movement POST /product-adjustments GET /product-serials
🧾
Accounting
Double-entry ledger system with journal entries, expense tracking, and balance reporting.
GET /ledgers POST /journals POST /expenses GET /ledgers/{id}/journals
👥
Customers & Suppliers
Manage your customer and supplier directories with search, due tracking, and purchase history.
GET /customers GET /customers/search GET /suppliers GET /supplier/purchases
📈
Reports (13 types)
Date-range business intelligence — sales, P&L, tax, stock, low-stock, customer, supplier, invoice, and more.
POST /reports/sales POST /reports/profit-loss POST /reports/stock POST /reports/invoice
🛍️
E-commerce — Public
Public storefront API — browse products, categories, brands, stock check, and order tracking.
GET /ecommerce/products POST /ecommerce/stock-check GET /ecommerce/order-tracking/{no}
🛒
E-commerce — Customer
Authenticated storefront — cart, wishlist, place orders, address book, and account management.
GET /ecommerce/cart POST /ecommerce/cart POST /ecommerce/orders POST /ecommerce/wishlist/toggle

Security

Token-based Authentication

The API issues personal access tokens. Attach them as Bearer tokens on every protected request.

1
Login to get a token
Call the login endpoint with your credentials and receive a personal access token.
POST /api/login
2
Include the Bearer token
Attach the token to every subsequent request in the Authorization header.
Authorization: Bearer {token}
3
Pass the Store ID
For store-scoped endpoints, include the store ID in the X-Store-ID header.
X-Store-ID: {store_id}
4
Authorize in Swagger UI
Click the lock icon in Swagger UI, enter your token, and all calls are automatically authenticated.
→ Open Swagger UI
Authorization flow
# Step 1 — Get token curl -X POST http://localhost:8080/api/login \ -H "Content-Type: application/json" \ -d '{"email":"you@shop.com","password":"secret"}' # Response → copy the token { "data": { "token": "1|abc123..." } } # Step 2 — Use the token curl http://localhost:8080/api/products/ \ -H "Authorization: Bearer 1|abc123..." \ -H "X-Store-ID: 1"

Platform Features

Built for production

Key capabilities baked into every API response and flow.

🏗️
Standard Response Envelope
Every response wraps data in a consistent JSON envelope with success, message, data, errors, and meta fields.
🏢
Multi-tenant Architecture
One user, many stores. All data is scoped by store. Staff members are assigned per-store with granular permissions.
🔑
Granular Permissions
60+ named permissions (e.g. products.create, orders.view) enforced via middleware on every route.
📋
Activity Logging
All create, update, and delete actions are logged automatically for a complete audit trail.
🔖
Serial Number Tracking
Products with serials are tracked individually from stock-in through sale, with status transitions (available → sold → returned).
🛡️
IP Blacklisting & Rate Limiting
Login attempts are logged and suspicious IPs can be blocked via the platform admin panel to protect against brute-force.
📊
13 Report Types
Date-range filtered reports — sales, P&L, tax, stock, low-stock, customer, supplier, invoice, purchases, returns, and more.
🛍️
Integrated E-commerce
Full storefront API with cart, wishlist, address book, order tracking, and stock-check — runs from the same backend.

Response Format

Predictable JSON structure

Every endpoint — success or failure — returns the same envelope so your client code stays simple.

200 OK Success response
{ "success": true, "message": "Login successful", "data": { "token": "1|abc123...", "user": { ... }, "permissions": [ ... ] }, "errors": null, "meta": { "timestamp": "2025-01-01T10:00:00.000Z", "request_id": "req-uuid-abc" } }
422 Unprocessable Validation error
{ "success": false, "message": "Validation failed", "data": null, "errors": { "email": ["The email field is required."], "password": ["Min 6 characters required."] }, "meta": { "timestamp": "2025-01-01T10:00:00.000Z", "request_id": null } }
HTTP Status Meaning success field
200 OK — request succeeded true
201 Created — resource was created true
401 Unauthorized — token missing or invalid false
403 Forbidden — no permission for this action false
404 Not Found — resource does not exist false
422 Unprocessable — validation failed false
🚀

Ready to integrate?

Open the interactive Swagger UI to explore every endpoint, try live requests, and download the OpenAPI spec.

Open Swagger UI Download swagger.json
Base URL http://localhost:8080