Dragon Guard uses an explicit device authorization model — a handheld scanner can only log in to warehouse workflows if its MAC address has been pre-registered for the correct tenant. Authorization is managed by the Supreme administrator through the device management endpoints described below. The operational WMS modules enforce this check on every handheld login attempt; an unregistered or inactive device is always rejected before any credential verification occurs.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_BACK/llms.txt
Use this file to discover all available pages before exploring further.
Device authorization model
Every physical scanner is represented by a record incore.HandheldDevices. The key fields that govern login eligibility are:
| Field | Description |
|---|---|
MacAddress (DeviceKey) | Normalized MAC address in AA:BB:CC:DD:EE:FF format (uppercase, colon-separated). This is the primary identifier Dragon Guard uses to recognize a device. |
CompanyId | The tenant this device belongs to. A MAC address can only be registered to one tenant at a time. Attempting to register the same MAC under a different tenant returns 409 Conflict with plans.devices.macInUse. |
IsActive | Controls whether login is currently permitted. false = device exists in the system but is blocked from logging in. |
DeviceName | Human-readable label for the device (e.g., Scanner 01, Dock Station). Required on upsert. |
RfidDeviceProfileId | Optional link to an RFID device profile that defines how this scanner interacts with RFID-enabled warehouse operations. |
FirstSeenAt / LastSeenAt | Timestamps updated automatically by the X-Device-Id middleware on every authenticated request. |
LastUserEmail | The email of the last user who authenticated from this device. |
aa-bb-cc-dd-ee-ff and it will be stored as AA:BB:CC:DD:EE:FF.
Device limit enforcement
Each tenant has aDeviceLimit that caps the number of simultaneously active devices. The effective limit is resolved in the following order:
- Company-level override —
Companies.DeviceLimitif set (notnull). - Plan default —
SaaSPlans.MaxHandheldDevicesfor the tenant’s assigned plan. - System fallback —
1if neither is configured.
isActive = true. You cannot save a device list where the active count exceeds the limit.
The minimum active device count is also enforced at
1. Submitting a payload where all devices have isActive = false returns 400 with plans.devices.minimumOne.Handheld device endpoints
List devices for a tenant
Internal device record ID.
Friendly label assigned to the device.
Normalized MAC address (
AA:BB:CC:DD:EE:FF).Whether this device is currently permitted to log in.
ID of the assigned RFID device profile, if any.
Code of the assigned RFID profile (e.g.,
RFID-STD).Display name of the assigned RFID profile.
UTC timestamp of when the device first made an authenticated request.
UTC timestamp of the most recent authenticated request from this device.
Email address of the last user who logged in from this device.
Upsert (save) the device list
isActive = false), not deleted, preserving audit history.
Request body:
List of device records to save.
| Rule | Error key |
|---|---|
deviceName or macAddress is blank for any entry | plans.devices.nameAndMacRequired |
| Duplicate MAC address within the submitted payload | plans.devices.duplicateMac |
Active device count < 1 | plans.devices.minimumOne |
Active device count > deviceLimit | plans.devices.limitExceeded |
Submitted id does not exist for this tenant | plans.devices.invalidDevice |
| MAC address registered to a different tenant | plans.devices.macInUse (409 Conflict) |
| RFID profile not found or inactive for this tenant | plans.devices.invalidRfidDeviceProfile |
204 No Content on success.
RFID profile assignment
An RFID device profile defines the scanning behavior and tag validation rules for a specific handheld scanner in RFID-enabled warehouse operations. Profiles are managed per-tenant underGET/POST/PUT /api/supreme/companies/{id}/integration/rfid-device-profiles.
When assigning a profile to a device via the PUT devices endpoint:
- The
rfidDeviceProfileIdmust reference a profile belonging to the same tenant. - The profile must have
isActive = true. - Passing
nullclears any existing profile assignment for that device.
Auto-registration and last-seen tracking
TheX-Device-Id middleware inspects every authenticated request for a device identifier header. When a recognized device is seen, its LastSeenAt and LastUserEmail fields are updated automatically. This tracking happens passively — it does not grant login permission to unregistered devices.
A device that sends requests but is not in core.HandheldDevices for the tenant is silently tracked at the middleware level, but login to handheld-specific workflows is blocked until explicit authorization is added through this API.
Login enforcement errors
The following error codes are returned during handheld login when device authorization checks fail:| HTTP Status | Error Key | Meaning |
|---|---|---|
403 Forbidden | plans.deviceNotAuthorized | The device MAC address is not registered for this tenant. |
403 Forbidden | plans.deviceInactive | The device is registered but isActive = false. |
402 Payment Required | plans.deviceLimitExceeded | The tenant’s active device count has reached or exceeded deviceLimit. |