The Dragon Guard WMS authentication flow is built on JWT tokens issued by theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_WEB/llms.txt
Use this file to discover all available pages before exploring further.
POST /api/Auth/login endpoint. After a successful login, the frontend stores the token in session storage and attaches it as a Bearer header on every subsequent API request. Tenant users must have exactly one operational company in the response; the platform stores that company’s identifier as active_company_id in sessionStorage to scope all data queries. The SUPERADMIN_SUPREMO role is exempt from this requirement.
Login
Request body
The user’s registered email address.
The user’s account password. Transmitted over HTTPS only.
Response
A successful200 OK returns a JSON object with the token and user metadata.
Signed JWT token. Pass this value as
Authorization: Bearer {token} on all subsequent requests.Internal numeric identifier for the authenticated user.
The authenticated user’s email address, echoed back from the request.
Display name of the authenticated user.
List of companies the user is associated with. Tenant users must receive exactly one operational company; this value is used to set
active_company_id in sessionStorage.Token usage
All endpoints in Dragon Guard WMS (except/api/Auth/login itself) require a valid JWT token. Include it in the Authorization header of every request:
Tokens are short-lived. When the frontend receives a
401 Unauthorized response, it must redirect the user to the login page and clear any stored session data.Session storage keys
After a successful login, the Angular frontend writes the following values tosessionStorage:
| Key | Value |
|---|---|
token | The raw JWT string from response.token |
userId | Numeric user ID from response.userId |
active_company_id | ID of the single operational company (tenant users only) |
fullName | User display name for the UI header |
Multi-company rule for tenant users
Document sequence (informational)
Error codes
| HTTP Status | Meaning |
|---|---|
400 | Validation error — missing or malformed fields in the request body |
401 | Invalid credentials or expired/missing token |
500 | Internal server error — contact the backend team |