Last Updated: June 2025
Status: Working document tracking implementation and TODOs
All API endpoints require authentication via Bearer token in the Authorization header:
Authorization: Bearer <token>
Tokens are obtained through the login endpoints and are valid for 24 hours.
- ✅ Implemented - Fully working in production
- 🚧 Partial - Core functionality exists but missing features
- ❌ Not Started - Planned but not implemented
- 🗑️ Deprecated - Removed or being phased out
POST /api/auth/store/{store_id}/login
Content-Type: application/json
{
"pin": "123456"
}
Returns: { "token": "...", "auth_level": "user" }
POST /api/auth/send-code
Content-Type: application/json
{
"store_id": "100",
"email": "admin@store.com"
}
POST /api/auth/verify-code
Content-Type: application/json
{
"store_id": "100",
"email": "admin@store.com",
"code": "ABC123"
}
Returns: { "token": "...", "auth_level": "admin" }
GET /api/status
Returns current authentication status without requiring store_id.
All store endpoints follow the pattern /api/store/{store_id}/...
GET /api/store/{store_id}/boxes
Returns complete store configuration including all boxes.
GET /api/store/{store_id}/boxes_with_sections
Returns boxes organized by supplier/type sections for the editor UI.
GET /api/store/{store_id}/info
Returns store configuration information:
{
"store_id": "100",
"name": "Downtown Store"
}POST /api/store/{store_id}/update_itemized_prices
Content-Type: application/json
[
{
"model": "10C-UPS",
"prices": {
"box_price": 1.50,
"basic_materials": 0.25,
"basic_services": 0.75,
// ... all fields required
}
}
]
POST /api/store/{store_id}/calculate
Content-Type: application/json
{
"length": 10,
"width": 8,
"height": 6,
"protectionLevel": "Standard"
}
Returns recommendations sorted by score with details on each packing strategy.
GET /api/store/{store_id}/packing-rules
Returns protection level definitions and recommendation engine config.
POST /api/store/{store_id}/packing-rules
Content-Type: application/json
{
"rules": [...],
"engine_config": {...}
}
GET /api/store/{store_id}/floorplan
Returns floorplan image if available.
POST /api/store/{store_id}/floorplan
Content-Type: multipart/form-data
file: <image file>
POST /api/store/{store_id}/boxes/location
Content-Type: application/json
{
"model": "10C-UPS",
"coords": [0.425, 0.634]
}
POST /api/store/{store_id}/import/analyze
Content-Type: multipart/form-data
file: <excel file>
pricing_mode: "standard" or "itemized"
Returns preview of matched/unmatched items.
POST /api/store/{store_id}/import/apply
Content-Type: application/json
{
"mappings": [...],
"pricing_mode": "standard"
}
The vendor system has been replaced with a universal box library. All boxes are now vendor-agnostic.
GET /api/boxes/library
Returns all boxes in the library with dimensions, alternate depths, and name aliases.
Note: Library search is performed client-side for better performance. The frontend loads all boxes once and filters them locally.
POST /api/boxes/library/check
Content-Type: application/json
{
"dimensions": [10, 10, 10],
"alternate_depths": [7.5, 5]
}
Returns whether an exact match exists in the library.
POST /api/store/{store_id}/box
Content-Type: application/json
{
"model": "10C-CUSTOM",
"dimensions": [10, 10, 10],
"alternate_depths": [7.5, 5],
"from_library": true, // Indicates box came from library
"offered_names": ["10x10x10", "10C-UPS"] // Names offered during selection
}
Note: The supplier field has been removed from the system. Box type is now determined by the from_library flag.
POST /api/store/{store_id}/boxes/batch
Content-Type: application/json
[
{
"model": "10C-UPS",
"dimensions": [10, 10, 10],
"alternate_depths": [7.5, 5],
"from_library": true,
"offered_names": ["10x10x10", "10C-UPS"]
},
{
"model": "12C-UPS",
"dimensions": [12, 12, 12],
"alternate_depths": [9.5, 7],
"from_library": true,
"offered_names": ["12x12x12", "12C-UPS"]
}
]
Adds multiple boxes in a single request. Used by box discovery feature.
POST /api/store/{store_id}/discover_boxes
Content-Type: multipart/form-data
file: [Excel file]
Analyzes an Excel price sheet to discover box dimensions and suggests matches from the library.
When selecting a box from the library, users can click "I need different specs..." to:
- Pre-fill custom form with library box dimensions
- Modify any specifications
- Create a custom variant
This feature tracks modifications for statistics via the box modification endpoint.
Library search now includes a checkbox to "Hide boxes already in this store" which:
- Filters out exact matches (dimensions + alternate depths)
- Helps users find only new boxes to add
- Enabled by default
{
"data": "...",
"message": "Success"
}{
"detail": "Error message"
}200- Success201- Created400- Bad Request (invalid input)401- Unauthorized (no/invalid token)403- Forbidden (insufficient permissions)404- Not Found429- Too Many Requests (rate limited)500- Internal Server Error
- Email endpoints: 10 requests per hour per store
- General API: No hard limits, but be reasonable
Demo endpoints work the same but with store ID 999999. Some operations are restricted:
- No floorplan uploads
- No email sending
- Data resets hourly