API Reference
Ezvento exposes 80+ REST API endpoints under /api/**. Every route uses requireApi() for RBAC permission checks and filters all database queries by tenantId. All mutations are logged to the ActivityLog table for audit.
Auth Module
Authentication endpoints handle login, signup, password recovery, OAuth callbacks, 2FA setup/verification, PIN-based cashier auth, manager PIN approval, session persona selection, and logout. Some routes are public (no requireApi guard); others are guarded.
| Method | Path | Permission | Scope | Description |
|---|---|---|---|---|
| POST | /api/auth/start | — | — | Start auth flow: signup, recovery, resend, or OAuth. Uses server Supabase client with PKCE cookies. |
| POST | /api/auth/exchange | — | — | Exchange OAuth authorization code for session. Server-side PKCE exchange. |
| POST | /api/auth/callback-server | — | — | Post-login callback. Creates tenant, resolves persona type, sets ezvento-persona cookie, returns redirectPath. |
| POST | /api/auth/2fa/setup | SALE_VIEW | — | Set up TOTP-based 2FA. Returns QR code and secret. |
| POST | /api/auth/2fa/verify | SALE_VIEW | — | Verify TOTP token and enable 2FA. Returns backup codes on success. |
| POST | /api/auth/2fa/disable | SALE_VIEW | — | Disable 2FA for the current user. |
| POST | /api/auth/verify-pin | SHIFT_OPEN | STORE | Verify cashier PIN for shift open. Returns user context with allowed stores. |
| POST | /api/auth/manager-pin | APPROVAL_GIVE | — | Validate manager PIN for approval-giving. Returns 401 on wrong PIN. |
| POST | /api/auth/session-persona | — | — | Set session persona cookie and redirect path based on active role assignments. |
| POST | /api/auth/logout | — | — | Sign out from Supabase auth and clear session cookies. |
| GET | /api/auth/permissions | — | — | Return the current user's effective permissions and role assignments. |
Common Patterns
Permission Mapping
Quick reference for which permissions are required for common operations.
| Operation | Required Permission | Scope | Notes |
|---|---|---|---|
| Create sale / invoice | SALE_CREATE | STORE | Also checks credit limit for credit sales |
| Cancel sale | SALE_CANCEL | STORE | Cashiers escalate via manager PIN (allowApprovalOverride) |
| Process return | SALE_RETURN | STORE | Also requires approval override for cashiers |
| Create product | PRODUCT_CREATE | ORG | Tenant-scoped catalog |
| Adjust stock | INVENTORY_ADJUST | STORE | Negative adjustment uses INVENTORY_ADJUST_NEGATIVE |
| Transfer stock | INVENTORY_TRANSFER | STORE | Source store scope |
| View reports | REPORT_VIEW_SALES | ORG | Covers sales, inventory, GST, and staff reports |
| Export GST (GSTR-1/3B) | REPORT_VIEW_SALES | ORG | Same permission as reports; separate endpoint for format |
| Open shift | SHIFT_OPEN | STORE | Cashier persona entry point |
| Close shift | SHIFT_CLOSE | STORE | Own-shift close allowed; manager can force-close |
| Invite user | USER_INVITE | ORG | Enforces plan user limits |
| Edit settings | ORGANIZATION_SETTINGS_EDIT | ORG | Tenant-wide configuration |
Response Codes
Need more detail?
Explore the source code in src/app/api/**/route.ts for full request/response schemas, Prisma queries, and transaction logic. Every route handler includes inline JSDoc comments describing parameters and behavior.