The Supreme layer is the global SaaS administration surface of Dragon Guard WMS. It sits entirely above the operational WMS tier and provides a centralized control plane for managing tenant companies, SaaS subscription plans, handheld device authorization, and integration configuration — all from a single, isolated set of API endpoints. Only users holding theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_BACK/llms.txt
Use this file to discover all available pages before exploring further.
SUPERADMIN_SUPREMO identity can access this surface; any other caller receives a 401 Unauthorized or 403 Forbidden response.
Who is SUPERADMIN_SUPREMO?
A Supreme administrator is identified by two synchronized conditions:- The JWT issued at login contains the claim
isSuperAdmin = trueandrole = SUPERADMIN_SUPREMO. - The corresponding
auth.Usersrecord hasIsSuperAdmin = 1.
If a normal tenant user calls any
api/supreme/* endpoint, the API returns 403 Forbidden. Supreme access is enforced on every request — not just at authentication time.What Supreme manages
| Domain | Description |
|---|---|
| Companies / Tenants | Create, read, update, and change the status of tenant companies. Manage integration settings, RFID configuration, and API key lifecycle. |
| SaaS Plans | Define and maintain the plan catalog that governs device limits, user limits, location limits, and billing cycle for each tenant. |
| Tenant Onboarding | Bootstrap an entire new tenant — company, plan assignment, admin user, handheld operator, default device, and MAIN warehouse — in a single request. |
| Handheld Devices | View and authorize the physical scanner devices allowed to log in to each tenant’s handheld workflows. |
| Integration Settings | Configure GrupoMAS Native and Business Central Native connection parameters per tenant, including base URL, credentials, and polling behavior. |
Authentication requirement
Everyapi/supreme/* endpoint calls EnsureSupremeAccess() before processing any logic. Requests without a valid Supreme JWT are rejected immediately.
| Scenario | HTTP Status |
|---|---|
| No token / expired token | 401 Unauthorized |
Valid token, isSuperAdmin = false | 403 Forbidden |
| Valid Supreme token | Request proceeds |
Dashboard endpoint
Total number of tenant companies registered in the system.
Companies with
Status = Active and IsActive = true.Companies that are inactive or suspended.
Active users across all tenants.
Number of active users holding the
ADMIN role across all tenants.Aggregate warehouse setup counts across all tenants.
Aggregate transaction document counts.
Sum of plan prices for all currently active tenants (
IsActive = true).Sum of plan prices for all tenants that have a plan assigned, regardless of active status.
Breakdown of how many companies are on each named plan.
Up to 10 companies that are missing default locations, bins, or items — useful for spotting incomplete onboardings.
The 10 most recent receipts and shipments across all tenants, ordered by creation date.
Scope boundary
Supreme endpoints are entirely separate from operational WMS endpoints. They do not create, modify, or delete inventory records, transaction documents, or bin contents. All warehouse data remains scoped to the individual tenant that owns it; Supreme only manages the SaaS envelope around each tenant.Explore further
Companies & Plans
Manage tenant companies, SaaS plan definitions, and tenant user accounts.
Tenant Onboarding
Bootstrap a complete new tenant in one request — company, plan, users, device, and warehouse.
Handheld Devices
Authorize and manage the physical scanner devices for each tenant.