Authorization Rule: Every secured route MUST carry a JWT token in the header.
Headers: { Authorization: "Bearer eyJhbG..." }
POST/api/auth/login
Retrieves your JWT token session keys for standard authentication.
{ "email": "admin@pharmacy.com", "password": "secure123" }
GET/api/dashboard/stats
Fetches high-level aggregation metrics (Revenue, Pending Orders).
GET/api/inventory
Live pagination response of exactly what medicines are actively stocked.
PUT/api/orders/:id/status
Modify state of an order (e.g. mark 'delivered' or 'processing').
1. List Pharmacies
→
2. Load Inventory
→
3. Place Order
Notice: These APIs are explicitly public and don't require the Authorization header token. Perfect for mobile web apps.
GET/api/public/pharmacies
Get the completely public list of active registered pharmacies and their geolocation data.
POST/api/public/orders
Injects a patient order into the unified ERP from external patient apps.
{
"pharmacy_id": 1,
"patient_name": "Sarah",
"medicines": [{ "medicine_id": 4, "quantity": 2 }]
}
ENV
Standard Base URL Setup
All frontend API clients should utilize Axios config similar to this point.
const api = axios.create({
baseURL: 'http://localhost:5001/api',
timeout: 10000
});
api.interceptors.request.use(req => {
req.headers.Authorization = 'Bearer ' + localStorage.getItem('token');
return req;
});
RES
Standard Formatted Unified Response Block
We strictly throw JSON structures ensuring parsing never breaks.
{
"success": true,
"message": "Resource loaded.",
"data": { ... }
}