The Supreme API gives Dragon Guard WMS platform operators full cross-tenant control from a single privileged interface. Through these endpoints, a Supreme administrator can onboard new tenant companies, assign subscription plans, bootstrap tenant admin users, and configure RFID hardware integration settings and per-module policies for each tenant. Every endpoint underDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_WEB/llms.txt
Use this file to discover all available pages before exploring further.
/api/supreme/* enforces the SUPERADMIN_SUPREMO role at the backend — the Angular route guard (supremeGuard) provides a UI-level check only and must never be relied upon as a security boundary.
Backend authorization is mandatory and cannot be bypassed. The
supremeGuard applied in the Angular router is a convenience layer that prevents accidental navigation — it does not replace server-side role enforcement. Every request to /api/supreme/* must carry a valid session token for a SUPERADMIN_SUPREMO user; the backend rejects all others with 401.Dashboard
GET /api/supreme/dashboard
Returns a high-level SaaS summary dashboard with platform-wide metrics across all tenants. Used to populate the Supreme home screen.Response
Total number of registered tenant companies on the platform.
Number of companies with active subscription status.
Combined user count across all tenants.
Error Responses
| Status | Description |
|---|---|
401 | Missing or invalid SUPERADMIN_SUPREMO session. |
500 | Internal server error. |
Companies
GET /api/supreme/companies
Returns the list of all tenant companies registered on the platform.Response
POST /api/supreme/companies
Creates a new tenant company on the platform. After creation, usePOST /api/supreme/companies/{tenantId}/users to bootstrap the initial admin user.
Request Body
Display name for the new tenant company.
Subscription plan to assign. Use
GET /api/supreme/plans to retrieve valid plan IDs.Tax or legal registration identifier for the company.
Primary contact email for the tenant.
Optional initial configuration settings for the tenant.
Response
Returns the newly created company object. Shape mirrorsGET /api/supreme/companies/{id}.
Error Responses
| Status | Description |
|---|---|
400 | Validation error — missing required fields or invalid planId. |
401 | Insufficient privileges. |
500 | Internal server error. |
GET /api/supreme/companies/
Returns full detail for a single tenant company, including all integration settings configured for that tenant.Path Parameters
Unique identifier of the tenant company.
Response
Unique company identifier.
Display name of the tenant company.
Assigned subscription plan identifier.
Company status:
ACTIVE, INACTIVE, or SUSPENDED.Tax or legal registration identifier.
Primary contact email.
Timestamp when the company was registered.
PUT /api/supreme/companies/
Updates company information for the specified tenant. All updatable fields should be included in the request body even if unchanged (full replacement semantics).Path Parameters
Unique identifier of the tenant company.
Request Body
Updated display name for the company.
Updated subscription plan identifier.
Updated tax or legal registration identifier.
Updated primary contact email.
Updated company status:
ACTIVE, INACTIVE, or SUSPENDED.Response
Returns the updated company object. Shape mirrorsGET /api/supreme/companies/{id}.
Error Responses
| Status | Description |
|---|---|
400 | Validation error or invalid field values. |
401 | Insufficient privileges. |
500 | Internal server error. |
Plans
GET /api/supreme/plans
Returns all available subscription plans that can be assigned to tenant companies.Response
Error Responses
| Status | Description |
|---|---|
401 | Insufficient privileges. |
500 | Internal server error. |
Tenant Users
GET /api/supreme/companies//users
Returns the list of users belonging to the specified tenant company.Path Parameters
Unique identifier of the tenant company.
Response
POST /api/supreme/companies//users
Bootstraps a tenant admin user for the specified company. On first call, a new admin user is created and a one-time temporary password is returned. If a tenant admin already exists, the backend may reuse the existing user record.Path Parameters
Unique identifier of the tenant company for which to bootstrap an admin user.
Request Body
Desired username for the tenant admin account.
Email address for the new admin user.
First name of the admin user.
Last name of the admin user.
Response
Unique identifier of the created or reused user.
Username for the admin account.
Email address of the admin user.
One-time temporary password. Present only on initial creation. Not returned if an existing admin was reused.
true if the backend reused an existing admin user rather than creating a new one.Error Responses
| Status | Description |
|---|---|
400 | Missing required fields or invalid tenantId. |
401 | Insufficient privileges. |
500 | Internal server error. |
RFID Settings
PATCH /api/supreme/companies//integration/rfid-settings
Updates the global RFID integration settings for the specified tenant. This controls whether RFID is enabled and which warehouse modules are in scope.Path Parameters
Unique identifier of the tenant company.
Request Body
Whether RFID integration is active for this tenant.
RFID operating mode (e.g.,
READ_ONLY, READ_WRITE). Accepted values depend on tenant hardware configuration.Controls which warehouse modules participate in RFID processing.
Response
Returns the updated RFID settings object for the tenant.Error Responses
| Status | Description |
|---|---|
400 | Invalid field values or missing required fields. |
401 | Insufficient privileges. |
500 | Internal server error. |
RFID Policies
GET /api/supreme/companies//integration/rfid-policies
Returns per-module RFID behavior policies for the specified tenant. If no policy has been persisted for a module, the frontend should render it using system defaults rather than treating the absence as an error.Path Parameters
Unique identifier of the tenant company.
Response
Returns a policy object keyed by module. Each module —inquiry, receipts, shipments, and movements — carries the following fields:
Policy configuration for each module scope.
PUT /api/supreme/companies//integration/rfid-policies
Replaces the per-module RFID policies for the specified tenant. If the backend returnsignoreDuplicateReadsWithinWindow: true in the response, the duplicateTagBehavior selection is derived automatically and the corresponding UI control must be treated as read-only.
Path Parameters
Unique identifier of the tenant company.
Request Body
Policy settings for the inventory inquiry module. Fields mirror the response schema described under
GET /api/supreme/companies/{id}/integration/rfid-policies.Policy settings for the goods receipt module.
Policy settings for the shipment module.
Policy settings for the internal movement module.
Response
Returns the full updated policy object. Shape mirrorsGET /api/supreme/companies/{id}/integration/rfid-policies.
Error Responses
| Status | Description |
|---|---|
400 | Invalid policy values or conflicting configuration. |
401 | Insufficient privileges. |
500 | Internal server error. |
RFID Events and Tags
The following RFID endpoints are shared with the tenant context but are accessible from the Supreme interface when scoped bycompanyId. Supreme operators use these to inspect raw RFID activity and manage tag registrations for any tenant.
GET /api/rfid/events
Returns RFID reader events filtered to a specific tenant. Accepts the same filters as the tenant-facing RFID events view.Query Parameters
Tenant company identifier. Required when called from the Supreme context to scope results to a single tenant.
GET /api/rfid/tags
Returns registered RFID tags for the specified tenant.Query Parameters
Tenant company identifier.
POST /api/rfid/tags
Registers a new RFID tag for the authenticated tenant.POST /api/rfid/tags/bulk
Bulk-registers multiple RFID tags in a single request.GET /api/rfid/tags/
Returns detail for a single registered RFID tag.Path Parameters
Unique identifier of the RFID tag record.
PUT /api/rfid/tags//deactivate
Deactivates a registered RFID tag, preventing it from being recognized in future reads.Path Parameters
Unique identifier of the RFID tag to deactivate.
Error Responses (all RFID endpoints)
| Status | Description |
|---|---|
400 | Missing or invalid parameters. |
401 | Unauthenticated or unauthorized request. |
500 | Internal server error. |