Backend API  ·  Platform Admin  ·  PWA Ready

Run POS, inventory, reports, and commerce from one Laravel backend

AndgateBOS gives store teams a production-ready API layer with token auth, store isolation, accounting, e-commerce, analytics, and an installable platform admin console.

OpenAPI documented Multi-tenant stores Secure admin workflows
POST /api/login → 200 OK
// Request { "email": "admin@myshop.com", "password": "••••••••" } // Response { "success": true, "message": "Login successful", "data": { "token": "1|abc123xyz...", "user": { "id": 1, "role": "store_admin", ... }, "permissions": ["products.view", "orders.create", ...] } }
218
API Operations
147
Route Paths
29
API Groups
PWA
Install Ready
Operate

Daily POS workflows

Products, orders, customers, purchases, returns, stock movement, and serial tracking are exposed through one consistent API.

Govern

Admin controls

Platform admins can manage tenants, subscriptions, permissions, audit logs, support, notifications, and e-commerce operations.

Extend

Commerce and reporting

Public storefront APIs, customer cart flows, analytics endpoints, and report exports let web, mobile, and back-office tools share data.

API Reference

Everything your POS needs

Organised into logical groups — each group maps directly to a tag in the Swagger UI.

🔐
Authentication
Register, login, logout, password reset, staff creation, and permission management.
POST /login POST /register POST /logout POST /forgot-password
🏪
Store Management
Multi-store setup with currencies, payment methods, payment statuses, members, and units.
GET /store PUT /store GET /store/members POST /store/currencies
📦
Products
Full product lifecycle — CRUD, availability toggle, barcode/QR generation, and Excel bulk upload.
GET /products POST /products POST /products/barcode POST /products/bulk-upload
🛒
Orders (POS Sales)
Create POS transactions with line items, serial tracking, discounts, and payment recording.
GET /orders POST /orders GET /orders/{id}/items PUT /orders/{id}
↩️
Order Returns
Process full or partial order returns with configurable reasons and optional stock restoration.
POST /order-returns GET /order-return-reasons POST /order-return-reasons
🏭
Purchase Orders
Manage supplier purchase orders, drafts, payments, and due clearances to keep stock updated.
GET /purchase-order POST /purchase-order POST /purchase-order/{id}/payment POST /purchase-drafts
📊
Inventory & Stock
Stock summary, movement history, category-wise analysis, serial tracking, and adjustments.
GET /stock/summary GET /stock/movement POST /product-adjustments GET /product-serials
🧾
Accounting
Double-entry ledger system with journal entries, expense tracking, and balance reporting.
GET /ledgers POST /journals POST /expenses GET /ledgers/{id}/journals
👥
Customers & Suppliers
Manage your customer and supplier directories with search, due tracking, and purchase history.
GET /customers GET /customers/search GET /suppliers GET /supplier/purchases
📈
Reports (13 types)
Date-range business intelligence — sales, P&L, tax, stock, low-stock, customer, supplier, invoice, and more.
POST /reports/sales POST /reports/profit-loss POST /reports/stock POST /reports/invoice
🛍️
E-commerce — Public
Public storefront API — browse products, categories, brands, stock check, and order tracking.
GET /ecommerce/products POST /ecommerce/stock-check GET /ecommerce/order-tracking/{no}
🛒
E-commerce — Customer
Authenticated storefront — cart, wishlist, place orders, address book, and account management.
GET /ecommerce/cart POST /ecommerce/cart POST /ecommerce/orders POST /ecommerce/wishlist/toggle

Security

Token-based Authentication

The API issues personal access tokens. Attach them as Bearer tokens on every protected request.

1
Login to get a token
Call the login endpoint with your credentials and receive a personal access token.
POST /api/login
2
Include the Bearer token
Attach the token to every subsequent request in the Authorization header.
Authorization: Bearer {token}
3
Pass the Store ID
For store-scoped endpoints, include the store ID in the X-Store-ID header.
X-Store-ID: {store_id}
4
Authorize in Swagger UI
Click the lock icon in Swagger UI, enter your token, and all calls are automatically authenticated.
Authorization flow
# Step 1 — Get token curl -X POST http://localhost:8080/api/login \ -H "Content-Type: application/json" \ -d '{"email":"you@shop.com","password":"secret"}' # Response → copy the token { "data": { "token": "1|abc123..." } } # Step 2 — Use the token curl http://localhost:8080/api/products/ \ -H "Authorization: Bearer 1|abc123..." \ -H "X-Store-ID: 1"

Platform Features

Built for production

Key capabilities baked into every API response and flow.

🏗️
Standard Response Envelope
Every response wraps data in a consistent JSON envelope with success, message, data, errors, and meta fields.
🏢
Multi-tenant Architecture
One user, many stores. All data is scoped by store. Staff members are assigned per-store with granular permissions.
🔑
Granular Permissions
60+ named permissions (e.g. products.create, orders.view) enforced via middleware on every route.
📋
Activity Logging
All create, update, and delete actions are logged automatically for a complete audit trail.
🔖
Serial Number Tracking
Products with serials are tracked individually from stock-in through sale, with status transitions (available → sold → returned).
🛡️
IP Blacklisting & Rate Limiting
Login attempts are logged and suspicious IPs can be blocked via the platform admin panel to protect against brute-force.
📊
13 Report Types
Date-range filtered reports — sales, P&L, tax, stock, low-stock, customer, supplier, invoice, purchases, returns, and more.
🛍️
Integrated E-commerce
Full storefront API with cart, wishlist, address book, order tracking, and stock-check — runs from the same backend.

Response Format

Predictable JSON structure

Every endpoint — success or failure — returns the same envelope so your client code stays simple.

200 OK Success response
{ "success": true, "message": "Login successful", "data": { "token": "1|abc123...", "user": { ... }, "permissions": [ ... ] }, "errors": null, "meta": { "timestamp": "2025-01-01T10:00:00.000Z", "request_id": "req-uuid-abc" } }
422 Unprocessable Validation error
{ "success": false, "message": "Validation failed", "data": null, "errors": { "email": ["The email field is required."], "password": ["Min 6 characters required."] }, "meta": { "timestamp": "2025-01-01T10:00:00.000Z", "request_id": null } }
HTTP Status Meaning success field
200 OK — request succeeded true
201 Created — resource was created true
401 Unauthorized — token missing or invalid false
403 Forbidden — no permission for this action false
404 Not Found — resource does not exist false
422 Unprocessable — validation failed false
🚀

Ready to integrate?

Open the interactive Swagger UI to explore every endpoint, try live requests, and download the OpenAPI spec.

Base URL http://localhost:8080