The Supreme API (Documentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_BACK/llms.txt
Use this file to discover all available pages before exploring further.
/api/supreme) is the platform-level administration surface of Dragon Guard. All endpoints require a valid JWT with isSuperAdmin = true (role SUPERADMIN_SUPREMO). These endpoints are not available to regular tenant users.
GET /api/supreme/dashboard
Returns a platform-wide health and metrics snapshot including company counts, plan distribution, recent activity, and missing warehouse setup indicators. Authentication: Bearer JWT withisSuperAdmin = true (required).
Total registered tenants.
Tenants with status
Active.Inactive or suspended tenants.
Total active users across all tenants.
Total warehouse locations.
Total bins.
Total item catalog records.
Sum of all inventory movement quantities.
Total receiving headers.
Total shipment headers.
Total inventory movements.
MRR from active plan subscriptions.
Breakdown of companies per plan name.
Companies missing default locations, bins, or items.
Last 10 receipts and shipments across all tenants.
GET /api/supreme/companies
Returns all registered tenant companies with plan and integration summary. Authentication: Bearer JWT withisSuperAdmin = true (required).
GET /api/supreme/companies/
Returns full detail for a single company including integration settings, RFID configuration, GrupoMAS polling state, user count, and assigned roles. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
Street address.
City.
Country.
Currency (default
USD).Time zone (default
UTC).WMS module enabled flag.
Whether negative stock is permitted.
ERP outbound callback URL.
GrupoMAS connection settings and polling state (present only when provider is GrupoMasNative).
BC connection settings (present only when provider is BusinessCentralNative).
RFID feature settings for the tenant.
Whether an API key has been provisioned.
Number of users assigned to this tenant.
Role codes present in this tenant.
Maximum registered handheld devices.
Internal notes.
| Status | Meaning |
|---|---|
| 404 | Company not found. |
POST /api/supreme/companies
Creates a new tenant company.code and name are required. GrupoMAS Native tenants require a non-empty code (used as codigo_empresa on every MAS request).
Authentication: Bearer JWT with isSuperAdmin = true (required).
Unique company code (used as ERP identifier).
Company display name.
Legal entity name.
Tax ID / RUC.
Primary contact email.
Restrict self-service registration to this email domain (e.g.,
@warehouse.com).Assigned subscription plan ID.
Integration mode (
Standard, GrupoMasNative, BusinessCentralNative).Whether to enable API key access immediately.
Maximum handheld device count override.
Internal notes.
PUT /api/supreme/companies/
Full update for a company record. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company to update.
POST /api/supreme/companies plus additional fields.
PATCH /api/supreme/companies//status
Changes a company’s operational status. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
New status. Must be
Active, Inactive, or Suspended.PATCH /api/supreme/companies//integration-access
Enables or disables API key access for the tenant’s integration endpoint. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
Set to
true to enable, false to disable.PATCH /api/supreme/companies//integration/grupomas-native-settings
Updates the GrupoMAS Native connection settings for a tenant. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
GrupoMAS API base URL.
GrupoMAS API key (mutually exclusive with
bearerToken).GrupoMAS bearer token (mutually exclusive with
apiKey).Set to
true to clear the stored API key.Set to
true to clear the stored bearer token.HTTP timeout for MAS calls.
Enable background polling for released work.
Background polling interval in seconds.
Location code filter for polling.
PATCH /api/supreme/companies//integration/businesscentral-native-settings
Updates Business Central Native connection settings for a tenant. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
BC OData API base URL.
Azure AD tenant ID.
BC environment name (e.g.,
production).BC company ID.
BC company name.
BC service account username.
BC access key / password (stored encrypted).
Set to
true to clear the stored access key.HTTP timeout for BC calls.
Custom items OData path override.
Custom receipts path override.
Custom shipments path override.
Custom movements path override.
PATCH /api/supreme/companies//integration/rfid-settings
Updates the top-level RFID feature settings for a tenant. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
Enable or disable RFID features company-wide.
Default RFID mode (
Disabled, InquiryOnly, OperationalAssist, StrictValidation).Enable RFID for the inquiry module.
Enable RFID for the receiving module.
Enable RFID for the shipments module.
Enable RFID for the inventory movements module.
POST /api/supreme/companies//integration/regenerate-key
Generates a new API key for the company, invalidating the previous key immediately. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
The newly generated plain-text API key. Store it immediately — it is not retrievable again.
POST /api/supreme/companies//integration/grupomas-native/test-connection
Tests the current GrupoMAS Native connection settings by making a live probe request to the MAS API. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
POST /api/supreme/companies//integration/businesscentral-native/test-connection
Tests the BC Native connection with current settings. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
POST /api/supreme/companies//integration/grupomas-native/polling/refresh
Immediately triggers a background polling refresh cycle for released work from GrupoMAS. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
GET /api/supreme/companies//integration/rfid-policies
Returns the RFID validation policies configured for the tenant. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
GET /api/supreme/companies//integration/rfid-policies/
Returns a single RFID policy by ID. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
Policy ID.
POST /api/supreme/companies//integration/rfid-policies
Creates a new RFID validation policy for the tenant. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
Module this policy applies to (
ITEMS, RECEIPTS, SHIPMENTS, MOVEMENTS).Validation mode.
Whether this policy is active.
Allow manual entry fallback when RFID fails.
Allow barcode scanning fallback.
Block on unrecognized tags.
Block on deactivated tags.
Block when tag does not match expected document item.
Require RFID scan evidence before posting.
PUT /api/supreme/companies//integration/rfid-policies
Replaces all RFID validation policies for the tenant. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
PUT /api/supreme/companies//integration/rfid-policies/
Replaces a single RFID policy by ID. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
Policy ID to update.
DELETE /api/supreme/companies//integration/rfid-policies/
Deletes a single RFID policy. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
Policy ID to delete.
GET /api/supreme/companies//integration/rfid-events
Returns RFID scan events scoped to the tenant for Supreme-level inspection and audit. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
GET /api/supreme/companies//integration/rfid-device-profiles
Returns all RFID device profiles for the tenant. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
POST /api/supreme/companies//integration/rfid-device-profiles
Creates a new RFID device profile for the tenant. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
GET /api/supreme/companies//integration/rfid-device-profiles/
Returns a single RFID device profile by ID. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
Device profile ID.
PUT /api/supreme/companies//integration/rfid-device-profiles/
Replaces an RFID device profile. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
Device profile ID.
DELETE /api/supreme/companies//integration/rfid-device-profiles/
Deletes an RFID device profile. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
Device profile ID to delete.
GET /api/supreme/plans
Returns all subscription plans available in the platform. Authentication: Bearer JWT withisSuperAdmin = true (required).
List of plan records with ID, name, price, and feature limits.
POST /api/supreme/plans
Creates a new subscription plan. Authentication: Bearer JWT withisSuperAdmin = true (required).
Plan display name.
Monthly price.
Maximum allowed handheld devices (minimum 1).
Currency code (
USD or PYG).Renewal period (
Monthly, Quarterly, Semiannual, Annual, Weekly).PUT /api/supreme/plans/
Updates an existing plan. Authentication: Bearer JWT withisSuperAdmin = true (required).
Plan ID.
GET /api/supreme/plans/history
Returns the plan change history across all tenants. Authentication: Bearer JWT withisSuperAdmin = true (required).
POST /api/supreme/companies//plans/assign
Assigns a subscription plan to a tenant. Authentication: Bearer JWT withisSuperAdmin = true (required).
Tenant company ID.
Plan to assign.
GET /api/supreme/companies//plans/history
Returns the plan change history for a specific tenant. Authentication: Bearer JWT withisSuperAdmin = true (required).
Tenant company ID.
GET /api/supreme/companies//users
Returns all users assigned to a specific tenant. Authentication: Bearer JWT withisSuperAdmin = true (required).
Tenant company ID.
POST /api/supreme/companies//users/admin
Creates an admin user account and assigns it directly to a tenant with theADMIN role.
Authentication: Bearer JWT with isSuperAdmin = true (required).
Tenant company ID.
New admin’s email.
Full name.
Initial password (must meet complexity policy).
GET /api/supreme/companies//devices
Returns all registered handheld devices for a tenant. Authentication: Bearer JWT withisSuperAdmin = true (required).
Tenant company ID.
POST /api/supreme/companies//devices
Creates/registers a new handheld device for a tenant. Authentication: Bearer JWT withisSuperAdmin = true (required).
Tenant company ID.
Normalized device MAC/key (uppercase, colon-separated).
Human-readable device name.
Whether the device is active. Defaults to
true.GET /api/supreme/companies//devices/
Returns a single registered handheld device by ID. Authentication: Bearer JWT withisSuperAdmin = true (required).
Tenant company ID.
Device record ID.
PUT /api/supreme/companies//devices
Bulk-updates device records for a tenant (activate/deactivate, rename). Authentication: Bearer JWT withisSuperAdmin = true (required).
Tenant company ID.
Array of device objects to upsert.
PUT /api/supreme/companies//devices/
Updates a single handheld device record. Authentication: Bearer JWT withisSuperAdmin = true (required).
Tenant company ID.
Device record ID.
DELETE /api/supreme/companies//devices/
Deletes a handheld device registration. Authentication: Bearer JWT withisSuperAdmin = true (required).
Tenant company ID.
Device record ID to delete.
GET /api/supreme/companies//summary
Returns a compact summary of a company’s warehouse setup including location and bin counts. Authentication: Bearer JWT withisSuperAdmin = true (required).
Company ID.
GET /api/audit/logs
Returns the platform audit log. Supports rich filtering by company, table, action, user, entity, client application, search term, and date range. Authentication: Bearer JWT (required). Super-admins can filter across all companies; regular admins are limited to their own tenant.Filter by tenant.
Filter by audited table name (e.g.,
auth.Users, wms.Items).Filter by action code (e.g.,
UserRegistered, PasswordChanged).Filter by the user who performed the action.
Filter by entity ID (UUID format).
Filter by client application identifier.
Free-text search across table name, action, user email, changed columns, request path, old values, and new values.
Start of date range (inclusive).
End of date range (inclusive).
Page number. Defaults to
1.Page size. Defaults to
25, max 100.Audit log entries.
Total matching log entries.
GET /api/audit/modules
Returns the distinct list of WMS modules that have audit log entries. Used to populate filter dropdowns in the audit UI. Authentication: Bearer JWT (required).List of module name strings with audit records.
GET /api/audit/action-options
Returns the distinct list of action codes that have audit log entries. Used to populate the action filter dropdown. Authentication: Bearer JWT (required).List of action code strings.
GET /api/audit/tables
Returns the list of distinct table names that have audit log entries for a given company. Used to populate filter dropdowns in the audit UI. Authentication: Bearer JWT (required).Tenant company ID.
List of table name strings with audit records.