Skip to main content

Base URL

All API endpoints are prefixed with /api/v1. 
https://yourdomain.com/api/v1

Interactive docs

Swagger UI is available at /api/documentation on any running instance. The underlying OpenAPI specification is served from that same path as JSON.

Request format

All requests and responses use JSON. Set Content-Type: application/json and Accept: application/json on every request.

Authentication

The API uses Laravel Sanctum bearer tokens. Pass your token in the Authorization header: 
Authorization: Bearer <token>
See Authentication for how to obtain a token.

Versioning

The current stable version is v1. The version prefix is part of every URL (/api/v1/...). Breaking changes will be released under a new version prefix.

Available endpoint groups

Auth

Register, OTP flow, social login, and current user.

Products

Public product catalog with tenant scoping and caching.

Orders

Create and manage tenant orders with status transitions.

Coupons & Checkout

Verify coupon codes, list discounts, and manage cart/inventory during checkout.

Analytics

Track page views, interactions, and conversion events.

AI

AI-powered business profile generation and optimization.

Notifications

List, count, and mark notifications; manage push subscriptions.

Reports

Generate and download sales, inventory, and kitchen reports.

Additional endpoints

The following endpoints are also available in api/v1 but are documented inline rather than having dedicated pages:

Tenant settings

MethodPathAuthDescription
GET/api/v1/settingsauth:sanctum, tenant.ownershipRetrieve tenant branding and configuration
POST/api/v1/settings/updateauth:sanctum, tenant.ownershipUpdate tenant branding (name, logo, whatsapp, schedule)
Route name: api.tenant.settings.update The GET /api/v1/settings response is shaped by TenantSettingsResource and includes the tenant’s name, slug, logo URL, WhatsApp number, opening hours, and plan status. The POST endpoint accepts multipart form data when uploading a logo file.

Error format

All error responses follow a consistent JSON structure: 
{
  "message": "Human-readable error description",
  "errors": {
    "field_name": ["Validation message"]
  }
}
StatusMeaning
200Success
201Created
202Accepted (async job dispatched)
204No content
400Bad request
401Unauthenticated
403Forbidden
404Not found
422Validation error
429Rate limit exceeded
500Server error

Build docs developers (and LLMs) love

Get started for freeTalk to us