Dragon Guard Handheld uses a two-path authentication strategy designed for warehouses operating inside the Grupo MAS ecosystem. Every login attempt starts with the delegated Grupo MAS endpoint; the app automatically retries against the standard local endpoint only when the backend signals that the tenant or user is not configured for Grupo MAS delegated login. Both paths carry the device’s identity so the backend can enforce the hardware allow-list before granting a session.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_APK/llms.txt
Use this file to discover all available pages before exploring further.
Login endpoints
| Path | Purpose |
|---|---|
POST api/auth/grupomas-handheld-login | Primary — Grupo MAS delegated authentication |
POST api/auth/login | Fallback — local credential authentication |
GET api/auth/registration-options | Fetch available companies and default role before registering |
POST api/auth/register | Create a new local user account |
Login sequence
Collect credentials and device identity
The
LoginViewModel reads the email and password entered by the operator and calls DeviceIdentityService to resolve DeviceId and DeviceName before building the request.POST to Grupo MAS handheld login
AuthService.LoginAsync serialises the request and posts to the primary endpoint. The payload differs slightly from the local endpoint — it uses username instead of email:Evaluate response — fallback if required
If the primary endpoint returns a non-success status code, The local fallback payload:
AuthService inspects the JSON messageKey field. When the key is auth.localEmailConflict or auth.grupoMasNativeRequired, the app transparently retries using the local login endpoint with the full payload including isHandheld: true.Deserialise AuthSessionResponseDto
A successful Each entry in
2xx response is deserialised into AuthSessionResponseDto. A parse failure (malformed JSON, missing company or role data) surfaces a user-facing message rather than a raw exception.Companies carries the company GUID and the role code granted to the user inside that company:Company context enforcement in SessionService
SessionService.SignInAsync filters out entries where CompanyId is an empty GUID and then enforces the single-company rule before writing anything to storage. Login is blocked in both the zero-company and multi-company cases.Error message keys
The backend returns structured JSON errors with amessageKey field. AuthService.TryReadJsonLoginError maps each key to a localised, operator-readable message. The table below documents every key and the action required to resolve it.
messageKey | User-facing message | Resolution |
|---|---|---|
auth.externalLoginFailed | MAS rechazó el usuario o password (or the server’s message field) | Verify Grupo MAS credentials are correct |
auth.localEmailConflict | Existe un usuario local con el mismo identificador | App falls back to local login automatically |
auth.grupoMasNativeRequired | Este tenant no está configurado para login handheld de Grupo MAS | App falls back to local login automatically |
auth.companyInactive | Este tenant está inactivo | Contact system administrator to reactivate the tenant |
integration.adapterNotConfigured | La integración Grupo MAS no está configurada para este tenant | Supreme Admin must configure the Grupo MAS adapter |
integration.remoteUnavailable | MAS no está disponible o rechazó la conexión de login | Check Grupo MAS service availability |
integration.companyCodeRequired | Falta el código de empresa requerido para Grupo MAS | Supreme Admin must set the company code in the integration settings |
plans.deviceNotAuthorized | Este handheld no está autorizado — MAC/ID shown if returned | Register the device’s MAC or ANDROID_ID via Supreme Admin |
plans.deviceInactive | Este handheld está inactivo — MAC/ID shown if returned | Reactivate the device via Supreme Admin |
plans.deviceLimitExceeded | El tenant superó el límite de handhelds activos del plan | Upgrade plan or deactivate an unused device |
| Raw string | User-facing message |
|---|---|
EMAIL_AND_PASSWORD_REQUIRED | Ingresa usuario y password |
USERNAME_AND_PASSWORD_REQUIRED | Ingresa usuario y password |
DEVICE_ID_REQUIRED | No se pudo identificar este handheld. Revisa la configuración del dispositivo |
USER_NOT_FOUND | Usuario no encontrado |
INVALID_USER | Usuario invalido |
INVALID_PASSWORD | Password incorrecto |
LOGIN_TEMPORARILY_UNAVAILABLE | Login no disponible temporalmente. Revisa la conexión del sistema |
plans.deviceNotAuthorized | Este handheld no está autorizado para este tenant. Solicita al admin supremo registrar la MAC/ID del dispositivo |
plans.deviceInactive | Este handheld está inactivo para este tenant. Solicita reactivación al admin supremo |
plans.deviceLimitExceeded | El tenant superó el límite de handhelds activos del plan |
User registration
New local users can be created from within the app. The registration flow first fetches available companies and the default role, then posts the new account.Registration creates a local account. Users who authenticate via Grupo MAS delegated login do not need a separate registration step — their identity is managed entirely by the Grupo MAS system.