Skip to main content
This page describes planned API endpoints for the Syngenta Warehouse Management System. The application is currently in early development. No API endpoints are currently implemented.

Overview

The Syngenta WMS API will use JWT (JSON Web Token) based authentication. All API requests will require a valid access token in the Authorization header.

Authentication Flow

  1. Login - Exchange credentials for access and refresh tokens
  2. API Requests - Include access token in Authorization header
  3. Token Refresh - Use refresh token to obtain new access token when expired
  4. Logout - Invalidate tokens when session ends

Login

Authenticate with username and password to receive access and refresh tokens.

Endpoint

POST /api/v1/auth/login

Request Body

email
string
required
User’s email address
password
string
required
User’s password
rememberMe
boolean
default:"false"
Extend refresh token expiration to 30 days

Request Example

curl -X POST https://api.syngenta-wms.com/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePassword123!",
    "rememberMe": false
  }'

Response

success
boolean
Indicates if the request was successful
data
object
accessToken
string
JWT access token (expires in 1 hour)
refreshToken
string
Refresh token for obtaining new access tokens (expires in 7 days, or 30 days with rememberMe)
expiresIn
number
Access token expiration time in seconds (3600)
tokenType
string
Token type (always “Bearer”)
user
object
id
string
User ID
email
string
User email
name
string
User full name
role
string
User role (admin, manager, operator, viewer)
warehouse
string
Assigned warehouse code
Response Example
{
  "success": true,
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expiresIn": 3600,
    "tokenType": "Bearer",
    "user": {
      "id": "usr_123456",
      "email": "[email protected]",
      "name": "John Doe",
      "role": "manager",
      "warehouse": "WH001"
    }
  },
  "metadata": {
    "timestamp": "2026-03-12T10:30:00Z",
    "requestId": "req_abc123"
  }
}

Using Access Tokens

Include the access token in the Authorization header for all authenticated requests: 
Authorization: Bearer {access_token}
Never expose access tokens in client-side code or logs. Store tokens securely and transmit only over HTTPS.

Example Request

curl -X GET https://api.syngenta-wms.com/api/v1/inventory \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "Content-Type: application/json"

Refresh Token

When the access token expires, use the refresh token to obtain a new access token without requiring the user to log in again.

Endpoint

POST /api/v1/auth/refresh

Request Body

refreshToken
string
required
The refresh token received during login

Request Example

curl -X POST https://api.syngenta-wms.com/api/v1/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }'

Response

{
  "success": true,
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expiresIn": 3600,
    "tokenType": "Bearer"
  },
  "metadata": {
    "timestamp": "2026-03-12T11:30:00Z",
    "requestId": "req_def456"
  }
}

Logout

Invalidate the current refresh token and access token.

Endpoint

POST /api/v1/auth/logout

Headers

Authorization: Bearer {access_token}

Request Body

refreshToken
string
required
The refresh token to invalidate

Request Example

curl -X POST https://api.syngenta-wms.com/api/v1/auth/logout \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "Content-Type: application/json" \
  -d '{
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }'

Response

{
  "success": true,
  "data": {
    "message": "Logged out successfully"
  },
  "metadata": {
    "timestamp": "2026-03-12T12:00:00Z",
    "requestId": "req_ghi789"
  }
}

Get Current User

Retrieve information about the currently authenticated user.

Endpoint

GET /api/v1/auth/me

Headers

Authorization: Bearer {access_token}

Request Example

curl -X GET https://api.syngenta-wms.com/api/v1/auth/me \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Response

{
  "success": true,
  "data": {
    "id": "usr_123456",
    "email": "[email protected]",
    "name": "John Doe",
    "role": "manager",
    "warehouse": "WH001",
    "permissions": [
      "inventory.read",
      "inventory.write",
      "orders.read",
      "orders.write",
      "reports.read"
    ],
    "createdAt": "2025-01-15T08:00:00Z",
    "lastLoginAt": "2026-03-12T10:30:00Z"
  },
  "metadata": {
    "timestamp": "2026-03-12T10:35:00Z",
    "requestId": "req_jkl012"
  }
}

Token Expiration

Access tokens expire after 1 hour. Refresh tokens expire after 7 days (or 30 days with rememberMe).
Implement automatic token refresh to maintain seamless user experience:
JavaScript Example
class ApiClient {
  async request(url, options = {}) {
    let accessToken = localStorage.getItem('accessToken');
    
    // Add auth header
    options.headers = {
      ...options.headers,
      'Authorization': `Bearer ${accessToken}`
    };
    
    let response = await fetch(url, options);
    
    // If token expired, refresh and retry
    if (response.status === 401) {
      const refreshToken = localStorage.getItem('refreshToken');
      
      const refreshResponse = await fetch('/api/v1/auth/refresh', {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ refreshToken })
      });
      
      if (refreshResponse.ok) {
        const data = await refreshResponse.json();
        accessToken = data.data.accessToken;
        localStorage.setItem('accessToken', accessToken);
        
        // Retry original request with new token
        options.headers['Authorization'] = `Bearer ${accessToken}`;
        response = await fetch(url, options);
      } else {
        // Refresh failed, redirect to login
        window.location.href = '/login';
        throw new Error('Authentication failed');
      }
    }
    
    return response;
  }
}

API Keys (Optional)

For server-to-server integrations, API keys can be used instead of JWT tokens.
API keys provide full access to your account. Keep them secure and never expose them in client-side code.

Using API Keys

Include the API key in the X-API-Key header: 
X-API-Key: sk_live_1234567890abcdef

Example

curl -X GET https://api.syngenta-wms.com/api/v1/inventory \
  -H "X-API-Key: sk_live_1234567890abcdef" \
  -H "Content-Type: application/json"
Contact your account manager to generate API keys for your organization.

Permissions

Access to API endpoints is controlled by role-based permissions:
RolePermissions
AdminFull access to all endpoints
ManagerRead/write access to inventory, orders, and reports
OperatorRead/write access to inventory and orders (limited)
ViewerRead-only access to inventory and reports

Error Responses

Invalid Credentials

{
  "success": false,
  "error": {
    "code": "INVALID_CREDENTIALS",
    "message": "Invalid email or password"
  },
  "metadata": {
    "timestamp": "2026-03-12T10:30:00Z",
    "requestId": "req_error1"
  }
}

Expired Token

{
  "success": false,
  "error": {
    "code": "TOKEN_EXPIRED",
    "message": "Access token has expired"
  },
  "metadata": {
    "timestamp": "2026-03-12T11:30:00Z",
    "requestId": "req_error2"
  }
}

Invalid Token

{
  "success": false,
  "error": {
    "code": "INVALID_TOKEN",
    "message": "Invalid or malformed token"
  },
  "metadata": {
    "timestamp": "2026-03-12T11:30:00Z",
    "requestId": "req_error3"
  }
}

Build docs developers (and LLMs) love

Get started for freeTalk to us