API Endpoints Reference

All API endpoints are served from the /api prefix. The base URL depends on the environment:

Local: http://localhost:8000/api
Staging: https://api.staging.upvendo.com/api
Production: https://api.upvendo.com/api

Route Architecture

Routes are organized in a modular file structure under routes/:

routes/api.php - Main API route file, includes all sub-route files
routes/api/guest.php - Unauthenticated routes (login, webhooks, device activation)
routes/api/backoffice/*.php - BackOffice CRUD routes (auto-loaded via glob)
routes/api/backoffice/settings/*.php - Settings sub-routes (auto-loaded via glob)

All backoffice routes live under the /back-office prefix and require the middleware stack: auth, type:backoffice, tenant:backoffice, check-user-activity

Public Endpoints (No Auth Required)

Constants

Method	Path	Description
GET	`/country-options`	List available countries
GET	`/lang-options`	List available languages
GET	`/calling-code-options`	List phone calling codes
GET	`/branding-font-options`	List branding font choices
GET	`/allergens-options`	List allergen options
GET	`/dietary-preferences-options`	List dietary preference options
GET	`/dietary-supplements-options`	List dietary supplement options
GET	`/tags-options`	List tag options

Health Check

Method	Path	Description
GET	`/health`	Simple health check
GET	`/health/detailed`	Detailed health check with component status
GET	`/health/fresh`	Fresh health check (no cache)
GET	`/health/status`	Health status summary

Authentication Endpoints

BackOffice Authentication (Guest Routes)

Method	Path	Description
POST	`/login`	Login with email/password, returns JWT token
POST	`/back-office/register`	Register new merchant account
POST	`/back-office/forget-password`	Request password reset email
PUT	`/back-office/update-password`	Update password using reset token
POST	`/back-office/request-otp`	Request OTP code for two-factor auth
POST	`/back-office/verify-otp`	Verify OTP code and complete login
POST	`/back-office/passkeys`	Get WebAuthn challenge for passkey login
POST	`/back-office/authenticate-passkey`	Authenticate using WebAuthn passkey
GET	`/back-office/join-merchant`	Get details for merchant invitation
POST	`/back-office/join-merchant`	Accept merchant invitation

BackOffice Authenticated User

Method	Path	Middleware	Description
POST	`/logout`	auth, type:backoffice	Logout (client discards JWT)
POST	`/back-office/start-using`	auth, type:backoffice	Mark merchant as started
GET	`/back-office/user`	auth, type:backoffice	Get current user profile
PUT	`/back-office/user-personal-info`	auth, type:backoffice	Update personal info
PUT	`/back-office/user-business-info`	auth, type:backoffice	Update business info
GET	`/back-office/merchant-options`	auth, type:backoffice	List user's merchants
POST	`/back-office/set-merchant`	auth, type:backoffice	Switch active merchant (returns new JWT)
GET	`/validate-token`	auth	Validate JWT token (used by Cloudflare Worker)

Passkey Management (Authenticated)

Method	Path	Description
GET	`/back-office/passkeys`	Get user's registered passkeys
GET	`/back-office/passkeys/setup`	Get passkey registration options
POST	`/back-office/passkeys/setup`	Register a new passkey
DELETE	`/back-office/passkeys`	Delete a passkey

Customer Authentication (Guest Routes)

Method	Path	Description
POST	`/customer/send-otp`	Send OTP to customer phone/email
POST	`/customer/login`	Verify OTP and login customer

Customer Authenticated

Method	Path	Middleware	Description
GET	`/customer/user`	auth, type:customer	Get customer profile
POST	`/customer/logout`	auth, type:customer	Logout customer
GET	`/customer/personal-info`	auth, type:customer	Get personal info
POST	`/customer/personal-info`	auth, type:customer	Update personal info
GET	`/customer/addresses`	auth, type:customer	List addresses
GET	`/customer/addresses/options`	auth, type:customer	Address form options
POST	`/customer/addresses`	auth, type:customer	Add new address
DELETE	`/customer/addresses/{addressId}`	auth, type:customer	Delete address
GET	`/customer/loyalties/{slug}`	auth, type:customer	List loyalty programs
GET	`/customer/loyalties/{slug}/{locationId}`	auth, type:customer	Loyalty program detail
GET	`/customer/{slug}/locations`	auth, type:customer	List user's locations

Device Authentication (Guest)

Method	Path	Description
POST	`/device-auth/activate`	Activate device with activation code

Device Authenticated

Method	Path	Middleware	Description
GET	`/device-auth/user`	auth, tenant:kiosk,kds	Get device info
POST	`/device-auth/network-info`	auth, tenant:kiosk,kds	Update device network info
POST	`/device-auth/logout`	auth	Logout device

BackOffice CRUD Endpoints

All endpoints below are prefixed with /back-office and require auth + type:backoffice + tenant:backoffice middleware.

Items

Method	Path	Permission	Description
GET	`/items/datatable`	VIEW_ITEMS	List items (DataTable format)
GET	`/items/export`	EXPORT_ITEMS	Export items to spreadsheet
GET	`/items/options`	--	Item select options
POST	`/items`	CREATE_ITEMS	Create item
GET	`/items/{id}`	VIEW_ITEMS	Show item detail
PUT	`/items/{id}`	EDIT_ITEMS	Update item
DELETE	`/items/{id}`	DELETE_ITEMS	Delete item

Method	Path	Permission	Description
GET	`/categories/datatable`	VIEW_CATEGORIES	List categories
GET	`/categories/options`	--	Category select options
POST	`/categories`	CREATE_CATEGORIES	Create category
GET	`/categories/{id}`	VIEW_CATEGORIES	Show category
PUT	`/categories/{id}`	EDIT_CATEGORIES	Update category
DELETE	`/categories/{id}`	DELETE_CATEGORIES	Delete category

Menus

Method	Path	Permission	Description
GET	`/menu-options`	--	Menu select options
GET	`/menus`	VIEW_MENUS	List all menus
POST	`/menus`	CREATE_MENUS	Create menu
GET	`/menus/{id}`	VIEW_MENUS	Show menu detail
PUT	`/menus/{id}`	EDIT_MENUS	Update menu
DELETE	`/menus/{id}`	DELETE_MENUS	Delete menu
POST	`/menus/duplicate/{id}`	CREATE_MENUS	Duplicate menu
POST	`/menus/draft/{id}`	EDIT_MENUS	Set menu to draft
POST	`/menus/archive/{id}`	EDIT_MENUS	Archive menu
POST	`/menus/publish/{id}`	EDIT_MENUS	Publish menu
GET	`/menus/display-group-items/{id}`	VIEW_MENUS	List display group items
POST	`/menus/display-group-items/{id}`	EDIT_MENUS	Save display group items
DELETE	`/menus/display-groups/{id}`	EDIT_MENUS	Delete display group
POST	`/menus/move-item-to-other-group/{id}`	EDIT_MENUS	Move item between groups

Modifier Groups

Method	Path	Permission	Description
GET	`/modifiers`	--	List all modifiers
GET	`/modifier-groups`	VIEW_MODIFIER_GROUPS	List modifier groups
POST	`/modifier-groups`	CREATE_MODIFIER_GROUPS	Create modifier group
GET	`/modifier-groups/options`	--	Modifier group options
PUT	`/modifier-groups/reorder`	EDIT_MODIFIER_GROUPS	Reorder modifier groups
GET	`/modifier-groups/{id}`	VIEW_MODIFIER_GROUPS	Show modifier group
PUT	`/modifier-groups/{id}`	EDIT_MODIFIER_GROUPS	Update modifier group
DELETE	`/modifier-groups/{id}`	DELETE_MODIFIER_GROUPS	Delete modifier group

Variant Groups

Method	Path	Permission	Description
POST	`/variant-groups`	CREATE_VARIANT_GROUPS	Create variant group
GET	`/variant-groups/{id}`	VIEW_ITEMS	Show variant group
PUT	`/variant-groups/{id}`	EDIT_VARIANT_GROUPS	Update variant group
DELETE	`/variant-groups/{id}`	DELETE_VARIANT_GROUPS	Delete variant group

Display Groups

Method	Path	Description
GET	`/display-groups`	List all display groups
POST	`/display-groups`	Create display group
GET	`/display-groups/{id}`	Show display group
PUT	`/display-groups/{id}`	Update display group
DELETE	`/display-groups/{id}`	Delete display group

Offers

Method	Path	Permission	Description
GET	`/offers`	VIEW_OFFERS	List offers
POST	`/offers`	CREATE_OFFERS	Create offer
GET	`/offers/{id}`	VIEW_OFFERS	Show offer
PUT	`/offers/{id}`	EDIT_OFFERS	Update offer
DELETE	`/offers/{id}`	DELETE_OFFERS	Delete offer
POST	`/offers/activate/{id}`	EDIT_OFFERS	Activate offer
POST	`/offers/deactivate/{id}`	EDIT_OFFERS	Deactivate offer
POST	`/offers/archive/{id}`	EDIT_OFFERS	Archive offer
POST	`/offers/unarchive/{id}`	EDIT_OFFERS	Unarchive offer

Transactions

Method	Path	Permission	Description
GET	`/transactions/export`	EXPORT_TRANSACTION_REPORTS	Export transactions
GET	`/transactions/stats`	VIEW_TRANSACTIONS	Transaction statistics
GET	`/transactions/datatable`	VIEW_TRANSACTIONS	List transactions
GET	`/transactions/{id}`	VIEW_TRANSACTIONS	Show transaction
POST	`/transactions/{id}/resend-receipt`	VIEW_TRANSACTIONS	Resend receipt

Customers (BackOffice)

Method	Path	Permission	Description
GET	`/customers/datatable`	VIEW_CUSTOMERS	List customers
GET	`/customers/export`	EXPORT_CUSTOMERS	Export customers
POST	`/customers`	CREATE_CUSTOMERS	Create customer
GET	`/customers/order-detail/{id}`	VIEW_TRANSACTIONS	Show order detail
GET	`/customers/{id}`	VIEW_CUSTOMERS	Show customer
PUT	`/customers/{id}`	EDIT_CUSTOMERS	Update customer
DELETE	`/customers/{id}`	DELETE_CUSTOMERS	Delete customer
GET	`/customers/{id}/orders`	VIEW_CUSTOMERS	Customer orders
GET	`/customers/{id}/gift-cards`	VIEW_CUSTOMERS	Customer gift cards
GET	`/customers/{id}/reward-redemptions`	VIEW_CUSTOMERS	Customer rewards
GET	`/customers/{id}/timelines`	VIEW_CUSTOMERS	Customer timeline
POST	`/customers/{id}/notes`	EDIT_CUSTOMERS	Add customer notes
POST	`/customers/{id}/marketing`	EDIT_CUSTOMERS	Update marketing preferences
POST	`/customers/{id}/addresses`	EDIT_CUSTOMERS	Add address
POST	`/customers/{id}/addresses/{addressId}`	EDIT_CUSTOMERS	Set default address

Devices

Method	Path	Permission	Description
GET	`/devices`	VIEW_DEVICES	List devices
POST	`/devices`	CREATE_DEVICES	Create device
POST	`/devices/subscribe/{locationId}`	CREATE_DEVICES	Subscribe device
GET	`/devices/new`	CREATE_DEVICES	New device form data
GET	`/devices/options`	--	Device select options
GET	`/devices/{id}`	VIEW_DEVICES	Show device
PUT	`/devices/{id}`	EDIT_DEVICES	Update device
DELETE	`/devices/{id}`	DELETE_DEVICES	Delete device
POST	`/devices/{id}/remote-control`	--	Send remote control command
POST	`/devices/{id}/square-device-code`	--	Create Square device code
POST	`/devices/{id}/new-activation-code`	--	Generate new activation code
POST	`/devices/{id}/send-activation-code`	--	Send activation code via email
POST	`/devices/{id}/activate-payment`	--	Activate payment reader
POST	`/devices/{id}/deactivate-payment`	--	Deactivate payment reader
POST	`/devices/{id}/profile`	EDIT_DEVICES	Assign device profile

Device Profiles

Method	Path	Permission	Description
GET	`/device-profiles`	VIEW_DEVICE_PROFILE	List profiles
POST	`/device-profiles`	CREATE_DEVICE_PROFILE	Create profile
GET	`/device-profiles/options`	--	Profile options
GET	`/device-profiles/{id}`	VIEW_DEVICE_PROFILE	Show profile
PUT	`/device-profiles/{id}`	EDIT_DEVICE_PROFILE	Update profile
DELETE	`/device-profiles/{id}`	DELETE_DEVICE_PROFILE	Delete profile

Content

Method	Path	Permission	Description
GET	`/contents/datatable`	--	Content datatable
GET	`/contents`	--	List all content
POST	`/contents`	CREATE_CONTENT	Create content
GET	`/contents/{id}`	VIEW_CONTENT	Show content
POST	`/contents/{id}`	VIEW_CONTENT	Update content
DELETE	`/contents`	DELETE_CONTENT	Delete multiple content items

Inventories

Method	Path	Description
GET	`/inventories`	Inventory overview
POST	`/inventories`	Create inventory history
DELETE	`/inventories`	Delete inventory entries

Tax Rates

Method	Path	Permission	Description
GET	`/tax-rate-options`	--	Tax rate select options
GET	`/tax-rates/datatable`	VIEW_TAX_RATES	List tax rates
POST	`/tax-rates`	CREATE_CUSTOM_TAX_RATES	Create tax rate
PUT	`/tax-rates/{id}`	EDIT_CUSTOM_TAX_RATES	Update tax rate
DELETE	`/tax-rates/{id}`	DELETE_CUSTOM_TAX_RATES	Delete tax rate

Settings Endpoints

All prefixed with /back-office/settings/ and require backoffice auth.

Locations

Method	Path	Description
GET	`/location-options`	Location select options
GET	`/locations/address-suggestions`	Autocomplete address
GET	`/locations/datatable`	List locations
POST	`/locations`	Create location
GET	`/locations/{id}`	Show location
PUT	`/locations/{id}`	Update location
DELETE	`/locations/{id}`	Delete location
PUT	`/locations/{id}/status`	Update location status
POST	`/locations/export`	Export locations
GET	`/locations/{id}/terminal-options`	Get terminal options for location

Team (Users & Roles)

Method	Path	Permission	Description
GET	`/team/permission-list`	--	List all permissions
GET	`/team/roles/options`	--	Role select options
GET	`/team/roles`	VIEW_ROLES	List roles
GET	`/team/roles/{roleId}`	VIEW_ROLES	Show role
POST	`/team/roles`	CREATE_ROLES	Create role
PUT	`/team/roles/{roleId}`	EDIT_ROLES	Update role
DELETE	`/team/roles/{roleId}`	DELETE_ROLES	Delete role
GET	`/team/users`	VIEW_USERS	List users
POST	`/team/users`	CREATE_USERS	Invite user
POST	`/team/users/{userId}/resend-invitation`	CREATE_USERS	Resend invitation
PUT	`/team/users/{userId}/roles`	ASSIGN_ROLES	Assign roles
PUT	`/team/users/{userId}/locations`	EDIT_USER_LOCATION_ACCESS	Assign locations
PUT	`/team/users/{userId}`	EDIT_USERS	Update user
DELETE	`/team/users/{userId}`	DELETE_USERS	Delete user
GET	`/team/users/global`	VIEW_USERS	List global users
POST	`/team/users/global`	CREATE_USERS	Create global user
PUT	`/team/users/global/{userId}`	EDIT_USERS	Update global user
DELETE	`/team/users/global/{userId}`	DELETE_USERS	Delete global user

Billing Profiles

Method	Path	Permission	Description
GET	`/billing-profiles`	VIEW_BILLING_PROFILES	List profiles
GET	`/billing-profiles/options`	--	Profile options
POST	`/billing-profiles`	CREATE_BILLING_PROFILES	Create profile
GET	`/billing-profiles/{id}`	VIEW_BILLING_PROFILES	Show profile
PUT	`/billing-profiles/{id}`	EDIT_BILLING_PROFILES	Update profile name
POST	`/billing-profiles/{id}`	EDIT_BILLING_PROFILES	Attach payment method
DELETE	`/billing-profiles/{id}`	DELETE_BILLING_PROFILES	Delete profile
GET	`/billing-profiles/{id}/past-bills`	VIEW_BILLING_PROFILES	Past bills datatable
GET	`/billing-profiles/{id}/export`	VIEW_BILLING_PROFILES	Export past bills
GET	`/billing-profiles/{id}/subscriptions`	VIEW_BILLING_PROFILES	List subscriptions
POST	`/billing-profiles/{id}/subscriptions/{subId}/cancel`	EDIT_BILLING_PROFILES	Cancel subscription
POST	`/billing-profiles/{id}/subscriptions/{subId}/reactivate`	EDIT_BILLING_PROFILES	Reactivate subscription
POST	`/billing-profiles/{id}/subscriptions/{subId}/retry-payment`	EDIT_BILLING_PROFILES	Retry failed payment

Payment Profiles

Method	Path	Permission	Description
GET	`/payment-profiles`	VIEW_PAYMENT_PROFILES	List profiles
POST	`/payment-profiles`	CREATE_PAYMENT_PROFILES	Create profile
GET	`/payment-profiles/options`	--	Profile options
GET	`/payment-profiles/{id}`	VIEW_PAYMENT_PROFILES	Show profile
PUT	`/payment-profiles/{id}`	EDIT_PAYMENT_PROFILES	Update name
DELETE	`/payment-profiles/{id}`	DELETE_PAYMENT_PROFILES	Delete profile
POST	`/payment-profiles/{id}/default`	EDIT_PAYMENT_PROFILES	Set as default

Branding Profiles

Method	Path	Permission	Description
GET	`/branding-profiles`	VIEW_BRANDING_PROFILE	List profiles
GET	`/branding-profiles/options`	--	Profile options
POST	`/branding-profiles`	CREATE_BRANDING_PROFILE	Create profile
POST	`/branding-profiles/set-default`	EDIT_BRANDING_PROFILE	Set default profile
GET	`/branding-profiles/{id}`	VIEW_BRANDING_PROFILE	Show profile
PUT	`/branding-profiles/{id}`	EDIT_BRANDING_PROFILE	Update profile
PUT	`/branding-profiles/{id}/name`	EDIT_BRANDING_PROFILE	Update name only
DELETE	`/branding-profiles/{id}`	DELETE_BRANDING_PROFILE	Delete profile

Languages & Translations

Method	Path	Permission	Description
GET	`/languages`	VIEW_LANGUAGE	List languages
GET	`/languages/check-incomplete`	VIEW_LANGUAGE	Check incomplete translations
POST	`/languages`	CREATE_LANGUAGE	Add language
POST	`/languages/set-default/{id}`	EDIT_LANGUAGE	Set default language
POST	`/languages/publish/{id}`	EDIT_LANGUAGE	Publish language
POST	`/languages/unpublish/{id}`	EDIT_LANGUAGE	Unpublish language
DELETE	`/languages/delete/{id}`	DELETE_LANGUAGE	Delete language
GET	`/translations`	VIEW_TRANSLATION	Get translations
POST	`/translations`	EDIT_TRANSLATION	Save translations
GET	`/translations/datatable`	VIEW_TRANSLATION	Translation datatable
POST	`/translations/translate`	EDIT_TRANSLATION	Auto-translate
GET	`/translations/bulk/{id}`	VIEW_TRANSLATION	Show bulk translations
POST	`/translations/bulk/{id}`	EDIT_TRANSLATION	Bulk auto-translate

Receipts & Activity Logs

Method	Path	Description
GET	`/receipts/{locationId}`	Get receipt settings
PUT	`/receipts/{locationId}`	Update receipt settings
GET	`/activity-logs/datatable`	List activity logs

Online Ordering Endpoints

Public (No Auth)

Method	Path	Description
GET	`/online-ordering/address-suggestions`	Autocomplete address search
GET	`/online-ordering/coordinates-to-address`	Reverse geocode coordinates
GET	`/online-ordering/{slug}`	Get restaurant/location info
POST	`/online-ordering/payment/process`	Process Square payment

Restaurant Suggestions (Optional Auth)

Method	Path	Description
GET	`/online-ordering/restaurant-suggestions/nearby`	Get nearby restaurants
POST	`/online-ordering/restaurant-suggestions/upvote`	Upvote a restaurant
GET	`/online-ordering/restaurant-suggestions/top`	Get top suggestions
GET	`/online-ordering/restaurant-suggestions/categories`	Get suggestion categories

Order Flow (Optional Customer Auth)

Method	Path	Middleware	Description
POST	`/online-ordering/{slug}/{locationId}/offers/validate`	auth.optional, tenant:online-ordering	Validate offers
POST	`/online-ordering/{slug}/{locationId}/available-timeslots`	auth.optional, tenant:online-ordering	Get available timeslots
POST	`/online-ordering/{slug}/{locationId}/payment`	auth.optional, tenant:online-ordering	Create payment
POST	`/online-ordering/{slug}/{locationId}/verify-payment`	auth.optional, tenant:online-ordering	Verify payment status

Customer Order History

Method	Path	Middleware	Description
POST	`/customer/{slug}/order-history`	auth.optional, throttle:5,1	Get order history
GET	`/customer/{slug}/order-detail/{orderId}`	auth.optional, throttle:10,1	Get order detail

Table QR Ordering (Optional Auth)

Method	Path	Description
GET	`/table-qr-ordering/{locationId}/{tableSectionId}/{tableNumber}`	Handle QR code scan
GET	`/table-qr-ordering/{locationId}/session/{sessionId}`	Get session details
POST	`/table-qr-ordering/{locationId}/session/{sessionId}/bind-order`	Bind order to session

BackOffice Online Ordering Management

Method	Path	Permission	Description
GET	`/online-ordering/{locationId}`	VIEW_ONLINE_ORDERING	Show settings
PUT	`/online-ordering/{locationId}`	EDIT_ONLINE_ORDERING	Update settings
POST	`/online-ordering/{locationId}/snooze`	EDIT_ONLINE_ORDERING	Snooze ordering
GET	`/online-settings/{locationId}`	--	Show online settings
PUT	`/online-settings/{locationId}`	--	Update online settings
GET	`/in-house-settings/{locationId}`	VIEW_SALES_CHANNEL	Show in-house settings
PUT	`/in-house-settings/{locationId}`	EDIT_IN_HOUSE_CHANNEL	Update in-house settings

QR Ordering Management

Method	Path	Description
GET	`/qr-ordering/{locationId}`	Show QR ordering config
PUT	`/qr-ordering/{locationId}`	Update QR ordering config
GET	`/qr-ordering/{locationId}/qr-download-options`	Get QR download options
POST	`/qr-ordering/{locationId}/download-multiple`	Download multiple QR codes

Table Sections

Method	Path	Description
POST	`/table-sections`	Create table section
GET	`/table-sections/location/{locationId}`	List sections for location
GET	`/table-sections/{id}`	Show section
PUT	`/table-sections/{id}`	Update section
DELETE	`/table-sections/{id}`	Delete section

Kiosk Endpoints

All require auth + capacitor.auth + type:kiosk + tenant:kiosk middleware.

Method	Path	Description
POST	`/kiosk/payment/create-intent`	Create payment intent on terminal
POST	`/kiosk/payment/send-receipt`	Send receipt to customer
POST	`/kiosk/payment/cancel-action`	Cancel terminal payment action
GET	`/kiosk/payment/session-status`	Check payment session status
GET	`/kiosk/payment/details/{idempotencyKey}`	Get payment details after completion
POST	`/kiosk/loyalty`	Login customer for loyalty
GET	`/kiosk/loyalty`	Get loyalty details
GET	`/kiosk/offers`	List available offers
POST	`/kiosk/offers/validate`	Validate selected offers
GET	`/kiosk/updates/check`	Check for app updates
POST	`/kiosk/updates/fcm/register`	Register FCM token
POST	`/kiosk/test-print-receipt`	Test print a receipt

Kiosk Public (No Auth)

Method	Path	Description
GET	`/kiosk/latest-app-version`	Get latest kiosk app version
GET	`/kiosk/download-apk/{versionCode?}`	Download APK

Kitchen Display System (KDS)

Requires auth + type:kds + tenant:kds middleware.

Method	Path	Description
POST	`/kds/fcm-token`	Update FCM token
GET	`/kds/orders`	List current orders
PUT	`/kds/mark-modifier`	Mark modifier item status
PUT	`/kds/mark-item`	Mark order item status
GET	`/kds/items`	List KDS items
PUT	`/kds/{id}/in-progress`	Mark order in progress
PUT	`/kds/{id}/ready`	Mark order ready
PUT	`/kds/{id}/complete`	Mark order complete
PUT	`/kds/{id}/prioritize`	Prioritize order
PUT	`/kds/{id}/hold`	Hold order
PUT	`/kds/settings`	Update KDS settings
GET	`/kds/categories`	List KDS categories

Integration Endpoints (BackOffice)

Deliveroo

Method	Path	Description
GET	`/deliveroo/{locationId}`	Get integration status
POST	`/deliveroo/{locationId}`	Enable integration
PUT	`/deliveroo/{locationId}`	Update integration
DELETE	`/deliveroo/{locationId}`	Disable integration
POST	`/deliveroo/{locationId}/sync-menu`	Sync menu to Deliveroo

Uber Eats

Method	Path	Description
GET	`/uber-eats/{locationId}`	Get integration status
POST	`/uber-eats/{locationId}`	Enable integration
PUT	`/uber-eats/{locationId}`	Update integration
DELETE	`/uber-eats/{locationId}`	Disable integration
POST	`/uber-eats/{locationId}/sync-menu`	Sync menu to Uber Eats
GET	`/uber-eats/{locationId}/store-list`	List Uber Eats stores

Square

Method	Path	Description
GET	`/square/status`	Get integration status
POST	`/square/oauth`	Initiate OAuth flow
POST	`/square/sync-time`	Update sync schedule
POST	`/square/disable`	Disable integration
POST	`/square/start-sync`	Start manual sync

Shopify

Method	Path	Description
GET	`/shopify/{locationId}`	Get integration status
PUT	`/shopify/{locationId}`	Update integration
DELETE	`/shopify/{locationId}`	Disable integration
POST	`/shopify/{locationId}/sync-menu`	Export menu to Shopify
POST	`/shopify/{locationId}/import-menu`	Import menu from Shopify
POST	`/shopify/{locationId}/oauth`	Initiate OAuth flow

Kassanet (POS Integration)

Method	Path	Description
GET	`/kassanet/{provider}/{locationId}`	Get integration status
POST	`/kassanet/{provider}/{locationId}`	Initiate integration
POST	`/kassanet/{provider}/{locationId}/sync-menu`	Sync menu
GET	`/kassanet/{provider}/{locationId}/test`	Test connection
DELETE	`/kassanet/{provider}/{locationId}`	Delete integration

Ordering Channels

Method	Path	Description
GET	`/in-house-channels/{locationId}`	List in-house channels
GET	`/online-channels/{locationId}`	List online channels

Webhook Endpoints

All webhook endpoints are unauthenticated (guest routes) but use signature verification middleware.

Method	Path	Middleware	Description
POST	`/stripe-webhook/{countryCode}`	--	Stripe webhook handler
GET/POST	`/viva-webhook/{countryCode}/{eventTypeId}`	--	Viva Wallet webhook (GET for verification)
POST	`/shopify-webhook`	verify.shopify-webhook	Shopify webhook handler
POST	`/webhook/deliveroo/orders`	verify.deliveroo-webhook	Deliveroo order events
POST	`/webhook/deliveroo/menu`	verify.deliveroo-webhook	Deliveroo menu events
POST	`/webhook/uber-eats`	verify.uber-eats-webhook	Uber Eats events
POST	`/webhook/square`	verify.square-webhook	Square events

OAuth Callbacks

Method	Path	Description
GET	`/shopify-callback`	Shopify OAuth callback
GET	`/square-callback`	Square OAuth callback
GET	`/uber-eats/callback`	Uber Eats OAuth callback

Utility Endpoints

Photo Studio (Authenticated BackOffice)

Method	Path	Description
POST	`/photo-studio`	Create photo
GET	`/photo-studio`	List photos
PUT	`/photo-studio/{id}`	Update photo
DELETE	`/photo-studio/{id}`	Delete photo
POST	`/photo-studio/remove-background`	AI background removal
POST	`/photo-studio/edit-photo`	AI photo editing
GET	`/photo-studio/account-info`	Get account usage info
GET	`/photo-studio/templates`	List photo templates
POST	`/photo-studio/templates`	Create template
PUT	`/photo-studio/templates/{id}`	Update template
DELETE	`/photo-studio/templates/{id}`	Delete template

Guided Setup

Method	Path	Description
GET	`/guided-setup`	List all setup guides
GET	`/guided-setup/{service}/video`	Get video details
POST	`/guided-setup/{service}/video/status`	Update video status
POST	`/guided-setup/{service}/reset`	Reset all setups
GET	`/guided-setup/{service}`	List setups for service
GET	`/guided-setup/{service}/{setupId}`	Show setup detail
POST	`/guided-setup/{service}/{setupId}/progress`	Update progress
POST	`/guided-setup/{service}/{setupId}/complete`	Mark complete
POST	`/guided-setup/{service}/{setupId}/reset`	Reset setup

Description Generator

Method	Path	Description
POST	`/description-generator/generate`	AI-generate item description

Loyalty (BackOffice)

Method	Path	Permission	Description
GET	`/loyalty/{locationId}`	VIEW_LOYALTY	Get loyalty config
GET	`/loyalty/{locationId}/subscription`	EDIT_LOYALTY	Get subscription info
POST	`/loyalty/{locationId}`	EDIT_LOYALTY	Create/update loyalty
DELETE	`/loyalty/{locationId}`	DELETE_LOYALTY	Delete loyalty

Super Admin

Method	Path	Middleware	Description
POST	`/super-admin/kiosk/upload`	super-admin	Upload kiosk APK

Other

Method	Path	Description
POST	`/client-logger`	Client-side error logging (capacitor.auth)
GET	`/visibility-options`	Channel visibility options
GET	`/item-pricing-options`	Item pricing type options
GET	`/language-options`	Language select options

API Endpoints Reference ​

Route Architecture ​

Public Endpoints (No Auth Required) ​

Constants ​

Health Check ​

Authentication Endpoints ​

BackOffice Authentication (Guest Routes) ​

BackOffice Authenticated User ​

Passkey Management (Authenticated) ​

Customer Authentication (Guest Routes) ​

Customer Authenticated ​

Device Authentication (Guest) ​

Device Authenticated ​

BackOffice CRUD Endpoints ​

Items ​

Categories ​

Menus ​

Modifier Groups ​

Variant Groups ​

Display Groups ​

Offers ​

Transactions ​

Customers (BackOffice) ​

Devices ​

Device Profiles ​

Content ​

Inventories ​

Tax Rates ​

Settings Endpoints ​

Locations ​

Team (Users & Roles) ​

Billing Profiles ​

Payment Profiles ​

Branding Profiles ​

Languages & Translations ​

Receipts & Activity Logs ​

Online Ordering Endpoints ​

Public (No Auth) ​

Restaurant Suggestions (Optional Auth) ​

Order Flow (Optional Customer Auth) ​

Customer Order History ​

Table QR Ordering (Optional Auth) ​

BackOffice Online Ordering Management ​

QR Ordering Management ​

Table Sections ​

Kiosk Endpoints ​

Kiosk Public (No Auth) ​

Kitchen Display System (KDS) ​

Integration Endpoints (BackOffice) ​

Deliveroo ​

Uber Eats ​

Square ​

Shopify ​

Kassanet (POS Integration) ​

Ordering Channels ​

Webhook Endpoints ​

OAuth Callbacks ​

Utility Endpoints ​

Photo Studio (Authenticated BackOffice) ​

Guided Setup ​

Description Generator ​

Loyalty (BackOffice) ​

Super Admin ​

Other ​