Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_WEB/llms.txt

Use this file to discover all available pages before exploring further.

The Supreme API gives Dragon Guard WMS platform operators full cross-tenant control from a single privileged interface. Through these endpoints, a Supreme administrator can onboard new tenant companies, assign subscription plans, bootstrap tenant admin users, and configure RFID hardware integration settings and per-module policies for each tenant. Every endpoint under /api/supreme/* enforces the SUPERADMIN_SUPREMO role at the backend — the Angular route guard (supremeGuard) provides a UI-level check only and must never be relied upon as a security boundary.
Backend authorization is mandatory and cannot be bypassed. The supremeGuard applied in the Angular router is a convenience layer that prevents accidental navigation — it does not replace server-side role enforcement. Every request to /api/supreme/* must carry a valid session token for a SUPERADMIN_SUPREMO user; the backend rejects all others with 401.

Dashboard

GET /api/supreme/dashboard

Returns a high-level SaaS summary dashboard with platform-wide metrics across all tenants. Used to populate the Supreme home screen.
GET /api/supreme/dashboard

Response

totalCompanies
integer
Total number of registered tenant companies on the platform.
activeCompanies
integer
Number of companies with active subscription status.
totalUsers
integer
Combined user count across all tenants.
planBreakdown
array

Error Responses

StatusDescription
401Missing or invalid SUPERADMIN_SUPREMO session.
500Internal server error.

Companies

GET /api/supreme/companies

Returns the list of all tenant companies registered on the platform.
GET /api/supreme/companies

Response

data
array

POST /api/supreme/companies

Creates a new tenant company on the platform. After creation, use POST /api/supreme/companies/{tenantId}/users to bootstrap the initial admin user.
POST /api/supreme/companies

Request Body

name
string
required
Display name for the new tenant company.
planId
string
required
Subscription plan to assign. Use GET /api/supreme/plans to retrieve valid plan IDs.
taxId
string
Tax or legal registration identifier for the company.
contactEmail
string
Primary contact email for the tenant.
settings
object
Optional initial configuration settings for the tenant.

Response

Returns the newly created company object. Shape mirrors GET /api/supreme/companies/{id}.

Error Responses

StatusDescription
400Validation error — missing required fields or invalid planId.
401Insufficient privileges.
500Internal server error.

GET /api/supreme/companies/

Returns full detail for a single tenant company, including all integration settings configured for that tenant.
GET /api/supreme/companies/{id}

Path Parameters

id
string
required
Unique identifier of the tenant company.

Response

id
string
Unique company identifier.
name
string
Display name of the tenant company.
planId
string
Assigned subscription plan identifier.
status
string
Company status: ACTIVE, INACTIVE, or SUSPENDED.
taxId
string
Tax or legal registration identifier.
contactEmail
string
Primary contact email.
integrationSettings
object
createdAt
string (ISO 8601)
Timestamp when the company was registered.

PUT /api/supreme/companies/

Updates company information for the specified tenant. All updatable fields should be included in the request body even if unchanged (full replacement semantics).
PUT /api/supreme/companies/{id}

Path Parameters

id
string
required
Unique identifier of the tenant company.

Request Body

name
string
Updated display name for the company.
planId
string
Updated subscription plan identifier.
taxId
string
Updated tax or legal registration identifier.
contactEmail
string
Updated primary contact email.
status
string
Updated company status: ACTIVE, INACTIVE, or SUSPENDED.

Response

Returns the updated company object. Shape mirrors GET /api/supreme/companies/{id}.

Error Responses

StatusDescription
400Validation error or invalid field values.
401Insufficient privileges.
500Internal server error.

Plans

GET /api/supreme/plans

Returns all available subscription plans that can be assigned to tenant companies.
GET /api/supreme/plans

Response

data
array

Error Responses

StatusDescription
401Insufficient privileges.
500Internal server error.

Tenant Users

GET /api/supreme/companies//users

Returns the list of users belonging to the specified tenant company.
GET /api/supreme/companies/{tenantId}/users

Path Parameters

tenantId
string
required
Unique identifier of the tenant company.

Response

data
array

POST /api/supreme/companies//users

Bootstraps a tenant admin user for the specified company. On first call, a new admin user is created and a one-time temporary password is returned. If a tenant admin already exists, the backend may reuse the existing user record.
POST /api/supreme/companies/{tenantId}/users
The temporary password (following the 123456789 seed pattern) is returned once in the creation response. Store it securely immediately — it cannot be retrieved again from this endpoint. The tenant admin must change this password on first login.

Path Parameters

tenantId
string
required
Unique identifier of the tenant company for which to bootstrap an admin user.

Request Body

username
string
required
Desired username for the tenant admin account.
email
string
required
Email address for the new admin user.
firstName
string
First name of the admin user.
lastName
string
Last name of the admin user.

Response

id
string
Unique identifier of the created or reused user.
username
string
Username for the admin account.
email
string
Email address of the admin user.
temporaryPassword
string
One-time temporary password. Present only on initial creation. Not returned if an existing admin was reused.
isExisting
boolean
true if the backend reused an existing admin user rather than creating a new one.

Error Responses

StatusDescription
400Missing required fields or invalid tenantId.
401Insufficient privileges.
500Internal server error.

RFID Settings

PATCH /api/supreme/companies//integration/rfid-settings

Updates the global RFID integration settings for the specified tenant. This controls whether RFID is enabled and which warehouse modules are in scope.
PATCH /api/supreme/companies/{id}/integration/rfid-settings

Path Parameters

id
string
required
Unique identifier of the tenant company.

Request Body

enabled
boolean
required
Whether RFID integration is active for this tenant.
mode
string
RFID operating mode (e.g., READ_ONLY, READ_WRITE). Accepted values depend on tenant hardware configuration.
moduleScopes
object
Controls which warehouse modules participate in RFID processing.

Response

Returns the updated RFID settings object for the tenant.

Error Responses

StatusDescription
400Invalid field values or missing required fields.
401Insufficient privileges.
500Internal server error.

RFID Policies

GET /api/supreme/companies//integration/rfid-policies

Returns per-module RFID behavior policies for the specified tenant. If no policy has been persisted for a module, the frontend should render it using system defaults rather than treating the absence as an error.
GET /api/supreme/companies/{id}/integration/rfid-policies

Path Parameters

id
string
required
Unique identifier of the tenant company.

Response

Returns a policy object keyed by module. Each module — inquiry, receipts, shipments, and movements — carries the following fields:
{module}
object
Policy configuration for each module scope.

PUT /api/supreme/companies//integration/rfid-policies

Replaces the per-module RFID policies for the specified tenant. If the backend returns ignoreDuplicateReadsWithinWindow: true in the response, the duplicateTagBehavior selection is derived automatically and the corresponding UI control must be treated as read-only.
PUT /api/supreme/companies/{id}/integration/rfid-policies

Path Parameters

id
string
required
Unique identifier of the tenant company.

Request Body

inquiry
object
Policy settings for the inventory inquiry module. Fields mirror the response schema described under GET /api/supreme/companies/{id}/integration/rfid-policies.
receipts
object
Policy settings for the goods receipt module.
shipments
object
Policy settings for the shipment module.
movements
object
Policy settings for the internal movement module.

Response

Returns the full updated policy object. Shape mirrors GET /api/supreme/companies/{id}/integration/rfid-policies.

Error Responses

StatusDescription
400Invalid policy values or conflicting configuration.
401Insufficient privileges.
500Internal server error.

RFID Events and Tags

The following RFID endpoints are shared with the tenant context but are accessible from the Supreme interface when scoped by companyId. Supreme operators use these to inspect raw RFID activity and manage tag registrations for any tenant.

GET /api/rfid/events

Returns RFID reader events filtered to a specific tenant. Accepts the same filters as the tenant-facing RFID events view.
GET /api/rfid/events?companyId={id}

Query Parameters

companyId
string
required
Tenant company identifier. Required when called from the Supreme context to scope results to a single tenant.

GET /api/rfid/tags

Returns registered RFID tags for the specified tenant.
GET /api/rfid/tags?companyId={id}

Query Parameters

companyId
string
required
Tenant company identifier.

POST /api/rfid/tags

Registers a new RFID tag for the authenticated tenant.
POST /api/rfid/tags

POST /api/rfid/tags/bulk

Bulk-registers multiple RFID tags in a single request.
POST /api/rfid/tags/bulk

GET /api/rfid/tags/

Returns detail for a single registered RFID tag.
GET /api/rfid/tags/{id}

Path Parameters

id
string
required
Unique identifier of the RFID tag record.

PUT /api/rfid/tags//deactivate

Deactivates a registered RFID tag, preventing it from being recognized in future reads.
PUT /api/rfid/tags/{id}/deactivate

Path Parameters

id
string
required
Unique identifier of the RFID tag to deactivate.

Error Responses (all RFID endpoints)

StatusDescription
400Missing or invalid parameters.
401Unauthenticated or unauthorized request.
500Internal server error.

Build docs developers (and LLMs) love