API Endpoints#

All endpoints are under the base URL: /api/webapis/

Authentication is by way of JWT Bearer tokens — include Authorization: Bearer <token> in every request (except login and health check).

Authentication#

Method	Endpoint	What it does
POST	`/auth/login/`	Exchange username + password for JWT tokens

Request:

{
  "username": "john",
  "password": "your-password" // pragma: allowlist secret
}

Response:

{
  "status": 200,
  "data": {
    "access": "eyJ...",
    "refresh": "eyJ...",
    "user": {
      "sqid": "Dk3mV9",
      "username": "john",
      "roles": ["procurement_team", "member"]
    }
  }
}

Response Format#

Every API response follows this structure:

{
  "status": 200,
  "is_success": true,
  "message": "Success",
  "data": { ... }
}

Errors look like:

{
  "status": 400,
  "is_success": false,
  "message": "Part with this code already exists.",
  "data": null
}

Parts#

Parts, Products, and Commodities all use the same endpoints — they’re filtered by type.

Method	Endpoint	What it does
GET	`/part/`	List all parts (paginated, searchable)
POST	`/part/create/`	Create a new part (may require approval)
GET	`/part/<sqid>/`	Get a single part’s details
PUT	`/part/<sqid>/update/`	Update a part (may require approval)
GET	`/part/<sqid>/suppliers/`	List all suppliers for this part
GET	`/part/<sqid>/history/`	Audit trail of changes
GET	`/part/dropdown/`	Simple id/name list for dropdowns

Listing parts — supports query params:

?search=screw — Search by code or name
?category=Plastic — Filter by category
?type=part — Filter by type
?offset=0&limit=20 — Pagination

Same pattern for Products (/product/...) and Commodities (/commodity/...) — they just filter by type.

Part-Supplier Pricing#

Method	Endpoint	What it does
GET	`/part-supplier/<sqid>/values/`	Get all prices/weights for a part-supplier
POST	`/part-supplier/<sqid>/cost-update/`	Record a new price

Recording a new price:

{
  "head": 1,
  "value": 150.5,
  "unit": "Rs",
  "formula": "value"
}

When you record a new price, the old one’s is_current_price automatically flips to false — so you always have a full history.

Suppliers#

Method	Endpoint	What it does
GET	`/supplier/`	List all suppliers
POST	`/supplier/create/`	Create a new supplier
GET	`/supplier/<sqid>/`	Get supplier details
PUT	`/supplier/<sqid>/update/`	Update supplier info
POST	`/supplier/<sqid>/link-part/`	Link a part to this supplier
GET	`/supplier/<sqid>/parts/`	List parts this supplier sells
GET	`/supplier/<sqid>/users/`	List portal users
POST	`/supplier/<sqid>/users/create/`	Create a portal login
GET	`/supplier/dropdown/`	Simple list for dropdowns

Master Data#

Categories#

Method	Endpoint	What it does
GET	`/master-data/category-type/`	List all categories
POST	`/master-data/category-type/create/`	Create a category
PUT	`/master-data/category-type/<sqid>/update/`	Update a category
GET	`/master-data/category-type/dropdown/`	Simple list

Value Heads#

Method	Endpoint	What it does
GET	`/master-data/value-head/`	List all value types
POST	`/master-data/value-head/create/`	Create a value type
PUT	`/master-data/value-head/<sqid>/update/`	Update a value type
GET	`/master-data/value-head/dropdown/`	Simple list

Purchase Orders#

Method	Endpoint	What it does
GET	`/purchase-order/`	List all POs
POST	`/purchase-order/create/`	Create a draft PO
GET	`/purchase-order/<sqid>/`	Get PO with line items
PUT	`/purchase-order/<sqid>/update/`	Edit a draft PO
POST	`/purchase-order/<sqid>/submit/`	Submit for approval
POST	`/purchase-order/<sqid>/close/`	Mark as closed
POST	`/purchase-order/<sqid>/counter/offer/`	Supplier makes counter-offer
POST	`/purchase-order/<sqid>/counter/accept/`	Accept counter-offer
POST	`/purchase-order/<sqid>/counter/reject/`	Reject counter-offer
GET	`/purchase-order/<sqid>/history/`	Audit trail

PO lifecycle:

draft → pending_approval → approved → accepted → closed
                                    ↘ counter_pending → accepted/rejected

View Templates#

Method	Endpoint	What it does
GET	`/view-template/<object_id>/<content_type_id>/values/`	Get display template with ordered values

Returns an ordered list of values with their sequence, styles, and computed values — ready for the frontend to render.

Approvals#

Method	Endpoint	What it does
GET	`/approvals/matrices/`	List approval rules
POST	`/approvals/matrices/create/`	Create an approval rule
PUT	`/approvals/matrices/<sqid>/update/`	Update a rule
GET	`/approvals/requests/`	List change requests
GET	`/approvals/requests/<sqid>/`	Get request details
GET	`/approvals/tasks/`	Get YOUR pending approval tasks
POST	`/approvals/tasks/<sqid>/act/`	Approve or reject
GET	`/approvals/allowed-content-types/`	What entity types support approvals

Approving a task:

{
  "action": "approved",
  "comment": "Looks good, approved."
}

Users#

Method	Endpoint	What it does
GET	`/user/`	List all users (admin only)
POST	`/user/create/`	Create a new user
GET	`/user/<sqid>/`	Get user profile
PUT	`/user/<sqid>/groups/`	Assign roles/groups
GET	`/user/available-groups/`	List available roles
GET	`/user/dropdown/`	Simple user list

Utilities#

Method	Endpoint	What it does
GET	`/internal/health/`	Health check (no auth needed)
GET	`/internal/content-type/<app>/<model>/`	Get ContentType ID for a model
POST	`/commodity/what-if-analysis/`	Price simulation for commodities

Pagination#

List endpoints support:

?offset=0 — Skip this many records
?limit=20 — Return this many records
?search=query — Full-text search

Response includes total count for building pagination UI.

Error Codes#

Status	Meaning
200	Success
400	Validation error (check `message` for details)
401	Not logged in or token expired
403	You don’t have permission
404	Record not found
429	Too many requests (rate limited)