Base URL —
Scope — all queries filtered by authenticated user's
Auth —
Envelope —
/api/admin/ for all endpointsScope — all queries filtered by authenticated user's
business_idAuth —
Authorization: Bearer {sanctum_token} · user_type must be admin or staffEnvelope —
{ "success": true, "msg": "...", "data": [...], "pagination": {...} }Cross-links:ADM-001 System overviewADM-003 Setup orderADM-004 Project lifecycleADM-012 Permission matrixApp dashboard screen
๐
Dashboard
GET/api/admin/dashboardTested
Business-scoped KPI summary. Returns live counts of projects, proposals, open vouchers, and upcoming calendar events.
Permission required
dashboard.viewResponse 200/201
JSON
{
"success": true,
"msg": "Dashboard",
"data": {
"project_count": 12,
"active_project_count": 7,
"proposal_count": 18,
"open_voucher_count": 4,
"upcoming_event_count": 3,
"welcome_message": "Business admin dashboard"
}
}Errors
401 Unauthenticated403 Forbidden
๐
Projects
GET/api/admin/projectsTested
Paginated list of project. Scoped to authenticated business.
Permission required
projects.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Projects",
"data": {
"id": 4,
"business_id": 1,
"location_id": 1,
"client_user_id": 5,
"name": "Residential Block A รขยย Phase 2",
"description": "Foundation and framing works",
"status": "active",
"contract_value": 2500000.0,
"current_phase_key": "foundation",
"address": "Plot 12, DHA Phase 8, Karachi"
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/projectsTested
Create a new project record.
Permission required
projects.manageRequest body
JSON
{
"name": "Residential Block A รขยย Phase 2",
"description": "Foundation and framing works",
"location_id": 1,
"client_user_id": 5,
"status": "active",
"contract_value": 2500000,
"start_date": "2026-07-01",
"expected_end_date": "2026-12-31",
"current_phase_key": "foundation",
"address": "Plot 12, DHA Phase 8, Karachi"
}Response 200/201
JSON
{
"success": true,
"msg": "Projects",
"data": {
"id": 4,
"business_id": 1,
"location_id": 1,
"client_user_id": 5,
"name": "Residential Block A รขยย Phase 2",
"description": "Foundation and framing works",
"status": "active",
"contract_value": 2500000.0,
"current_phase_key": "foundation",
"address": "Plot 12, DHA Phase 8, Karachi"
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/projects/{id}Tested
Retrieve one project by ID.
Permission required
projects.viewResponse 200/201
JSON
{
"success": true,
"msg": "Projects",
"data": {
"id": 4,
"business_id": 1,
"location_id": 1,
"client_user_id": 5,
"name": "Residential Block A รขยย Phase 2",
"description": "Foundation and framing works",
"status": "active",
"contract_value": 2500000.0,
"current_phase_key": "foundation",
"address": "Plot 12, DHA Phase 8, Karachi"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/projects/{id}Tested
Update any fields on an existing project. All fields optional.
Permission required
projects.manageRequest body
JSON
{
"name": "Residential Block A รขยย Phase 2",
"description": "Foundation and framing works",
"location_id": 1,
"client_user_id": 5,
"status": "active",
"contract_value": 2500000,
"start_date": "2026-07-01",
"expected_end_date": "2026-12-31",
"current_phase_key": "foundation",
"address": "Plot 12, DHA Phase 8, Karachi"
}Response 200/201
JSON
{
"success": true,
"msg": "Projects",
"data": {
"id": 4,
"business_id": 1,
"location_id": 1,
"client_user_id": 5,
"name": "Residential Block A รขยย Phase 2",
"description": "Foundation and framing works",
"status": "active",
"contract_value": 2500000.0,
"current_phase_key": "foundation",
"address": "Plot 12, DHA Phase 8, Karachi"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/projects/{id}Tested
Permanently delete this project.
Permission required
projects.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
๐
Project Detail Sub-routes
All sub-routes require projects.view. Project must belong to admin's business.
GET/api/admin/projects/{id}/phasesTested
All phases for a project ordered by sort_order.
Permission required
projects.viewResponse 200/201
JSON
{
"success": true,
"msg": "Phases",
"data": [
{
"id": 1,
"project_id": 4,
"phase_key": "foundation",
"name": "Foundation Works",
"status": "in_progress",
"progress_percent": 65,
"sort_order": 1
}
],
"pagination": {"current_page":1,"per_page":20,"total":3,"last_page":1}
}Errors
401 Unauthenticated403 Forbidden404 Not found
GET/api/admin/projects/{id}/proposalsTested
All proposals linked to a project.
Permission required
projects.viewResponse 200/201
JSON
{
"success": true,
"msg": "Proposals",
"data": [
{
"id": 2,
"business_id": 1,
"project_id": 4,
"title": "Revised foundation proposal",
"status": "approved",
"quoted_amount": 2500000.0,
"current_round": 2
}
],
"pagination": {"current_page":1,"per_page":20,"total":2,"last_page":1}
}Errors
401 Unauthenticated403 Forbidden404 Not found
GET/api/admin/projects/{id}/vouchersTested
All vouchers for a project.
Permission required
projects.viewResponse 200/201
JSON
{
"success": true,
"msg": "Vouchers",
"data": [
{
"id": 7,
"business_id": 1,
"project_id": 4,
"subcontractor_id": 2,
"voucher_no": "VCH-2026-0007",
"voucher_type": "subcontractor",
"status": "submitted",
"amount": 185000.0,
"week_ending": "2026-06-21"
}
],
"pagination": {"current_page":1,"per_page":20,"total":4,"last_page":1}
}Errors
401 Unauthenticated403 Forbidden404 Not found
GET/api/admin/projects/{id}/ledgersTested
Ledger entries for a project, ordered by entry_date desc.
Permission required
projects.viewResponse 200/201
JSON
{
"success": true,
"msg": "Ledgers",
"data": [
{
"id": 3,
"business_id": 1,
"project_id": 4,
"party_type": "subcontractor",
"party_id": 2,
"entry_type": "payment",
"debit": 0.0,
"credit": 185000.0,
"reference": "VCH-2026-0007",
"description": "Payment for week ending 21 Jun 2026",
"entry_date": "2026-06-22"
}
],
"pagination": {"current_page":1,"per_page":20,"total":3,"last_page":1}
}Errors
401 Unauthenticated403 Forbidden404 Not found
GET/api/admin/projects/{id}/revisionsTested
Contract and drawing revisions for a project (not paginated, returns object with two arrays).
Permission required
projects.viewResponse 200/201
JSON
{
"success": true,
"msg": "Revisions",
"data": {
"contracts": [
{
"id": 1,
"type": "contract",
"revision_number": 2,
"status": "approved",
"contract_value": 2500000.0,
"file_path": "contracts/proj4-rev2.pdf"
}
],
"drawings": [
{
"id": 1,
"type": "drawing",
"drawing_code": "DWG-A-001",
"revision_number": 3,
"status": "issued",
"file_path": "drawings/DWG-A-001-rev3.pdf"
}
]
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
GET/api/admin/projects/{id}/materialsTested
Material stock entries for a project.
Permission required
projects.viewResponse 200/201
JSON
{
"success": true,
"msg": "Materials",
"data": [
{
"id": 1,
"project_id": 4,
"material_name": "OPC Cement 50kg",
"unit": "bags",
"quantity_on_hand": 240.0,
"quantity_reserved": 60.0
}
],
"pagination": {"current_page":1,"per_page":20,"total":5,"last_page":1}
}Errors
401 Unauthenticated403 Forbidden404 Not found
GET/api/admin/projects/{id}/logsTested
Daily progress logs for a project, newest first.
Permission required
projects.viewResponse 200/201
JSON
{
"success": true,
"msg": "Daily logs",
"data": [
{
"id": 1,
"business_id": 1,
"project_id": 4,
"subcontractor_id": 2,
"user_id": 3,
"log_date": "2026-06-22",
"work_summary": "Completed 3 column foundations; 8 workers on site",
"workers_count": 8,
"status": "submitted"
}
],
"pagination": {"current_page":1,"per_page":20,"total":18,"last_page":1}
}Errors
401 Unauthenticated403 Forbidden404 Not found
๐
Proposals
GET/api/admin/proposalsTested
Paginated list of proposal. Scoped to authenticated business.
Permission required
proposals.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Proposals",
"data": {
"id": 3,
"business_id": 1,
"project_id": 4,
"title": "Revised foundation proposal round 2",
"status": "draft",
"quoted_amount": 2500000.0,
"current_round": 2
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/proposalsTested
Create a new proposal record.
Permission required
proposals.manageRequest body
JSON
{
"project_id": 4,
"title": "Revised foundation proposal round 2",
"status": "draft",
"quoted_amount": 2500000,
"current_round": 2
}Response 200/201
JSON
{
"success": true,
"msg": "Proposals",
"data": {
"id": 3,
"business_id": 1,
"project_id": 4,
"title": "Revised foundation proposal round 2",
"status": "draft",
"quoted_amount": 2500000.0,
"current_round": 2
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/proposals/{id}Tested
Retrieve one proposal by ID.
Permission required
proposals.viewResponse 200/201
JSON
{
"success": true,
"msg": "Proposals",
"data": {
"id": 3,
"business_id": 1,
"project_id": 4,
"title": "Revised foundation proposal round 2",
"status": "draft",
"quoted_amount": 2500000.0,
"current_round": 2
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/proposals/{id}Tested
Update any fields on an existing proposal. All fields optional.
Permission required
proposals.manageRequest body
JSON
{
"project_id": 4,
"title": "Revised foundation proposal round 2",
"status": "draft",
"quoted_amount": 2500000,
"current_round": 2
}Response 200/201
JSON
{
"success": true,
"msg": "Proposals",
"data": {
"id": 3,
"business_id": 1,
"project_id": 4,
"title": "Revised foundation proposal round 2",
"status": "draft",
"quoted_amount": 2500000.0,
"current_round": 2
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/proposals/{id}Tested
Permanently delete this proposal.
Permission required
proposals.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
๐
Phases
GET/api/admin/phasesTested
Paginated list of phase. Scoped to authenticated business.
Permission required
phases.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Phases",
"data": {
"id": 5,
"project_id": 4,
"phase_key": "structural",
"name": "Structural Framing",
"status": "pending",
"progress_percent": 0,
"sort_order": 2
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/phasesTested
Create a new phase record.
Permission required
phases.manageRequest body
JSON
{
"project_id": 4,
"phase_key": "structural",
"name": "Structural Framing",
"status": "pending",
"progress_percent": 0,
"planned_start": "2026-08-01",
"planned_end": "2026-10-15",
"sort_order": 2
}Response 200/201
JSON
{
"success": true,
"msg": "Phases",
"data": {
"id": 5,
"project_id": 4,
"phase_key": "structural",
"name": "Structural Framing",
"status": "pending",
"progress_percent": 0,
"sort_order": 2
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/phases/{id}Tested
Retrieve one phase by ID.
Permission required
phases.viewResponse 200/201
JSON
{
"success": true,
"msg": "Phases",
"data": {
"id": 5,
"project_id": 4,
"phase_key": "structural",
"name": "Structural Framing",
"status": "pending",
"progress_percent": 0,
"sort_order": 2
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/phases/{id}Tested
Update any fields on an existing phase. All fields optional.
Permission required
phases.manageRequest body
JSON
{
"project_id": 4,
"phase_key": "structural",
"name": "Structural Framing",
"status": "pending",
"progress_percent": 0,
"planned_start": "2026-08-01",
"planned_end": "2026-10-15",
"sort_order": 2
}Response 200/201
JSON
{
"success": true,
"msg": "Phases",
"data": {
"id": 5,
"project_id": 4,
"phase_key": "structural",
"name": "Structural Framing",
"status": "pending",
"progress_percent": 0,
"sort_order": 2
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/phases/{id}Tested
Permanently delete this phase.
Permission required
phases.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
๐ฅ
People — Staff
GET/api/admin/staffTested
Paginated list of staff profile. Scoped to authenticated business.
Permission required
staff.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Staff",
"data": {
"id": 3,
"business_id": 1,
"user_id": 7,
"location_id": 1,
"job_title": "Site Engineer",
"department": "Engineering",
"status": "active"
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/staffTested
Create a new staff profile record.
Permission required
staff.manageRequest body
JSON
{
"user_id": 7,
"location_id": 1,
"job_title": "Site Engineer",
"department": "Engineering",
"status": "active"
}Response 200/201
JSON
{
"success": true,
"msg": "Staff",
"data": {
"id": 3,
"business_id": 1,
"user_id": 7,
"location_id": 1,
"job_title": "Site Engineer",
"department": "Engineering",
"status": "active"
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/staff/{id}Tested
Retrieve one staff profile by ID.
Permission required
staff.viewResponse 200/201
JSON
{
"success": true,
"msg": "Staff",
"data": {
"id": 3,
"business_id": 1,
"user_id": 7,
"location_id": 1,
"job_title": "Site Engineer",
"department": "Engineering",
"status": "active"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/staff/{id}Tested
Update any fields on an existing staff profile. All fields optional.
Permission required
staff.manageRequest body
JSON
{
"user_id": 7,
"location_id": 1,
"job_title": "Site Engineer",
"department": "Engineering",
"status": "active"
}Response 200/201
JSON
{
"success": true,
"msg": "Staff",
"data": {
"id": 3,
"business_id": 1,
"user_id": 7,
"location_id": 1,
"job_title": "Site Engineer",
"department": "Engineering",
"status": "active"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/staff/{id}Tested
Permanently delete this staff profile.
Permission required
staff.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
๐ง
People — Subcontractors
GET/api/admin/subcontractorsTested
Paginated list of subcontractor. Scoped to authenticated business.
Permission required
subcontractors.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Subcontractors",
"data": {
"id": 3,
"business_id": 1,
"user_id": null,
"company_name": "RapidSteel Contractors",
"trade_type": "steel_works",
"contact_email": "rapidsteel@contractors.test",
"contact_phone": "+92-321-0011223",
"status": "active"
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/subcontractorsTested
Create a new subcontractor record.
Permission required
subcontractors.manageRequest body
JSON
{
"user_id": null,
"company_name": "RapidSteel Contractors",
"trade_type": "steel_works",
"contact_email": "rapidsteel@contractors.test",
"contact_phone": "+92-321-0011223",
"status": "active"
}Response 200/201
JSON
{
"success": true,
"msg": "Subcontractors",
"data": {
"id": 3,
"business_id": 1,
"user_id": null,
"company_name": "RapidSteel Contractors",
"trade_type": "steel_works",
"contact_email": "rapidsteel@contractors.test",
"contact_phone": "+92-321-0011223",
"status": "active"
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/subcontractors/{id}Tested
Retrieve one subcontractor by ID.
Permission required
subcontractors.viewResponse 200/201
JSON
{
"success": true,
"msg": "Subcontractors",
"data": {
"id": 3,
"business_id": 1,
"user_id": null,
"company_name": "RapidSteel Contractors",
"trade_type": "steel_works",
"contact_email": "rapidsteel@contractors.test",
"contact_phone": "+92-321-0011223",
"status": "active"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/subcontractors/{id}Tested
Update any fields on an existing subcontractor. All fields optional.
Permission required
subcontractors.manageRequest body
JSON
{
"user_id": null,
"company_name": "RapidSteel Contractors",
"trade_type": "steel_works",
"contact_email": "rapidsteel@contractors.test",
"contact_phone": "+92-321-0011223",
"status": "active"
}Response 200/201
JSON
{
"success": true,
"msg": "Subcontractors",
"data": {
"id": 3,
"business_id": 1,
"user_id": null,
"company_name": "RapidSteel Contractors",
"trade_type": "steel_works",
"contact_email": "rapidsteel@contractors.test",
"contact_phone": "+92-321-0011223",
"status": "active"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/subcontractors/{id}Tested
Permanently delete this subcontractor.
Permission required
subcontractors.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
๐งพ
Financial — Vouchers
GET/api/admin/vouchersTested
Paginated list of voucher. Scoped to authenticated business.
Permission required
vouchers.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Vouchers",
"data": {
"id": 8,
"business_id": 1,
"project_id": 4,
"subcontractor_id": 3,
"voucher_no": "VCH-2026-0008",
"voucher_type": "subcontractor",
"status": "draft",
"amount": 220000.0,
"week_ending": "2026-06-28"
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/vouchersTested
Create a new voucher record.
Permission required
vouchers.manageRequest body
JSON
{
"project_id": 4,
"subcontractor_id": 3,
"voucher_no": "VCH-2026-0008",
"voucher_type": "subcontractor",
"status": "draft",
"amount": 220000,
"week_ending": "2026-06-28"
}Response 200/201
JSON
{
"success": true,
"msg": "Vouchers",
"data": {
"id": 8,
"business_id": 1,
"project_id": 4,
"subcontractor_id": 3,
"voucher_no": "VCH-2026-0008",
"voucher_type": "subcontractor",
"status": "draft",
"amount": 220000.0,
"week_ending": "2026-06-28"
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/vouchers/{id}Tested
Retrieve one voucher by ID.
Permission required
vouchers.viewResponse 200/201
JSON
{
"success": true,
"msg": "Vouchers",
"data": {
"id": 8,
"business_id": 1,
"project_id": 4,
"subcontractor_id": 3,
"voucher_no": "VCH-2026-0008",
"voucher_type": "subcontractor",
"status": "draft",
"amount": 220000.0,
"week_ending": "2026-06-28"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/vouchers/{id}Tested
Update any fields on an existing voucher. All fields optional.
Permission required
vouchers.manageRequest body
JSON
{
"project_id": 4,
"subcontractor_id": 3,
"voucher_no": "VCH-2026-0008",
"voucher_type": "subcontractor",
"status": "draft",
"amount": 220000,
"week_ending": "2026-06-28"
}Response 200/201
JSON
{
"success": true,
"msg": "Vouchers",
"data": {
"id": 8,
"business_id": 1,
"project_id": 4,
"subcontractor_id": 3,
"voucher_no": "VCH-2026-0008",
"voucher_type": "subcontractor",
"status": "draft",
"amount": 220000.0,
"week_ending": "2026-06-28"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/vouchers/{id}Tested
Permanently delete this voucher.
Permission required
vouchers.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
๐
Financial — Ledger Entries
GET/api/admin/ledgersTested
Paginated list of ledger entry. Scoped to authenticated business.
Permission required
ledgers.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Ledgers",
"data": {
"id": 4,
"business_id": 1,
"project_id": 4,
"party_type": "subcontractor",
"party_id": 3,
"entry_type": "payment",
"debit": 0.0,
"credit": 220000.0,
"reference": "VCH-2026-0008",
"description": "Payment against voucher",
"entry_date": "2026-06-28"
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/ledgersTested
Create a new ledger entry record.
Permission required
ledgers.manageRequest body
JSON
{
"project_id": 4,
"party_type": "subcontractor",
"party_id": 3,
"entry_type": "payment",
"debit": 0,
"credit": 220000,
"reference": "VCH-2026-0008",
"description": "Payment against voucher",
"entry_date": "2026-06-28"
}Response 200/201
JSON
{
"success": true,
"msg": "Ledgers",
"data": {
"id": 4,
"business_id": 1,
"project_id": 4,
"party_type": "subcontractor",
"party_id": 3,
"entry_type": "payment",
"debit": 0.0,
"credit": 220000.0,
"reference": "VCH-2026-0008",
"description": "Payment against voucher",
"entry_date": "2026-06-28"
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/ledgers/{id}Tested
Retrieve one ledger entry by ID.
Permission required
ledgers.viewResponse 200/201
JSON
{
"success": true,
"msg": "Ledgers",
"data": {
"id": 4,
"business_id": 1,
"project_id": 4,
"party_type": "subcontractor",
"party_id": 3,
"entry_type": "payment",
"debit": 0.0,
"credit": 220000.0,
"reference": "VCH-2026-0008",
"description": "Payment against voucher",
"entry_date": "2026-06-28"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/ledgers/{id}Tested
Update any fields on an existing ledger entry. All fields optional.
Permission required
ledgers.manageRequest body
JSON
{
"project_id": 4,
"party_type": "subcontractor",
"party_id": 3,
"entry_type": "payment",
"debit": 0,
"credit": 220000,
"reference": "VCH-2026-0008",
"description": "Payment against voucher",
"entry_date": "2026-06-28"
}Response 200/201
JSON
{
"success": true,
"msg": "Ledgers",
"data": {
"id": 4,
"business_id": 1,
"project_id": 4,
"party_type": "subcontractor",
"party_id": 3,
"entry_type": "payment",
"debit": 0.0,
"credit": 220000.0,
"reference": "VCH-2026-0008",
"description": "Payment against voucher",
"entry_date": "2026-06-28"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/ledgers/{id}Tested
Permanently delete this ledger entry.
Permission required
ledgers.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
๐
Financial — Variation Orders
GET/api/admin/variation-ordersTested
Paginated list of variation order. Scoped to authenticated business.
Permission required
variation_orders.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Variation orders",
"data": {
"id": 1,
"business_id": 1,
"project_id": 4,
"vo_number": "VO-2026-0001",
"title": "Additional reinforcement for column footings",
"description": "Structural engineer requirement after soil report",
"amount": 75000.0,
"status": "pending"
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/variation-ordersTested
Create a new variation order record.
Permission required
variation_orders.manageRequest body
JSON
{
"project_id": 4,
"vo_number": "VO-2026-0001",
"title": "Additional reinforcement for column footings",
"description": "Structural engineer requirement after soil report",
"amount": 75000,
"status": "pending"
}Response 200/201
JSON
{
"success": true,
"msg": "Variation orders",
"data": {
"id": 1,
"business_id": 1,
"project_id": 4,
"vo_number": "VO-2026-0001",
"title": "Additional reinforcement for column footings",
"description": "Structural engineer requirement after soil report",
"amount": 75000.0,
"status": "pending"
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/variation-orders/{id}Tested
Retrieve one variation order by ID.
Permission required
variation_orders.viewResponse 200/201
JSON
{
"success": true,
"msg": "Variation orders",
"data": {
"id": 1,
"business_id": 1,
"project_id": 4,
"vo_number": "VO-2026-0001",
"title": "Additional reinforcement for column footings",
"description": "Structural engineer requirement after soil report",
"amount": 75000.0,
"status": "pending"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/variation-orders/{id}Tested
Update any fields on an existing variation order. All fields optional.
Permission required
variation_orders.manageRequest body
JSON
{
"project_id": 4,
"vo_number": "VO-2026-0001",
"title": "Additional reinforcement for column footings",
"description": "Structural engineer requirement after soil report",
"amount": 75000,
"status": "pending"
}Response 200/201
JSON
{
"success": true,
"msg": "Variation orders",
"data": {
"id": 1,
"business_id": 1,
"project_id": 4,
"vo_number": "VO-2026-0001",
"title": "Additional reinforcement for column footings",
"description": "Structural engineer requirement after soil report",
"amount": 75000.0,
"status": "pending"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/variation-orders/{id}Tested
Permanently delete this variation order.
Permission required
variation_orders.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
๐
Financial — Daywork Orders
GET/api/admin/daywork-ordersTested
Paginated list of daywork order. Scoped to authenticated business.
Permission required
daywork_orders.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Daywork orders",
"data": {
"id": 1,
"business_id": 1,
"project_id": 4,
"dwo_number": "DWO-2026-0001",
"title": "Emergency waterproofing works",
"description": "Urgent waterproofing after rain damage",
"amount": 32000.0,
"status": "draft",
"work_date": "2026-06-22"
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/daywork-ordersTested
Create a new daywork order record.
Permission required
daywork_orders.manageRequest body
JSON
{
"project_id": 4,
"dwo_number": "DWO-2026-0001",
"title": "Emergency waterproofing works",
"description": "Urgent waterproofing after rain damage",
"amount": 32000,
"status": "draft",
"work_date": "2026-06-22"
}Response 200/201
JSON
{
"success": true,
"msg": "Daywork orders",
"data": {
"id": 1,
"business_id": 1,
"project_id": 4,
"dwo_number": "DWO-2026-0001",
"title": "Emergency waterproofing works",
"description": "Urgent waterproofing after rain damage",
"amount": 32000.0,
"status": "draft",
"work_date": "2026-06-22"
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/daywork-orders/{id}Tested
Retrieve one daywork order by ID.
Permission required
daywork_orders.viewResponse 200/201
JSON
{
"success": true,
"msg": "Daywork orders",
"data": {
"id": 1,
"business_id": 1,
"project_id": 4,
"dwo_number": "DWO-2026-0001",
"title": "Emergency waterproofing works",
"description": "Urgent waterproofing after rain damage",
"amount": 32000.0,
"status": "draft",
"work_date": "2026-06-22"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/daywork-orders/{id}Tested
Update any fields on an existing daywork order. All fields optional.
Permission required
daywork_orders.manageRequest body
JSON
{
"project_id": 4,
"dwo_number": "DWO-2026-0001",
"title": "Emergency waterproofing works",
"description": "Urgent waterproofing after rain damage",
"amount": 32000,
"status": "draft",
"work_date": "2026-06-22"
}Response 200/201
JSON
{
"success": true,
"msg": "Daywork orders",
"data": {
"id": 1,
"business_id": 1,
"project_id": 4,
"dwo_number": "DWO-2026-0001",
"title": "Emergency waterproofing works",
"description": "Urgent waterproofing after rain damage",
"amount": 32000.0,
"status": "draft",
"work_date": "2026-06-22"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/daywork-orders/{id}Tested
Permanently delete this daywork order.
Permission required
daywork_orders.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
๐
Calendar Events
GET/api/admin/calendarTested
Paginated list of calendar event. Scoped to authenticated business.
Permission required
calendar.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Calendar",
"data": {
"id": 5,
"business_id": 1,
"project_id": 4,
"assigned_user_id": 7,
"title": "Foundation inspection",
"description": "Structural engineer site visit for foundation sign-off",
"starts_at": "2026-07-05T09:00:00+05:00",
"ends_at": "2026-07-05T12:00:00+05:00",
"event_type": "inspection"
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/calendarTested
Create a new calendar event record.
Permission required
calendar.manageRequest body
JSON
{
"project_id": 4,
"assigned_user_id": 7,
"title": "Foundation inspection",
"description": "Structural engineer site visit for foundation sign-off",
"starts_at": "2026-07-05T09:00:00+05:00",
"ends_at": "2026-07-05T12:00:00+05:00",
"event_type": "inspection"
}Response 200/201
JSON
{
"success": true,
"msg": "Calendar",
"data": {
"id": 5,
"business_id": 1,
"project_id": 4,
"assigned_user_id": 7,
"title": "Foundation inspection",
"description": "Structural engineer site visit for foundation sign-off",
"starts_at": "2026-07-05T09:00:00+05:00",
"ends_at": "2026-07-05T12:00:00+05:00",
"event_type": "inspection"
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/calendar/{id}Tested
Retrieve one calendar event by ID.
Permission required
calendar.viewResponse 200/201
JSON
{
"success": true,
"msg": "Calendar",
"data": {
"id": 5,
"business_id": 1,
"project_id": 4,
"assigned_user_id": 7,
"title": "Foundation inspection",
"description": "Structural engineer site visit for foundation sign-off",
"starts_at": "2026-07-05T09:00:00+05:00",
"ends_at": "2026-07-05T12:00:00+05:00",
"event_type": "inspection"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/calendar/{id}Tested
Update any fields on an existing calendar event. All fields optional.
Permission required
calendar.manageRequest body
JSON
{
"project_id": 4,
"assigned_user_id": 7,
"title": "Foundation inspection",
"description": "Structural engineer site visit for foundation sign-off",
"starts_at": "2026-07-05T09:00:00+05:00",
"ends_at": "2026-07-05T12:00:00+05:00",
"event_type": "inspection"
}Response 200/201
JSON
{
"success": true,
"msg": "Calendar",
"data": {
"id": 5,
"business_id": 1,
"project_id": 4,
"assigned_user_id": 7,
"title": "Foundation inspection",
"description": "Structural engineer site visit for foundation sign-off",
"starts_at": "2026-07-05T09:00:00+05:00",
"ends_at": "2026-07-05T12:00:00+05:00",
"event_type": "inspection"
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/calendar/{id}Tested
Permanently delete this calendar event.
Permission required
calendar.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
โ
Setup & Reference Data
Configure these during business onboarding before creating projects. Each follows the standard 5-endpoint CRUD pattern scoped to the business.
GET/api/admin/locationsTested
Paginated list of location. Scoped to authenticated business.
Permission required
locations.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Locations",
"data": {
"id": 2,
"business_id": 1,
"name": "Karachi Office",
"address": "Plot 14, SITE Area, Karachi",
"contact_person": "Usman Ali",
"contact_phone": "+92-300-4455667",
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/locationsTested
Create a new location record.
Permission required
locations.manageRequest body
JSON
{
"name": "Karachi Office",
"address": "Plot 14, SITE Area, Karachi",
"contact_person": "Usman Ali",
"contact_phone": "+92-300-4455667",
"is_active": true
}Response 200/201
JSON
{
"success": true,
"msg": "Locations",
"data": {
"id": 2,
"business_id": 1,
"name": "Karachi Office",
"address": "Plot 14, SITE Area, Karachi",
"contact_person": "Usman Ali",
"contact_phone": "+92-300-4455667",
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/locations/{id}Tested
Retrieve one location by ID.
Permission required
locations.viewResponse 200/201
JSON
{
"success": true,
"msg": "Locations",
"data": {
"id": 2,
"business_id": 1,
"name": "Karachi Office",
"address": "Plot 14, SITE Area, Karachi",
"contact_person": "Usman Ali",
"contact_phone": "+92-300-4455667",
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/locations/{id}Tested
Update any fields on an existing location. All fields optional.
Permission required
locations.manageRequest body
JSON
{
"name": "Karachi Office",
"address": "Plot 14, SITE Area, Karachi",
"contact_person": "Usman Ali",
"contact_phone": "+92-300-4455667",
"is_active": true
}Response 200/201
JSON
{
"success": true,
"msg": "Locations",
"data": {
"id": 2,
"business_id": 1,
"name": "Karachi Office",
"address": "Plot 14, SITE Area, Karachi",
"contact_person": "Usman Ali",
"contact_phone": "+92-300-4455667",
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/locations/{id}Tested
Permanently delete this location.
Permission required
locations.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
GET/api/admin/phase-libraryTested
Paginated list of phase library item. Scoped to authenticated business.
Permission required
phase_library.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Phase library",
"data": {
"id": 5,
"business_id": 1,
"phase_key": "electrical",
"name": "Electrical Works",
"description": "Full electrical wiring, panel installation, fixtures",
"default_duration_days": 45,
"sort_order": 5,
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/phase-libraryTested
Create a new phase library item record.
Permission required
phase_library.manageRequest body
JSON
{
"phase_key": "electrical",
"name": "Electrical Works",
"description": "Full electrical wiring, panel installation, fixtures",
"default_duration_days": 45,
"sort_order": 5,
"is_active": true
}Response 200/201
JSON
{
"success": true,
"msg": "Phase library",
"data": {
"id": 5,
"business_id": 1,
"phase_key": "electrical",
"name": "Electrical Works",
"description": "Full electrical wiring, panel installation, fixtures",
"default_duration_days": 45,
"sort_order": 5,
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/phase-library/{id}Tested
Retrieve one phase library item by ID.
Permission required
phase_library.viewResponse 200/201
JSON
{
"success": true,
"msg": "Phase library",
"data": {
"id": 5,
"business_id": 1,
"phase_key": "electrical",
"name": "Electrical Works",
"description": "Full electrical wiring, panel installation, fixtures",
"default_duration_days": 45,
"sort_order": 5,
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/phase-library/{id}Tested
Update any fields on an existing phase library item. All fields optional.
Permission required
phase_library.manageRequest body
JSON
{
"phase_key": "electrical",
"name": "Electrical Works",
"description": "Full electrical wiring, panel installation, fixtures",
"default_duration_days": 45,
"sort_order": 5,
"is_active": true
}Response 200/201
JSON
{
"success": true,
"msg": "Phase library",
"data": {
"id": 5,
"business_id": 1,
"phase_key": "electrical",
"name": "Electrical Works",
"description": "Full electrical wiring, panel installation, fixtures",
"default_duration_days": 45,
"sort_order": 5,
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/phase-library/{id}Tested
Permanently delete this phase library item.
Permission required
phase_library.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
GET/api/admin/document-typesTested
Paginated list of document type. Scoped to authenticated business.
Permission required
document_types.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Document types",
"data": {
"id": 3,
"business_id": 1,
"name": "Completion Certificate",
"category": "certification",
"requires_approval": true,
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/document-typesTested
Create a new document type record.
Permission required
document_types.manageRequest body
JSON
{
"name": "Completion Certificate",
"category": "certification",
"requires_approval": true,
"is_active": true
}Response 200/201
JSON
{
"success": true,
"msg": "Document types",
"data": {
"id": 3,
"business_id": 1,
"name": "Completion Certificate",
"category": "certification",
"requires_approval": true,
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/document-types/{id}Tested
Retrieve one document type by ID.
Permission required
document_types.viewResponse 200/201
JSON
{
"success": true,
"msg": "Document types",
"data": {
"id": 3,
"business_id": 1,
"name": "Completion Certificate",
"category": "certification",
"requires_approval": true,
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/document-types/{id}Tested
Update any fields on an existing document type. All fields optional.
Permission required
document_types.manageRequest body
JSON
{
"name": "Completion Certificate",
"category": "certification",
"requires_approval": true,
"is_active": true
}Response 200/201
JSON
{
"success": true,
"msg": "Document types",
"data": {
"id": 3,
"business_id": 1,
"name": "Completion Certificate",
"category": "certification",
"requires_approval": true,
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/document-types/{id}Tested
Permanently delete this document type.
Permission required
document_types.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
GET/api/admin/trade-typesTested
Paginated list of trade type. Scoped to authenticated business.
Permission required
trade_types.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Trade types",
"data": {
"id": 4,
"business_id": 1,
"name": "Structural Steel Works",
"code": "SSW",
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/trade-typesTested
Create a new trade type record.
Permission required
trade_types.manageRequest body
JSON
{
"name": "Structural Steel Works",
"code": "SSW",
"is_active": true
}Response 200/201
JSON
{
"success": true,
"msg": "Trade types",
"data": {
"id": 4,
"business_id": 1,
"name": "Structural Steel Works",
"code": "SSW",
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/trade-types/{id}Tested
Retrieve one trade type by ID.
Permission required
trade_types.viewResponse 200/201
JSON
{
"success": true,
"msg": "Trade types",
"data": {
"id": 4,
"business_id": 1,
"name": "Structural Steel Works",
"code": "SSW",
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/trade-types/{id}Tested
Update any fields on an existing trade type. All fields optional.
Permission required
trade_types.manageRequest body
JSON
{
"name": "Structural Steel Works",
"code": "SSW",
"is_active": true
}Response 200/201
JSON
{
"success": true,
"msg": "Trade types",
"data": {
"id": 4,
"business_id": 1,
"name": "Structural Steel Works",
"code": "SSW",
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/trade-types/{id}Tested
Permanently delete this trade type.
Permission required
trade_types.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
GET/api/admin/subcontractor-categoriesTested
Paginated list of subcontractor category. Scoped to authenticated business.
Permission required
subcontractor_categories.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Subcontractor categories",
"data": {
"id": 2,
"business_id": 1,
"name": "Civil Works",
"code": "CIV",
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/subcontractor-categoriesTested
Create a new subcontractor category record.
Permission required
subcontractor_categories.manageRequest body
JSON
{
"name": "Civil Works",
"code": "CIV",
"is_active": true
}Response 200/201
JSON
{
"success": true,
"msg": "Subcontractor categories",
"data": {
"id": 2,
"business_id": 1,
"name": "Civil Works",
"code": "CIV",
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/subcontractor-categories/{id}Tested
Retrieve one subcontractor category by ID.
Permission required
subcontractor_categories.viewResponse 200/201
JSON
{
"success": true,
"msg": "Subcontractor categories",
"data": {
"id": 2,
"business_id": 1,
"name": "Civil Works",
"code": "CIV",
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/subcontractor-categories/{id}Tested
Update any fields on an existing subcontractor category. All fields optional.
Permission required
subcontractor_categories.manageRequest body
JSON
{
"name": "Civil Works",
"code": "CIV",
"is_active": true
}Response 200/201
JSON
{
"success": true,
"msg": "Subcontractor categories",
"data": {
"id": 2,
"business_id": 1,
"name": "Civil Works",
"code": "CIV",
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/subcontractor-categories/{id}Tested
Permanently delete this subcontractor category.
Permission required
subcontractor_categories.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
GET/api/admin/project-templatesTested
Paginated list of project template. Scoped to authenticated business.
Permission required
project_templates.viewParameters
| Param | Description |
|---|---|
| search | Text search |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Project templates",
"data": {
"id": 2,
"business_id": 1,
"name": "Residential Construction Standard",
"description": "Standard phases for a residential build",
"phase_keys": ["foundation","structural","roofing","plumbing","electrical","finishing"],
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/project-templatesTested
Create a new project template record.
Permission required
project_templates.manageRequest body
JSON
{
"name": "Residential Construction Standard",
"description": "Standard phases for a residential build",
"phase_keys": ["foundation","structural","roofing","plumbing","electrical","finishing"],
"is_active": true
}Response 200/201
JSON
{
"success": true,
"msg": "Project templates",
"data": {
"id": 2,
"business_id": 1,
"name": "Residential Construction Standard",
"description": "Standard phases for a residential build",
"phase_keys": ["foundation","structural","roofing","plumbing","electrical","finishing"],
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
GET/api/admin/project-templates/{id}Tested
Retrieve one project template by ID.
Permission required
project_templates.viewResponse 200/201
JSON
{
"success": true,
"msg": "Project templates",
"data": {
"id": 2,
"business_id": 1,
"name": "Residential Construction Standard",
"description": "Standard phases for a residential build",
"phase_keys": ["foundation","structural","roofing","plumbing","electrical","finishing"],
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden404 Not found
PUT/api/admin/project-templates/{id}Tested
Update any fields on an existing project template. All fields optional.
Permission required
project_templates.manageRequest body
JSON
{
"name": "Residential Construction Standard",
"description": "Standard phases for a residential build",
"phase_keys": ["foundation","structural","roofing","plumbing","electrical","finishing"],
"is_active": true
}Response 200/201
JSON
{
"success": true,
"msg": "Project templates",
"data": {
"id": 2,
"business_id": 1,
"name": "Residential Construction Standard",
"description": "Standard phases for a residential build",
"phase_keys": ["foundation","structural","roofing","plumbing","electrical","finishing"],
"is_active": true
}
}Errors
401 Unauthenticated403 Forbidden404 Not found422 Validation failed
DELETE/api/admin/project-templates/{id}Tested
Permanently delete this project template.
Permission required
project_templates.manageResponse 200/201
JSON
{
"success": true,
"msg": "Deleted",
"data": null
}Errors
401 Unauthenticated403 Forbidden404 Not found
โ
Settings — Signature
GET/api/admin/signature-settingsTested
Get the business-level signature settings used on vouchers, certificates, and documents.
Permission required
settings.viewResponse 200/201
JSON
{
"success": true,
"msg": "Signature settings",
"data": {
"id": 1,
"business_id": 1,
"user_id": 0,
"signature_image_path": "signatures/business-1-default.png",
"signer_name": "Eng. Arif Khan",
"signer_title": "Director - Pak Engineering Service"
}
}Errors
401 Unauthenticated403 Forbidden
PUT/api/admin/signature-settingsTested
Update/upsert the business signature. Creates the record if it does not yet exist.
Permission required
settings.manageRequest body
JSON
{
"signature_image_path": "signatures/business-1-default.png",
"signer_name": "Eng. Arif Khan",
"signer_title": "Director - Pak Engineering Service"
}Response 200/201
JSON
{
"success": true,
"msg": "Signature settings",
"data": {
"id": 1,
"business_id": 1,
"user_id": 0,
"signature_image_path": "signatures/business-1-default.png",
"signer_name": "Eng. Arif Khan",
"signer_title": "Director - Pak Engineering Service"
}
}Errors
401 Unauthenticated403 Forbidden422 Validation failed
๐
Notifications
GET/api/admin/notificationsImplemented
In-app notifications for the authenticated user. Supports is_read filter.
Permission required
admin or staff roleParameters
| Param | Description |
|---|---|
| is_read | 0 = unread only, 1 = read only |
| per_page | Default 20 |
Response 200/201
JSON
{
"success": true,
"msg": "Notifications",
"data": {
"data": [
{
"id": 12,
"user_id": 2,
"title": "New project assigned",
"body": "You have been assigned to Residential Block A",
"type": "project_assigned",
"is_read": false,
"created_at": "2026-06-22T14:00:00+05:00"
}
],
"meta": {
"current_page": 1,
"per_page": 20,
"total": 3,
"last_page": 1
}
}
}Errors
401 Unauthenticated403 Forbidden
GET/api/admin/notifications/unread-countImplemented
Fast unread count for topbar badge.
Permission required
admin or staff roleResponse 200/201
JSON
{
"success": true,
"msg": "Unread count",
"data": {
"count": 3
}
}Errors
401 Unauthenticated403 Forbidden
๐ก
Roles & Permissions
GET/api/admin/rolesImplemented
List all roles with their assigned permissions.
Permission required
manage_rolesResponse 200/201
JSON
{
"success": true,
"msg": "Roles",
"data": [
{
"id": 1,
"slug": "admin",
"name": "Business Admin",
"is_system": true,
"permissions": [
{"id": 1, "slug": "projects.view", "name": "View Projects"},
{"id": 2, "slug": "projects.manage", "name": "Manage Projects"},
{"id": 3, "slug": "dashboard.view", "name": "View Dashboard"}
]
},
{
"id": 3,
"slug": "site-supervisor",
"name": "Site Supervisor",
"is_system": false,
"permissions": [
{"id": 1, "slug": "projects.view", "name": "View Projects"},
{"id": 5, "slug": "phases.view", "name": "View Phases"}
]
}
]
}Errors
401 Unauthenticated403 Forbidden
POST/api/admin/rolesImplemented
Create a custom role with specified permission IDs.
Permission required
manage_rolesRequest body
JSON
{
"name": "Site Supervisor",
"permission_ids": [1, 5, 9, 13]
}Response 200/201
JSON
{
"success": true,
"msg": "Roles",
"data": [
{
"id": 1,
"slug": "admin",
"name": "Business Admin",
"is_system": true,
"permissions": [
{"id": 1, "slug": "projects.view", "name": "View Projects"},
{"id": 2, "slug": "projects.manage", "name": "Manage Projects"},
{"id": 3, "slug": "dashboard.view", "name": "View Dashboard"}
]
},
{
"id": 3,
"slug": "site-supervisor",
"name": "Site Supervisor",
"is_system": false,
"permissions": [
{"id": 1, "slug": "projects.view", "name": "View Projects"},
{"id": 5, "slug": "phases.view", "name": "View Phases"}
]
}
]
}Errors
401 Unauthenticated403 Forbidden422 Validation failed