Dispatchly logo

Dashboard

Back to Home Swagger UI Switch to Non-Technical

Welcome

This technical documentation maps each dispatchly. module to its backend implementation in tenant-api.

How to use this page

  • Use the left sidebar to open a module tab.
  • Each tab highlights key files (routes, controllers, services, schemas) and implementation notes.
  • Use Swagger UI for exact request/response contracts and live testing.

Scope

The docs focus on current tenant backend behavior, permission guards, and module-level workflow integration.

Cross-cutting platform behavior (current)

API surface

  • REST routes are mounted under /api/v1 (example: PATCH /api/v1/tenant/orders/:id).
  • JWT auth uses Authorization: Bearer <access_token> on tenant routes unless explicitly public.

Static files and uploads

  • Files under tenant-api/public/uploads/ are served at GET /uploads/* with path traversal protection (tenant-api/src/server.js).
  • Multipart attachment writes resolve the public directory via getTenantApiPublicDir() (src/common/public-paths.js) so uploads are never tied to process CWD.
  • Quote / order / dispatch attachment PATCH handlers use parseMultipartPayloadAndAttachments (src/common/multipart-attachments.js); multipart allows multiple file parts per request.

Persisted absolute URLs

  • Set TENANT_API_PUBLIC_ORIGIN to the browser-facing Tenant API origin (no trailing slash), e.g. https://api-dispatchly.codefied.online, so stored URLs (signed eDoc PDFs, etc.) are not derived from internal Host.
  • See tenant-api/.env.example and edocs-platform/controller.js (resolveTenantApiPublicBaseUrl).

eDocs platform

  • Code: tenant-api/src/modules/edocs-platform/ — routes in routes.js, public flows origin-gated.
  • Public payloads return assignedUser as { id, name } (resolved from TenantUser) on get-by-number, verify, and /public/me flows.

Lead → quote

  • POST /tenant/leads/:id/convert-to-quote → convertLeadToQuote loads the linked Customer and maps customerCity, customerState, customerPostalCode, address lines, and country onto the quote.
  • POST /tenant/quotes with leadId → createQuote hydrates the same customer fields from the lead’s customer association.

Orders and sales roles

  • orders.update is included for sales and sales-head via seeders (idempotent backfill: database/seeders/20240101007600-seed-orders-update-for-sales-roles.cjs).

Implementation-focused docs. Endpoints and permissions should still be validated in Swagger UI.

Swagger UI: Open Swagger

Auth

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/auth/routes.js
  • Controller: tenant-api/src/modules/auth/controller.js (when present)
  • Service: tenant-api/src/modules/auth/service.js
  • Schemas/validation: tenant-api/src/modules/auth/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Auth API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

SSE

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/sse/routes.js
  • Controller: tenant-api/src/modules/sse/controller.js (when present)
  • Service: tenant-api/src/modules/sse/service.js
  • Schemas/validation: tenant-api/src/modules/sse/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the SSE API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Users

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/users/routes.js
  • Controller: tenant-api/src/modules/users/controller.js (when present)
  • Service: tenant-api/src/modules/users/service.js
  • Schemas/validation: tenant-api/src/modules/users/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Users API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Departments

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/departments/routes.js
  • Controller: tenant-api/src/modules/departments/controller.js (when present)
  • Service: tenant-api/src/modules/departments/service.js
  • Schemas/validation: tenant-api/src/modules/departments/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Departments API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Roles

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/roles/routes.js
  • Controller: tenant-api/src/modules/roles/controller.js (when present)
  • Service: tenant-api/src/modules/roles/service.js
  • Schemas/validation: tenant-api/src/modules/roles/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Roles API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Permissions

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/permissions/routes.js
  • Controller: tenant-api/src/modules/permissions/controller.js (when present)
  • Service: tenant-api/src/modules/permissions/service.js
  • Schemas/validation: tenant-api/src/modules/permissions/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Permissions API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Admin

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/admin/routes.js
  • Controller: tenant-api/src/modules/admin/controller.js (when present)
  • Service: tenant-api/src/modules/admin/service.js
  • Schemas/validation: tenant-api/src/modules/admin/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Admin API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Leads

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/leads/routes.js
  • Controller: tenant-api/src/modules/leads/controller.js (when present)
  • Service: tenant-api/src/modules/leads/service.js
  • Schemas/validation: tenant-api/src/modules/leads/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

Lead → quote conversion (must-read)

  • Primary endpoint: POST /api/v1/tenant/leads/:id/convert-to-quote → convertLeadToQuote in tenant-api/src/modules/leads/service.js.
  • The lead is loaded with Customer included; customer address/city/state/postal/country are written to the new quote’s customer columns so CRM views stay consistent.
  • Alternate path: POST /api/v1/tenant/quotes with leadId uses createQuote hydration in tenant-api/src/modules/quotes/service.js.

How it works

These docs map the Leads API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Quotes

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/quotes/routes.js
  • Controller: tenant-api/src/modules/quotes/controller.js (when present)
  • Service: tenant-api/src/modules/quotes/service.js
  • Schemas/validation: tenant-api/src/modules/quotes/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

Attachments on quotes

  • PATCH /api/v1/tenant/quotes/:id accepts JSON (attachments replaces the full array) or multipart/form-data with a payload JSON field plus file parts (merged with existing stored URLs).
  • Uploaded files land under /uploads/attachments/quotes/; when quote attachments change, linked orders and dispatches are updated to the same attachment list in quotes/service.js.

How it works

These docs map the Quotes API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Orders

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/orders/routes.js
  • Controller: tenant-api/src/modules/orders/controller.js (when present)
  • Service: tenant-api/src/modules/orders/service.js
  • Schemas/validation: tenant-api/src/modules/orders/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

Attachments and edits

  • PATCH /api/v1/tenant/orders/:id supports JSON or multipart attachments (same merge semantics as quotes).
  • Route guards in orders/routes.js allow sales roles to PATCH without holding orders.update, while other roles still require that permission; seeders ensure sales / sales-head receive orders.update for consistency.
  • Updating order attachments also syncs the linked quote’s attachments field when applicable.

How it works

These docs map the Orders API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Dispatch

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/dispatch/routes.js
  • Controller: tenant-api/src/modules/dispatch/controller.js (when present)
  • Service: tenant-api/src/modules/dispatch/service.js
  • Schemas/validation: tenant-api/src/modules/dispatch/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

Attachments on dispatches

  • PATCH /api/v1/tenant/dispatch/:id supports JSON or multipart attachments; files are stored under /uploads/attachments/dispatch/.
  • Dispatch attachment updates do not automatically rewrite quote/order attachment arrays—use quote-level updates when you need all three layers aligned.

How it works

These docs map the Dispatch API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Carriers

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/carriers/routes.js
  • Controller: tenant-api/src/modules/carriers/controller.js (when present)
  • Service: tenant-api/src/modules/carriers/service.js
  • Schemas/validation: tenant-api/src/modules/carriers/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Carriers API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Invoices

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/invoices/routes.js
  • Controller: tenant-api/src/modules/invoices/controller.js (when present)
  • Service: tenant-api/src/modules/invoices/service.js
  • Schemas/validation: tenant-api/src/modules/invoices/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Invoices API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Payments

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/payments/routes.js
  • Controller: tenant-api/src/modules/payments/controller.js (when present)
  • Service: tenant-api/src/modules/payments/service.js
  • Schemas/validation: tenant-api/src/modules/payments/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Payments API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Accounts

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/accounts/routes.js
  • Controller: tenant-api/src/modules/accounts/controller.js (when present)
  • Service: tenant-api/src/modules/accounts/service.js
  • Schemas/validation: tenant-api/src/modules/accounts/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Accounts API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Marketing

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/marketing/routes.js
  • Controller: tenant-api/src/modules/marketing/controller.js (when present)
  • Service: tenant-api/src/modules/marketing/service.js
  • Schemas/validation: tenant-api/src/modules/marketing/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Marketing API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Calendar

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/calendar/routes.js
  • Controller: tenant-api/src/modules/calendar/controller.js (when present)
  • Service: tenant-api/src/modules/calendar/service.js
  • Schemas/validation: tenant-api/src/modules/calendar/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Calendar API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Notifications

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/notifications/routes.js
  • Controller: tenant-api/src/modules/notifications/controller.js (when present)
  • Service: tenant-api/src/modules/notifications/service.js
  • Schemas/validation: tenant-api/src/modules/notifications/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Notifications API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Email Templates

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/email-templates/routes.js
  • Controller: tenant-api/src/modules/email-templates/controller.js (when present)
  • Service: tenant-api/src/modules/email-templates/service.js
  • Schemas/validation: tenant-api/src/modules/email-templates/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Email Templates API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Files

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/files/routes.js
  • Controller: tenant-api/src/modules/files/controller.js (when present)
  • Service: tenant-api/src/modules/files/service.js
  • Schemas/validation: tenant-api/src/modules/files/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

/files module vs public /uploads

  • Tenant file metadata CRUD lives under /api/v1/files (tenant-api/src/modules/files/) and is unrelated to the static public upload tree.
  • Quote/order/dispatch attachments are plain static files under public/uploads/attachments/<module>/ and are served directly at /uploads/... as documented in the dashboard tab.

How it works

These docs map the Files API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Search

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/search/routes.js
  • Controller: tenant-api/src/modules/search/controller.js (when present)
  • Service: tenant-api/src/modules/search/service.js
  • Schemas/validation: tenant-api/src/modules/search/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Search API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Knowledge Base

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/knowledge-base/routes.js
  • Controller: tenant-api/src/modules/knowledge-base/controller.js (when present)
  • Service: tenant-api/src/modules/knowledge-base/service.js
  • Schemas/validation: tenant-api/src/modules/knowledge-base/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Knowledge Base API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

AI Pricing

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/ai-pricing/routes.js
  • Controller: tenant-api/src/modules/ai-pricing/controller.js (when present)
  • Service: tenant-api/src/modules/ai-pricing/service.js
  • Schemas/validation: tenant-api/src/modules/ai-pricing/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the AI Pricing API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Analytics

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/analytics/routes.js
  • Controller: tenant-api/src/modules/analytics/controller.js (when present)
  • Service: tenant-api/src/modules/analytics/service.js
  • Schemas/validation: tenant-api/src/modules/analytics/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Analytics API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Templates

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/templates/routes.js
  • Controller: tenant-api/src/modules/templates/controller.js (when present)
  • Service: tenant-api/src/modules/templates/service.js
  • Schemas/validation: tenant-api/src/modules/templates/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Templates API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Settings

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/settings/routes.js
  • Controller: tenant-api/src/modules/settings/controller.js (when present)
  • Service: tenant-api/src/modules/settings/service.js
  • Schemas/validation: tenant-api/src/modules/settings/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Settings API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

eDocs platform

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/edocs-platform/routes.js
  • Controller: tenant-api/src/modules/edocs-platform/controller.js
  • Service: tenant-api/src/modules/edocs-platform/service.js
  • Schemas: tenant-api/src/modules/edocs-platform/schemas.js

Public surface (origin-gated)

  • GET /api/v1/tenant/edocs-platform/public/:edocNumber — masked hints + assignedUser: { id, name }.
  • POST .../verify-customer, POST .../submit (signed PDF), POST .../auth/refresh, GET .../me.
  • Allowed browser origins are enforced in routes.js (allowedPublicOrigins); expand as needed for new eDoc frontends.

Signed PDF URLs

  • submit uses TENANT_API_PUBLIC_ORIGIN when set so persisted signedEdocUrl uses the public API host, not internal Host.
  • PDFs and customer signatures are stored under public/uploads/customer-signatures/ and served via /uploads/....

Authenticated

  • POST /api/v1/tenant/edocs-platform/send-sign-link requires quotes.update.

Swagger UI: Open Swagger

Customers

Back to Home Swagger UI Switch to Non-Technical

Implementation map

  • Routes: tenant-api/src/modules/customers/routes.js
  • Controller: tenant-api/src/modules/customers/controller.js (when present)
  • Service: tenant-api/src/modules/customers/service.js
  • Schemas/validation: tenant-api/src/modules/customers/schemas.js (when present)
  • DB models: tenant-api/src/database/models (Sequelize)

Permissions

This module is protected via app.permissionGuard('<permission.key>') using keys defined in the tenant seeders. Validate required permissions and exact payload shapes in Swagger UI.

Notes

  • Multi-tenant behavior is enforced via the tenant DB connection and auth guards.
  • Models generally use snake_case DB columns with Sequelize field mappings.

Swagger UI: Open Swagger

How it works

These docs map the Customers API surface to your backend implementation. For exact request/response shapes, use Swagger UI.

Common backend patterns

  • Routes are registered in tenant-api/src/modules/<module>/routes.js.
  • Request validation is enforced in module-level schemas (Zod), plus middleware/guards at the route layer.
  • Tenant isolation is handled via the tenant DB connection and auth guards.
  • Most list endpoints follow the shared pagination pattern in tenant-api/src/common/pagination-schema.js.

Permission model

All module endpoints are protected with app.permissionGuard('<permission.key>') using keys defined in tenant seeders.

Customers linking behavior

  • Customers are created/updated by email when Leads, Quotes, or Orders are created/updated (see findOrCreateCustomer in tenant-api/src/modules/customers/utils.js).
  • Once a customer exists, their details are synced and downstream records store the customer_id (and Quotes also store customer_email).
  • Use the Customer list stats to see leadsCount, quotesCount, and ordersCount aggregations.