Skip to main content
The Staff API enables you to create and manage staff accounts, assign them to branches, control permissions via roles, and track work shifts.

Features

  • User Management: Create staff accounts with email/password authentication
  • Role-Based Access: Assign roles with specific permissions (admin, manager, cashier, waiter, kitchen)
  • Branch Assignments: Assign staff to one or more branches
  • Shift Tracking: Clock in/out functionality with shift history
  • Password Management: Change staff passwords
  • Active/Inactive Status: Enable or disable staff accounts

Authentication

Requires authentication and permissions:
  • staff:read - View staff and shift data
  • staff:create - Create staff accounts and shifts
  • staff:update - Update staff details and close shifts

Base URL

https://api.restai.app/v1/staff

Staff Roles

  • org_admin - Full organization access
  • branch_manager - Manage a specific branch
  • cashier - Process payments and orders
  • waiter - Take orders and serve customers
  • kitchen - View and update kitchen orders

Create Staff User

Create a new staff member.

Endpoint

POST /staff

Request Body

email
string
required
Email address (must be unique)
password
string
required
Password (minimum 8 characters)
name
string
required
Full name (2-255 characters)
role
string
required
Role: org_admin, branch_manager, cashier, waiter, or kitchen
branchIds
array
required
Array of branch UUIDs to assign (minimum 1)

Example Request

curl -X POST https://api.restai.app/v1/staff \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePass123",
    "name": "Carlos Ramirez",
    "role": "waiter",
    "branchIds": ["550e8400-e29b-41d4-a716-446655440000"]
  }'

List Staff

Retrieve all staff for the organization with their branch assignments.

Endpoint

GET /staff

Query Parameters

includeInactive
boolean
default:"false"
Set to true to include inactive users

Response

success
boolean
Request success status
data
array
Array of staff users
id
string
User UUID
name
string
Full name
email
string
Email address
role
string
User role
isActive
boolean
Active status
createdAt
string
Creation timestamp
branches
array
Assigned branches
id
string
Branch UUID
name
string
Branch name

Example Request

curl https://api.restai.app/v1/staff \
  -H "Authorization: Bearer YOUR_TOKEN"

Update Staff

Update staff member details.

Endpoint

PATCH /staff/:id

Path Parameters

id
string
required
User UUID

Request Body

All fields are optional:
name
string
Full name (2-255 characters)
role
string
New role
isActive
boolean
Active status
branchIds
array
Array of branch UUIDs (replaces existing assignments)

Example Request

curl -X PATCH https://api.restai.app/v1/staff/550e8400-e29b-41d4-a716-446655440000 \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "role": "cashier",
    "branchIds": [
      "660e8400-e29b-41d4-a716-446655440000",
      "770e8400-e29b-41d4-a716-446655440000"
    ]
  }'

Change Password

Update a staff member’s password.

Endpoint

PATCH /staff/:id/password

Path Parameters

id
string
required
User UUID

Request Body

password
string
required
New password (minimum 8 characters)

Example Request

curl -X PATCH https://api.restai.app/v1/staff/550e8400-e29b-41d4-a716-446655440000/password \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"password": "NewSecurePass456"}'

Clock In (Create Shift)

Create a new shift (clock in).

Endpoint

POST /staff/shifts

Request Body

notes
string
Optional notes (max 500 characters)

Behavior

  • Uses authenticated user’s ID
  • Prevents creating multiple open shifts
  • Records start time automatically

Example Request

curl -X POST https://api.restai.app/v1/staff/shifts \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"notes": "Turno de tarde"}'

List Shifts

Retrieve shift history for the branch.

Endpoint

GET /staff/shifts

Query Parameters

startDate
string
Filter shifts starting after this date (ISO 8601)
endDate
string
Filter shifts starting before this date (ISO 8601)

Response

Returns up to 50 most recent shifts.

Example Request

curl "https://api.restai.app/v1/staff/shifts?startDate=2026-03-01" \
  -H "Authorization: Bearer YOUR_TOKEN"

Clock Out (End Shift)

Close an open shift (clock out).

Endpoint

PATCH /staff/shifts/:id

Path Parameters

id
string
required
Shift UUID

Behavior

  • Sets end_time to current timestamp
  • Returns error if shift is already closed

Example Request

curl -X PATCH https://api.restai.app/v1/staff/shifts/550e8400-e29b-41d4-a716-446655440000 \
  -H "Authorization: Bearer YOUR_TOKEN"

Build docs developers (and LLMs) love

Get started for freeTalk to us