OpenAPI JSONMarkdown Docs

OpenAPI Explorer

Auto-generated OpenAPI definition for all enabled modules.

Default server: https://app.nwf24.pl/api

Authentication & Accounts

Showing 20 of 34 endpoints
GET/auth/admin/nav
Auth required

Resolve backend chrome bootstrap payload

Returns the backend chrome payload available to the authenticated administrator after applying scope, RBAC, role defaults, and personal sidebar preferences.

Responses

200Backend chrome payload
Content-Type: application/json
{
  "brand": null,
  "groups": [
    {
      "name": "string",
      "items": [
        {
          "href": "string",
          "title": "string"
        }
      ]
    }
  ],
  "settingsSections": [
    {
      "id": "string",
      "label": "string",
      "items": [
        {
          "id": "string",
          "label": "string",
          "href": "string"
        }
      ]
    }
  ],
  "settingsPathPrefixes": [
    "string"
  ],
  "profileSections": [
    {
      "id": "string",
      "label": "string",
      "items": [
        {
          "id": "string",
          "label": "string",
          "href": "string"
        }
      ]
    }
  ],
  "profilePathPrefixes": [
    "string"
  ],
  "grantedFeatures": [
    "string"
  ],
  "roles": [
    "string"
  ]
}

Example

curl -X GET "https://app.nwf24.pl/api/auth/admin/nav" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/auth/feature-check
Auth required

Check feature grants for the current user

Evaluates which of the requested features are available to the signed-in user within the active tenant / organization context.

Request body (application/json)

{
  "features": [
    "string"
  ]
}

Responses

200Evaluation result
Content-Type: application/json
{
  "ok": true,
  "granted": [
    "string"
  ],
  "userId": "string"
}
400Invalid request — features array missing, too large, or contains invalid entries
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/auth/feature-check" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"features\": [
    \"string\"
  ]
}"
GET/auth/features
Auth requiredauth.acl.manage

List declared feature flags

Returns all static features contributed by the enabled modules along with their module source. Requires features: auth.acl.manage

Responses

200Aggregated feature catalog
Content-Type: application/json
{
  "items": [
    {
      "id": "string",
      "title": "string",
      "module": "string"
    }
  ],
  "modules": [
    {
      "id": "string",
      "title": "string"
    }
  ]
}

Example

curl -X GET "https://app.nwf24.pl/api/auth/features" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/auth/locale

Set locale and redirect

Stores the selected locale in a cookie and redirects to a safe local path.

Parameters

NameInRequiredSchemaDescription
localequeryYesany
redirectqueryNoany

Responses

200Success response
Content-Type: application/json
"string"
302Locale cookie set and request redirected
Content-Type: application/json
"string"
400Invalid locale
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/auth/locale?locale=en" \
  -H "Accept: application/json"
POST/auth/locale

Set locale

Stores the selected locale in a cookie and returns a JSON success response.

Request body (application/json)

{
  "locale": "en"
}

Responses

200Locale cookie set
Content-Type: application/json
{
  "ok": true
}
400Invalid locale or malformed request body
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/auth/locale" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"locale\": \"en\"
}"
POST/auth/login

Authenticate user credentials

Validates the submitted credentials and issues a bearer token cookie for subsequent API calls.

Request body (application/x-www-form-urlencoded)

email=user%40example.com&password=string

Responses

200Authentication succeeded
Content-Type: application/json
{
  "ok": true,
  "token": "string",
  "redirect": null
}
400Validation failed
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Invalid credentials
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403User lacks required role
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
429Too many login attempts
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/auth/login" \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "email=user%40example.com&password=string"
POST/auth/logout
Auth required

Invalidate session and redirect

Clears authentication cookies and redirects the browser to the login page.

Responses

201Success response
Content-Type: application/json
"string"
302Redirect to login after successful logout
Content-Type: text/html
string

Example

curl -X POST "https://app.nwf24.pl/api/auth/logout" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/auth/profile
Auth required

Get current profile

Returns the email address for the signed-in user.

Responses

200Profile payload
Content-Type: application/json
{
  "email": "user@example.com",
  "roles": [
    "string"
  ]
}
404User not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/auth/profile" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PUT/auth/profile
Auth required

Update current profile

Updates the email address or password for the signed-in user.

Request body (application/json)

{}

Responses

200Profile updated
Content-Type: application/json
{
  "ok": true,
  "email": "user@example.com"
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/auth/profile" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{}"
POST/auth/reset

Send reset email

Requests a password reset email for the given account. The endpoint always returns `ok: true` to avoid leaking account existence.

Request body (application/x-www-form-urlencoded)

email=user%40example.com

Responses

200Reset email dispatched (or ignored for unknown accounts)
Content-Type: application/json
{
  "ok": true
}
400Invalid request origin
Content-Type: application/json
{
  "error": "string"
}
429Too many password reset requests
Content-Type: application/json
{
  "error": "string"
}
500Password reset email origin is not configured
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/auth/reset" \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "email=user%40example.com"
POST/auth/reset/confirm

Complete password reset

Validates the reset token and updates the user password.

Request body (application/x-www-form-urlencoded)

token=string&password=string

Responses

200Password reset succeeded
Content-Type: application/json
{
  "ok": true,
  "redirect": "string"
}
400Invalid token or payload
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
429Too many reset confirmation attempts
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/auth/reset/confirm" \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "token=string&password=string"
GET/auth/roles
Auth requiredauth.roles.list

List roles

Returns available roles within the current tenant. Super administrators receive visibility across tenants. Requires features: auth.roles.list

Parameters

NameInRequiredSchemaDescription
idqueryNoany
pagequeryNoany
pageSizequeryNoany
searchqueryNoany
tenantIdqueryNoany

Responses

200Role collection
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": "string",
      "usersCount": 1,
      "tenantId": null,
      "tenantName": null,
      "updatedAt": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://app.nwf24.pl/api/auth/roles?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/auth/roles
Auth requiredauth.roles.manage

Create role

Creates a new role anchored to the caller's tenant. Non-superadmins cannot target another tenant; supplying a foreign `tenantId` is rejected. Requires features: auth.roles.manage

Request body (application/json)

{
  "name": "string"
}

Responses

201Role created
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000"
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/auth/roles" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"name\": \"string\"
}"
PUT/auth/roles
Auth requiredauth.roles.manage

Update role

Updates mutable fields on an existing role. Requires features: auth.roles.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Role updated
Content-Type: application/json
{
  "ok": true
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}
404Role not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/auth/roles" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"
DELETE/auth/roles
Auth requiredauth.roles.manage

Delete role

Deletes a role by identifier. Fails when users remain assigned. Requires features: auth.roles.manage

Parameters

NameInRequiredSchemaDescription
idqueryYesanyRole identifier

Responses

200Role deleted
Content-Type: application/json
{
  "ok": true
}
400Role cannot be deleted
Content-Type: application/json
{
  "error": "string"
}
404Role not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/auth/roles?id=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/auth/roles/acl
Auth requiredauth.acl.manage

Fetch role ACL

Returns the feature and organization assignments associated with a role within the current tenant. Requires features: auth.acl.manage

Parameters

NameInRequiredSchemaDescription
roleIdqueryYesany
tenantIdqueryNoany

Responses

200Role ACL entry
Content-Type: application/json
{
  "isSuperAdmin": true,
  "features": [
    "string"
  ],
  "organizations": null,
  "updatedAt": null
}
400Invalid role id
Content-Type: application/json
{
  "error": "string"
}
404Role not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/auth/roles/acl?roleId=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PUT/auth/roles/acl
Auth requiredauth.acl.manage

Update role ACL

Replaces the feature list, super admin flag, and optional organization assignments for a role. Requires features: auth.acl.manage

Request body (application/json)

{
  "roleId": "00000000-0000-4000-8000-000000000000",
  "organizations": null
}

Responses

200Role ACL updated
Content-Type: application/json
{
  "ok": true,
  "sanitized": true
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}
404Role not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/auth/roles/acl" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"roleId\": \"00000000-0000-4000-8000-000000000000\",
  \"organizations\": null
}"
GET/auth/session/refresh

Refresh auth cookie from session token (browser)

Exchanges an existing `session_token` cookie for a fresh JWT auth cookie and redirects the browser.

Parameters

NameInRequiredSchemaDescription
redirectqueryNoanyAbsolute or relative URL to redirect after refresh

Responses

200Success response
Content-Type: application/json
"string"
302Redirect to target location when session is valid
Content-Type: text/html
string

Example

curl -X GET "https://app.nwf24.pl/api/auth/session/refresh" \
  -H "Accept: application/json"
POST/auth/session/refresh

Refresh access token (API/mobile)

Exchanges a refresh token for a new JWT access token. Pass the refresh token obtained from login in the request body.

Request body (application/json)

{
  "refreshToken": "string"
}

Responses

200New access token issued
Content-Type: application/json
{
  "ok": true,
  "accessToken": "string",
  "expiresIn": 1
}
400Missing refresh token
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Invalid or expired token
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
429Too many refresh attempts
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/auth/session/refresh" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"refreshToken\": \"string\"
}"
GET/auth/sidebar/preferences
Auth required

Get sidebar preferences

Returns sidebar customization for the current user (default) or the specified role (`?roleId=…`, requires `auth.sidebar.manage`).

Responses

200Current sidebar configuration
Content-Type: application/json
{
  "locale": "string",
  "settings": {
    "version": 1,
    "groupOrder": [
      "string"
    ],
    "groupLabels": {
      "key": "string"
    },
    "itemLabels": {
      "key": "string"
    },
    "hiddenItems": [
      "string"
    ],
    "itemOrder": {
      "key": [
        "string"
      ]
    }
  },
  "canApplyToRoles": true,
  "roles": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": "string",
      "hasPreference": true
    }
  ],
  "scope": {
    "type": "user"
  },
  "updatedAt": null
}
403Missing features for role-scope read
Content-Type: application/json
{
  "error": "string"
}
404Role not found in current tenant scope
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/auth/sidebar/preferences" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Directory (Tenants & Organizations)

Showing 2 of 2 endpoints
GET/directory/organizations/lookup

Public organization lookup by slug

Responses

200Success response
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/directory/organizations/lookup" \
  -H "Accept: application/json"
GET/directory/tenants/lookup

Public tenant lookup

Responses

200Success response
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/directory/tenants/lookup" \
  -H "Accept: application/json"

API Documentation

Showing 1 of 1 endpoints
GET/version

Deployed Open Mercato version

Responses

200Success response
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/version" \
  -H "Accept: application/json"

Audit & Action Logs

Showing 5 of 5 endpoints
GET/audit_logs/audit-logs/access
Auth requiredaudit_logs.view_self

Retrieve access logs

Fetches paginated access audit logs scoped to the authenticated user. Tenant administrators can optionally expand the search to other actors or organizations. Requires features: audit_logs.view_self

Parameters

NameInRequiredSchemaDescription
organizationIdqueryNoanyLimit results to a specific organization
actorUserIdqueryNoanyFilter by actor user id (tenant administrators only)
resourceKindqueryNoanyRestrict to a resource kind such as `order` or `product`
accessTypequeryNoanyAccess type filter, e.g. `read` or `export`
pagequeryNoanyPage number (default 1)
pageSizequeryNoanyPage size (default 50)
limitqueryNoanyExplicit maximum number of records when paginating manually
beforequeryNoanyReturn logs created before this ISO-8601 timestamp
afterqueryNoanyReturn logs created after this ISO-8601 timestamp

Responses

200Access logs returned successfully
Content-Type: application/json
{
  "items": [
    {
      "id": "string",
      "resourceKind": "string",
      "resourceId": "string",
      "accessType": "string",
      "actorUserId": null,
      "actorUserName": null,
      "tenantId": null,
      "tenantName": null,
      "organizationId": null,
      "organizationName": null,
      "fields": [
        "string"
      ],
      "context": null,
      "createdAt": "string"
    }
  ],
  "canViewTenant": true,
  "page": 1,
  "pageSize": 1,
  "total": 1,
  "totalPages": 1
}
400Invalid filters supplied
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/audit_logs/audit-logs/access" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/audit_logs/audit-logs/actions
Auth requiredaudit_logs.view_self

Fetch action logs

Returns recent action audit log entries. Tenant administrators can widen the scope to other actors or organizations, and callers can optionally restrict results to undoable actions. Requires features: audit_logs.view_self

Parameters

NameInRequiredSchemaDescription
organizationIdqueryNoanyLimit results to a specific organization
actorUserIdqueryNoanyFilter logs created by specific actor IDs (tenant administrators only). Accepts a single UUID or a comma-separated UUID list.
resourceKindqueryNoanyFilter by resource kind (e.g., "order", "product")
resourceIdqueryNoanyFilter by resource ID (UUID of the specific record)
actionTypequeryNoanyFilter by action type (`create`, `edit`, `delete`, `assign`). Accepts a single value or a comma-separated list.
fieldNamequeryNoanyFilter to entries where the given field changed. Accepts a single field name or a comma-separated list.
includeRelatedqueryNoanyWhen `true`, also returns changes to child entities linked via parentResourceKind/parentResourceId
includeTotalqueryNoanyWhen `true`, the response includes the filtered total count.
undoableOnlyqueryNoanyWhen `true`, only undoable actions are returned
limitqueryNoanyMaximum number of records to return (default 50, max 1000)
offsetqueryNoanyZero-based record offset for pagination (legacy — prefer page/pageSize)
pagequeryNoanyPage number (default 1)
pageSizequeryNoanyPage size (default 50, max 200)
sortFieldqueryNoanySort field: `createdAt`, `user`, `action`, `field`, or `source`.
sortDirqueryNoanySort direction: `asc` or `desc`.
beforequeryNoanyReturn actions created before this ISO-8601 timestamp
afterqueryNoanyReturn actions created after this ISO-8601 timestamp

Responses

200Action logs retrieved successfully
Content-Type: application/json
{
  "items": [
    {
      "id": "string",
      "commandId": "string",
      "actionLabel": null,
      "executionState": "done",
      "actorUserId": null,
      "actorUserName": null,
      "tenantId": null,
      "tenantName": null,
      "organizationId": null,
      "organizationName": null,
      "resourceKind": null,
      "resourceId": null,
      "parentResourceKind": null,
      "parentResourceId": null,
      "undoToken": null,
      "createdAt": "string",
      "updatedAt": "string",
      "snapshotBefore": null,
      "snapshotAfter": null,
      "changes": null,
      "context": null
    }
  ],
  "canViewTenant": true,
  "page": 1,
  "pageSize": 1,
  "total": 1,
  "totalPages": 1
}
400Invalid filter values
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/audit_logs/audit-logs/actions?includeRelated=false&includeTotal=false&undoableOnly=false" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/audit_logs/audit-logs/actions/export
Auth requiredaudit_logs.view_self

Export action logs as CSV

Returns a CSV attachment containing filtered action audit log entries. Tenant administrators can widen the scope to other actors or organizations. Requires features: audit_logs.view_self

Parameters

NameInRequiredSchemaDescription
organizationIdqueryNoanyLimit results to a specific organization
actorUserIdqueryNoanyFilter logs created by specific actor IDs (tenant administrators only). Accepts a single UUID or a comma-separated UUID list.
resourceKindqueryNoanyFilter by resource kind (e.g., "order", "product")
resourceIdqueryNoanyFilter by resource ID (UUID of the specific record)
actionTypequeryNoanyFilter by action type (`create`, `edit`, `delete`, `assign`). Accepts a single value or a comma-separated list.
fieldNamequeryNoanyFilter to entries where the given field changed. Accepts a single field name or a comma-separated list.
includeRelatedqueryNoanyWhen `true`, also returns changes to child entities linked via parentResourceKind/parentResourceId
undoableOnlyqueryNoanyWhen `true`, only undoable actions are returned
limitqueryNoanyMaximum number of records to export (default 1000, capped at 1000)
sortFieldqueryNoanySort field: `createdAt`, `user`, `action`, `field`, or `source`.
sortDirqueryNoanySort direction: `asc` or `desc`.
beforequeryNoanyReturn actions created before this ISO-8601 timestamp
afterqueryNoanyReturn actions created after this ISO-8601 timestamp

Responses

200CSV export generated successfully
Content-Type: application/json
{
  "file": "csv"
}
400Invalid filter values
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/audit_logs/audit-logs/actions/export?includeRelated=false&undoableOnly=false" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/audit_logs/audit-logs/actions/redo
Auth requiredaudit_logs.redo_self

Redo by action log id

Redoes the latest undone command owned by the caller. Requires the action to still be eligible for redo within tenant and organization scope. Requires features: audit_logs.redo_self

Request body (application/json)

{
  "logId": "string"
}

Responses

200Redo executed successfully
Content-Type: application/json
{
  "ok": true,
  "logId": null,
  "undoToken": null
}
400Log not eligible for redo
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/audit_logs/audit-logs/actions/redo" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"logId\": \"string\"
}"
POST/audit_logs/audit-logs/actions/undo
Auth requiredaudit_logs.undo_self

Undo action by token

Replays the undo handler registered for a command. The provided undo token must match the latest undoable log entry accessible to the caller. Requires features: audit_logs.undo_self

Request body (application/json)

{
  "undoToken": "string"
}

Responses

200Undo applied successfully
Content-Type: application/json
{
  "ok": true,
  "logId": "string"
}
400Invalid or unavailable undo token
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/audit_logs/audit-logs/actions/undo" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"undoToken\": \"string\"
}"

Notifications

Showing 13 of 13 endpoints
GET/notifications
Auth required

List notifications

Returns a paginated collection of notifications.

Parameters

NameInRequiredSchemaDescription
statusqueryNoany
typequeryNoany
severityqueryNoany
sourceEntityTypequeryNoany
sourceEntityIdqueryNoany
sincequeryNoany
pagequeryNoany
pageSizequeryNoany
idsqueryNoanyComma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated notifications
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "type": "string",
      "title": "string",
      "body": null,
      "titleKey": null,
      "bodyKey": null,
      "titleVariables": null,
      "bodyVariables": null,
      "icon": null,
      "severity": "string",
      "status": "string",
      "actions": [
        {
          "id": "string",
          "label": "string"
        }
      ],
      "sourceModule": null,
      "sourceEntityType": null,
      "sourceEntityId": null,
      "linkHref": null,
      "createdAt": "string",
      "readAt": null,
      "actionTaken": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}

Example

curl -X GET "https://app.nwf24.pl/api/notifications?page=1&pageSize=20" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/notifications
Auth requirednotifications.create

Create notification

Creates a notification for a user. Requires features: notifications.create

Request body (application/json)

{
  "type": "string",
  "severity": "info",
  "recipientUserId": "00000000-0000-4000-8000-000000000000"
}

Responses

201Notification created
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000"
}

Example

curl -X POST "https://app.nwf24.pl/api/notifications" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"type\": \"string\",
  \"severity\": \"info\",
  \"recipientUserId\": \"00000000-0000-4000-8000-000000000000\"
}"
POST/notifications/{id}/action
Auth required

POST /notifications/{id}/action

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

201Success response
Content-Type: application/json
"string"

Example

curl -X POST "https://app.nwf24.pl/api/notifications/:id/action" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PUT/notifications/{id}/dismiss
Auth required

PUT /notifications/{id}/dismiss

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Success response
Content-Type: application/json
"string"

Example

curl -X PUT "https://app.nwf24.pl/api/notifications/:id/dismiss" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PUT/notifications/{id}/read
Auth required

PUT /notifications/{id}/read

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Success response
Content-Type: application/json
"string"

Example

curl -X PUT "https://app.nwf24.pl/api/notifications/:id/read" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PUT/notifications/{id}/restore
Auth required

PUT /notifications/{id}/restore

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Success response
Content-Type: application/json
"string"

Example

curl -X PUT "https://app.nwf24.pl/api/notifications/:id/restore" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/notifications/batch
Auth requirednotifications.create

POST /notifications/batch

Requires features: notifications.create

Responses

201Success response
Content-Type: application/json
"string"

Example

curl -X POST "https://app.nwf24.pl/api/notifications/batch" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/notifications/feature
Auth requirednotifications.create

POST /notifications/feature

Requires features: notifications.create

Responses

201Success response
Content-Type: application/json
"string"

Example

curl -X POST "https://app.nwf24.pl/api/notifications/feature" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PUT/notifications/mark-all-read
Auth required

PUT /notifications/mark-all-read

Responses

200Success response
Content-Type: application/json
"string"

Example

curl -X PUT "https://app.nwf24.pl/api/notifications/mark-all-read" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/notifications/role
Auth requirednotifications.create

POST /notifications/role

Requires features: notifications.create

Responses

201Success response
Content-Type: application/json
"string"

Example

curl -X POST "https://app.nwf24.pl/api/notifications/role" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/notifications/settings
Auth requirednotifications.manage

GET /notifications/settings

Requires features: notifications.manage

Responses

200Success response
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/notifications/settings" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/notifications/settings
Auth requirednotifications.manage

POST /notifications/settings

Requires features: notifications.manage

Responses

201Success response
Content-Type: application/json
"string"

Example

curl -X POST "https://app.nwf24.pl/api/notifications/settings" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/notifications/unread-count
Auth required

GET /notifications/unread-count

Responses

200Success response
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/notifications/unread-count" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Events

Showing 2 of 2 endpoints
GET/events
Auth requiredworkflows.view

List declared events

Returns every declared event. Filters: category, module, excludeTriggerExcluded (default true). Requires features: workflows.view

Responses

200Declared events
Content-Type: application/json
{
  "data": [
    {
      "id": "string",
      "label": "string"
    }
  ],
  "total": 1
}

Example

curl -X GET "https://app.nwf24.pl/api/events" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/events/stream
Auth required

GET /events/stream

Responses

200Success response
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/events/stream" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Customer Relationship Management

Showing 2 of 2 endpoints
POST/customers/deals/bulk-update-owner
Auth requiredcustomers.deals.manage

Bulk reassign deal owner

Queues a background job that reassigns the listed deals to a new owner (or clears the owner when null). Requires features: customers.deals.manage

Responses

201Success response
Content-Type: application/json
"string"

Example

curl -X POST "https://app.nwf24.pl/api/customers/deals/bulk-update-owner" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/customers/deals/bulk-update-stage
Auth requiredcustomers.deals.manage

Bulk update deal pipeline stage

Queues a background job that moves the listed deals to the same pipeline stage. Returns a progress job id to poll for completion. Requires features: customers.deals.manage

Responses

201Success response
Content-Type: application/json
"string"

Example

curl -X POST "https://app.nwf24.pl/api/customers/deals/bulk-update-stage" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Feature Toggles

Showing 12 of 12 endpoints
GET/feature_toggles/check/boolean
Auth required

Check if feature is enabled

Checks if a feature toggle is enabled for the current context.

Parameters

NameInRequiredSchemaDescription
identifierqueryYesanyFeature toggle identifier

Responses

200Feature status
Content-Type: application/json
{
  "enabled": true,
  "source": "override",
  "toggleId": "string",
  "identifier": "string",
  "tenantId": "string"
}
400Bad Request
Content-Type: application/json
{
  "error": "string"
}
404Tenant not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/feature_toggles/check/boolean?identifier=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/feature_toggles/check/json
Auth required

Get json config

Gets the json configuration for a feature toggle.

Parameters

NameInRequiredSchemaDescription
identifierqueryYesanyFeature toggle identifier

Responses

200Json config
Content-Type: application/json
{
  "valueType": "json",
  "source": "override",
  "toggleId": "string",
  "identifier": "string",
  "tenantId": "string"
}
400Bad Request
Content-Type: application/json
{
  "error": "string"
}
404Tenant not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/feature_toggles/check/json?identifier=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/feature_toggles/check/number
Auth required

Get number config

Gets the number configuration for a feature toggle.

Parameters

NameInRequiredSchemaDescription
identifierqueryYesanyFeature toggle identifier

Responses

200Number config
Content-Type: application/json
{
  "valueType": "number",
  "value": 1,
  "source": "override",
  "toggleId": "string",
  "identifier": "string",
  "tenantId": "string"
}
400Bad Request
Content-Type: application/json
{
  "error": "string"
}
404Tenant not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/feature_toggles/check/number?identifier=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/feature_toggles/check/string
Auth required

Get string config

Gets the string configuration for a feature toggle.

Parameters

NameInRequiredSchemaDescription
identifierqueryYesanyFeature toggle identifier

Responses

200String config
Content-Type: application/json
{
  "valueType": "string",
  "value": "string",
  "source": "override",
  "toggleId": "string",
  "identifier": "string",
  "tenantId": "string"
}
400Bad Request
Content-Type: application/json
{
  "error": "string"
}
404Tenant not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/feature_toggles/check/string?identifier=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/feature_toggles/global
Auth requiredfeature_toggles.view

List global feature toggles

Returns all global feature toggles with filtering and pagination. Requires superadmin role. Requires features: feature_toggles.view

Parameters

NameInRequiredSchemaDescription
pagequeryNoanyPage number for pagination
pageSizequeryNoanyNumber of items per page (max 200)
searchqueryNoanyCase-insensitive search across identifier, name, description, and category
typequeryNoanyFilter by toggle type (boolean, string, number, json)
categoryqueryNoanyFilter by category (case-insensitive partial match)
namequeryNoanyFilter by name (case-insensitive partial match)
identifierqueryNoanyFilter by identifier (case-insensitive partial match)
sortFieldqueryNoanyField to sort by
sortDirqueryNoanySort direction (ascending or descending)

Responses

200Feature toggles collection
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "identifier": "string",
      "name": "string",
      "description": null,
      "category": null,
      "type": "boolean",
      "defaultValue": null,
      "createdAt": null,
      "updatedAt": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}
400Invalid query parameters
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/feature_toggles/global?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/feature_toggles/global
Auth requiredfeature_toggles.global.manage

Create global feature toggle

Creates a new global feature toggle. Requires superadmin role. Requires features: feature_toggles.global.manage

Request body (application/json)

{
  "identifier": "string",
  "name": "string",
  "description": null,
  "category": null,
  "type": "boolean",
  "defaultValue": null
}

Responses

201Feature toggle created
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000"
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/feature_toggles/global" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"identifier\": \"string\",
  \"name\": \"string\",
  \"description\": null,
  \"category\": null,
  \"type\": \"boolean\",
  \"defaultValue\": null
}"
PUT/feature_toggles/global
Auth requiredfeature_toggles.global.manage

Update global feature toggle

Updates an existing global feature toggle. Requires superadmin role. Requires features: feature_toggles.global.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "description": null,
  "category": null,
  "defaultValue": null
}

Responses

200Feature toggle updated
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000"
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}
404Feature toggle not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/feature_toggles/global" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"description\": null,
  \"category\": null,
  \"defaultValue\": null
}"
DELETE/feature_toggles/global
Auth requiredfeature_toggles.global.manage

Delete global feature toggle

Soft deletes a global feature toggle by ID. Requires superadmin role. Requires features: feature_toggles.global.manage

Parameters

NameInRequiredSchemaDescription
idqueryYesanyFeature toggle identifier

Responses

200Feature toggle deleted
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000"
}
400Invalid identifier
Content-Type: application/json
{
  "error": "string"
}
404Feature toggle not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/feature_toggles/global?id=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/feature_toggles/global/{id}
Auth requiredfeature_toggles.view

Fetch feature toggle by ID

Returns complete details of a feature toggle. Requires features: feature_toggles.view

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Feature toggle detail
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000",
  "identifier": "string",
  "name": "string",
  "description": null,
  "category": null,
  "type": "boolean",
  "defaultValue": null,
  "createdAt": null,
  "updatedAt": null
}
400Invalid identifier
Content-Type: application/json
{
  "error": "string"
}
404Feature toggle not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/feature_toggles/global/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/feature_toggles/global/{id}/override
Auth requiredfeature_toggles.view

Fetch feature toggle override

Returns feature toggle override. Requires features: feature_toggles.view

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Feature toggle overrides
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000",
  "tenantName": "string",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "toggleType": "boolean",
  "updatedAt": null
}
400Invalid request
Content-Type: application/json
{
  "error": "string"
}
404Feature toggle not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/feature_toggles/global/:id/override" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/feature_toggles/overrides
Auth requiredfeature_toggles.view

List overrides

Returns list of feature toggle overrides. Requires features: feature_toggles.view

Parameters

NameInRequiredSchemaDescription
categoryqueryNoany
namequeryNoany
identifierqueryNoany
sortFieldqueryNoany
sortDirqueryNoany
pagequeryNoany
pageSizequeryNoany

Responses

200List of overrides
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "toggleId": "00000000-0000-4000-8000-000000000000",
      "tenantName": "string",
      "tenantId": "00000000-0000-4000-8000-000000000000",
      "identifier": "string",
      "name": "string",
      "category": "string",
      "isOverride": true
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1,
  "isSuperAdmin": true
}
400Invalid query parameters
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/feature_toggles/overrides?page=1&pageSize=25" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PUT/feature_toggles/overrides
Auth requiredfeature_toggles.manage

Change override state

Enable, disable or inherit a feature toggle for a specific tenant. Requires features: feature_toggles.manage

Request body (application/json)

{
  "toggleId": "00000000-0000-4000-8000-000000000000",
  "isOverride": true
}

Responses

200Override updated
Content-Type: application/json
{
  "ok": true,
  "overrideToggleId": null
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}
404Not found
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/feature_toggles/overrides" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"toggleId\": \"00000000-0000-4000-8000-000000000000\",
  \"isOverride\": true
}"

AI Assistant

Showing 20 of 39 endpoints
GET/ai_assistant/ai/actions/{id}
Auth requiredai_assistant.view

Fetch the current state of an AI pending action by id.

Returns the tenant-scoped {@link AiPendingAction} addressed by `:id`. Powers the chat UI reconnect/polling path: after a page reload or SSE reconnect the client carries the `pendingActionId` from an earlier `mutation-preview-card` UI part and calls this route to re-hydrate the card. Server-internal fields (`normalizedInput`, `createdByUserId`, `idempotencyKey`) are stripped by a whitelist serializer. Enforces tenant/org scoping via the repository. Requires features: ai_assistant.view

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Serialized pending action. Never includes normalizedInput, createdByUserId, or idempotencyKey.
Content-Type: application/json
"string"
404No pending action with the given id is accessible to the caller.
Content-Type: application/json
"string"
500Internal runtime failure.
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/ai_assistant/ai/actions/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/ai_assistant/ai/actions/{id}/cancel
Auth requiredai_assistant.view

Cancel an AI pending action without executing the wrapped tool.

Flips a pending AI action from `pending` to `cancelled` and emits the `ai.action.cancelled` event. The tool handler is never invoked. Idempotent: a second call on a row already in `cancelled` status returns 200 with the current row without re-emitting the event. Rows whose `expiresAt` is in the past are flipped to `expired` and returned as 409 `expired` so the client can surface the TTL loss instead of silently masking it as a cancellation. Requires features: ai_assistant.view

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Cancellation complete (or idempotent replay); body includes the serialized pending action with status `cancelled`.
Content-Type: application/json
"string"
400Invalid cancel request body (unknown field, reason exceeds 500 chars, wrong type).
Content-Type: application/json
"string"
404Pending action not found in the caller scope.
Content-Type: application/json
"string"
409Pending action is not in `pending` status (already confirmed/failed/executing) or has expired.
Content-Type: application/json
"string"
500Unexpected server failure during cancel.
Content-Type: application/json
"string"

Example

curl -X POST "https://app.nwf24.pl/api/ai_assistant/ai/actions/:id/cancel" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/ai_assistant/ai/actions/{id}/confirm
Auth requiredai_assistant.view

Confirm an AI pending action, re-running every server-side check before execution.

Re-verifies the full contract from spec §9.4 (status, expiry, agent registration, required features, mutation policy, tool whitelist, attachment tenant scope, record version, and schema drift), flips the pending-action state machine to `executing`, invokes the wrapped tool handler, and persists `executionResult`. Idempotent: a second call on a row already in `confirmed` state returns the prior result without re-executing the handler. Requires features: ai_assistant.view

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Confirmation complete; body includes the serialized pending action and the mutation result.
Content-Type: application/json
"string"
404Pending action or agent not found in the caller scope.
Content-Type: application/json
"string"
409Pending action is not in `pending` status or has expired.
Content-Type: application/json
"string"
412Record version changed between propose and confirm, or the input schema no longer accepts the stored payload.
Content-Type: application/json
"string"
500Unexpected server failure during confirm.
Content-Type: application/json
"string"

Example

curl -X POST "https://app.nwf24.pl/api/ai_assistant/ai/actions/:id/confirm" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/ai_assistant/ai/agents
Auth requiredai_assistant.view

List registered AI agents, filtered by the caller's features.

Returns `{ agents: [...] }` — the subset of agents from `ai-agents.generated.ts` that the authenticated caller can invoke based on each agent's `requiredFeatures`. Mirrors the `meta.list_agents` tool handler so backoffice pages (e.g. the playground) can render an agent picker without going through the MCP tool transport. Requires features: ai_assistant.view

Responses

200Accessible agent summaries.
Content-Type: application/json
"string"
500Internal failure while loading the agent registry.
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/ai_assistant/ai/agents" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/ai_assistant/ai/agents/{agentId}/loop-override
Auth requiredai_assistant.view

Read the current loop-policy override for this agent, if any.

Returns `{ agentId, override }` where `override` is the agent-scoped loop-policy row from `ai_agent_runtime_overrides` (or `null`). Requires `ai_assistant.view`. Requires features: ai_assistant.view

Parameters

NameInRequiredSchemaDescription
agentIdpathYesany

Responses

200Loop override payload.
Content-Type: application/json
"string"
400Invalid agent id.
Content-Type: application/json
"string"
404Unknown agent id.
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/ai_assistant/ai/agents/:agentId/loop-override" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PUT/ai_assistant/ai/agents/{agentId}/loop-override
Auth requiredai_assistant.settings.manage

Set (or replace) the tenant-scoped loop-policy override for this agent.

Body: loop columns. All fields are nullable/optional; `null` explicitly clears that axis. Validates `loopStopWhenJson` items and `loopActiveToolsJson` membership. Requires `ai_assistant.settings.manage`. Requires features: ai_assistant.settings.manage

Parameters

NameInRequiredSchemaDescription
agentIdpathYesany

Request body (application/json)

{
  "loopDisabled": null,
  "loopMaxSteps": null,
  "loopMaxToolCalls": null,
  "loopMaxWallClockMs": null,
  "loopMaxTokens": null,
  "loopStopWhenJson": null,
  "loopActiveToolsJson": null
}

Responses

200Override persisted.
Content-Type: application/json
"string"
400Invalid agent id or validation error.
Content-Type: application/json
"string"
404Unknown agent id.
Content-Type: application/json
"string"

Example

curl -X PUT "https://app.nwf24.pl/api/ai_assistant/ai/agents/:agentId/loop-override" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"loopDisabled\": null,
  \"loopMaxSteps\": null,
  \"loopMaxToolCalls\": null,
  \"loopMaxWallClockMs\": null,
  \"loopMaxTokens\": null,
  \"loopStopWhenJson\": null,
  \"loopActiveToolsJson\": null
}"
DELETE/ai_assistant/ai/agents/{agentId}/loop-override
Auth requiredai_assistant.settings.manage

Remove the loop-policy columns from the agent-scoped runtime override row.

Nulls out all seven loop columns on the agent-scoped `ai_agent_runtime_overrides` row. Idempotent — returns 200 even when no override exists. Requires `ai_assistant.settings.manage`. Requires features: ai_assistant.settings.manage

Parameters

NameInRequiredSchemaDescription
agentIdpathYesany

Responses

200Loop override cleared (or already absent).
Content-Type: application/json
"string"
400Invalid agent id.
Content-Type: application/json
"string"
404Unknown agent id.
Content-Type: application/json
"string"

Example

curl -X DELETE "https://app.nwf24.pl/api/ai_assistant/ai/agents/:agentId/loop-override" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/ai_assistant/ai/agents/{agentId}/models
Auth requiredai_assistant.view

Get the providers and curated models available for the chat-UI picker for this agent

Returns all configured providers with their curated model catalogs, filtered to providers that have an API key configured in the current environment. When the agent declares `allowRuntimeOverride: false`, the response reflects that constraint so the UI picker can hide itself. Includes the agent's resolved default provider/model so the picker can render a "(default)" badge next to the right entry. RBAC: requires the same features as the agent itself (typically `ai_assistant.view`). Requires features: ai_assistant.view

Parameters

NameInRequiredSchemaDescription
agentIdpathYesany

Responses

200Providers and curated models available for the agent picker. Empty `providers` array when `allowRuntimeOverride` is false.
Content-Type: application/json
"string"
404Unknown agent id.
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/ai_assistant/ai/agents/:agentId/models" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/ai_assistant/ai/agents/{agentId}/mutation-policy
Auth requiredai_assistant.view

Read the effective mutationPolicy for an agent — code-declared value plus any tenant override.

Returns `{ agentId, codeDeclared, override }` where `codeDeclared` is the agent's compiled-in `mutationPolicy` and `override` is the persisted tenant-scoped override (or `null`). Requires `ai_assistant.view`. Requires features: ai_assistant.view

Parameters

NameInRequiredSchemaDescription
agentIdpathYesany

Responses

200Effective mutationPolicy payload.
Content-Type: application/json
"string"
400Invalid agent id.
Content-Type: application/json
"string"
404Unknown agent id.
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/ai_assistant/ai/agents/:agentId/mutation-policy" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/ai_assistant/ai/agents/{agentId}/mutation-policy
Auth requiredai_assistant.settings.manage

Set (or replace) the tenant-scoped mutationPolicy override for this agent.

Body: `{ mutationPolicy: "read-only" | "confirm-required" | "destructive-confirm-required", notes? }`. The override MUST NOT escalate beyond the agent's code-declared policy. Escalation attempts are rejected with 400 + `code: "escalation_not_allowed"`. Requires `ai_assistant.settings.manage`. Requires features: ai_assistant.settings.manage

Parameters

NameInRequiredSchemaDescription
agentIdpathYesany

Request body (application/json)

{
  "mutationPolicy": "read-only"
}

Responses

200Override persisted.
Content-Type: application/json
"string"
400Invalid agent id, malformed body, or escalation attempt.
Content-Type: application/json
"string"
404Unknown agent id.
Content-Type: application/json
"string"

Example

curl -X POST "https://app.nwf24.pl/api/ai_assistant/ai/agents/:agentId/mutation-policy" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"mutationPolicy\": \"read-only\"
}"
DELETE/ai_assistant/ai/agents/{agentId}/mutation-policy
Auth requiredai_assistant.settings.manage

Remove the tenant-scoped mutationPolicy override for this agent.

Deletes the override row if it exists; subsequent calls fall back to the agent's code-declared policy. Idempotent — returns 200 even when no override exists. Requires `ai_assistant.settings.manage`. Requires features: ai_assistant.settings.manage

Parameters

NameInRequiredSchemaDescription
agentIdpathYesany

Responses

200Override cleared (or already absent).
Content-Type: application/json
"string"
400Invalid agent id.
Content-Type: application/json
"string"
404Unknown agent id.
Content-Type: application/json
"string"

Example

curl -X DELETE "https://app.nwf24.pl/api/ai_assistant/ai/agents/:agentId/mutation-policy" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/ai_assistant/ai/agents/{agentId}/prompt-override

Read the latest prompt-section override for an agent plus recent version history.

Returns `{ agentId, override, versions }` where `override` is the latest persisted row (or `null`) and `versions` is the newest-first history capped at 10 rows. Tenant-scoped; requires `ai_assistant.settings.manage`.

Parameters

NameInRequiredSchemaDescription
agentIdpathYesany

Responses

200Latest override + recent version history.
Content-Type: application/json
"string"
400Invalid agent id.
Content-Type: application/json
"string"
401Unauthenticated caller.
Content-Type: application/json
"string"
403Caller lacks `ai_assistant.settings.manage`.
Content-Type: application/json
"string"
404Unknown agent id.
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/ai_assistant/ai/agents/:agentId/prompt-override" \
  -H "Accept: application/json"
POST/ai_assistant/ai/agents/{agentId}/prompt-override

Save a new prompt-section override version for the agent.

Persists an additive `{ sections: Record<sectionId, text>, notes? }` override, allocating the next monotonic version for `(tenant, org, agent)`. Reserved policy keys (`mutationPolicy`, `readOnly`, `allowedTools`, `acceptedMediaTypes`) are rejected with 400 / `reserved_key`. Requires `ai_assistant.settings.manage`.

Parameters

NameInRequiredSchemaDescription
agentIdpathYesany

Request body (application/json)

{}

Responses

200Override persisted. Returns `{ ok: true, version, updatedAt }`.
Content-Type: application/json
"string"
400Invalid agent id, malformed body, or reserved policy key.
Content-Type: application/json
"string"
401Unauthenticated caller.
Content-Type: application/json
"string"
403Caller lacks `ai_assistant.settings.manage`.
Content-Type: application/json
"string"
404Unknown agent id.
Content-Type: application/json
"string"

Example

curl -X POST "https://app.nwf24.pl/api/ai_assistant/ai/agents/:agentId/prompt-override" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{}"
POST/ai_assistant/ai/chat
Auth requiredai_assistant.view

Stream a chat turn for a registered AI agent

Dispatches a chat turn to the focused AI agent identified by `?agent=<module>.<agent>`. Enforces agent-level `requiredFeatures`, tool whitelisting, read-only / mutationPolicy, execution-mode compatibility, and attachment media-type policy. The streaming response body uses an AI SDK-compatible `text/event-stream` transport. Optional `?provider=`, `?model=`, and `?baseUrl=` query params let callers override the resolved provider/model/base-URL for this turn (Phase 4a). Provider must be registered and configured; baseUrl must match `AI_RUNTIME_BASEURL_ALLOWLIST` when set. Both are suppressed when the agent declares `allowRuntimeOverride: false`. Requires features: ai_assistant.view

Parameters

NameInRequiredSchemaDescription
agentqueryYesany
providerqueryNoany
modelqueryNoany
baseUrlqueryNoany
loopBudgetqueryNoany

Request body (application/json)

{
  "messages": [
    {
      "role": "user",
      "content": "string"
    }
  ]
}

Responses

200Streaming text/event-stream response compatible with AI SDK chat transports.
Content-Type: text/event-stream
string
400Invalid query param, malformed payload, or message count above the cap. Typed codes: `runtime_override_disabled` (agent has allowRuntimeOverride:false), `provider_unknown` (provider id not registered), `provider_not_configured` (provider registered but no API key in env), `baseurl_not_allowlisted` (baseUrl not in AI_RUNTIME_BASEURL_ALLOWLIST).
Content-Type: application/json
"string"
404Unknown agent id.
Content-Type: application/json
"string"
409Agent/tool/execution-mode policy violation.
Content-Type: application/json
"string"
500Internal runtime failure.
Content-Type: application/json
"string"

Example

curl -X POST "https://app.nwf24.pl/api/ai_assistant/ai/chat?agent=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"messages\": [
    {
      \"role\": \"user\",
      \"content\": \"string\"
    }
  ]
}"
GET/ai_assistant/ai/conversations
Auth requiredai_assistant.view

List AI chat conversations visible to the caller.

Returns `{ items, nextCursor }` for the authenticated caller, ordered by `lastMessageAt` descending. View-only callers receive only their own conversations. Callers with `ai_assistant.conversations.manage` may list conversations across users in the same tenant/organization. The `agent` and `status` filters are optional; `cursor` is the ISO timestamp returned by a previous response. Requires features: ai_assistant.view

Responses

200Caller-owned conversation summaries.
Content-Type: application/json
"string"
400Invalid query parameters.
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/ai_assistant/ai/conversations" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/ai_assistant/ai/conversations
Auth requiredai_assistant.view

Idempotently create a new AI chat conversation.

If a non-deleted conversation already exists with the supplied `conversationId` for the authenticated caller in this tenant/org, returns the existing summary. Otherwise creates a fresh row and writes the owner-participant row in the same transaction. Requires features: ai_assistant.view

Responses

200Existing conversation (idempotent path).
Content-Type: application/json
"string"
201Newly created conversation.
Content-Type: application/json
"string"
400Invalid request body.
Content-Type: application/json
"string"

Example

curl -X POST "https://app.nwf24.pl/api/ai_assistant/ai/conversations" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/ai_assistant/ai/conversations/{conversationId}
Auth requiredai_assistant.view

Fetch a conversation summary and recent transcript.

Returns `{ conversation, messages, nextCursor }` for the supplied `conversationId`. View-only callers can load only their own conversations. Callers with `ai_assistant.conversations.manage` can load conversations across users in the same tenant/organization. Messages are ordered ascending by `createdAt`. The `before` cursor returns the next older page when paging back through long transcripts. Requires features: ai_assistant.view

Parameters

NameInRequiredSchemaDescription
conversationIdpathYesany

Responses

200Conversation transcript page for the authenticated owner.
Content-Type: application/json
"string"
400Invalid path or query parameters.
Content-Type: application/json
"string"
404No conversation accessible to the caller.
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/ai_assistant/ai/conversations/:conversationId" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PATCH/ai_assistant/ai/conversations/{conversationId}
Auth requiredai_assistant.view

Update an existing conversation.

Accepts a partial body containing any of `title`, `status`, `pageContext`. Setting `status` to `closed` archives the conversation while keeping its transcript intact. View-only callers can update only their own conversations; conversation managers can update conversations in the same tenant/organization. Requires features: ai_assistant.view

Parameters

NameInRequiredSchemaDescription
conversationIdpathYesany

Responses

200Updated conversation summary.
Content-Type: application/json
"string"
400Invalid request body.
Content-Type: application/json
"string"
404No conversation accessible to the caller.
Content-Type: application/json
"string"

Example

curl -X PATCH "https://app.nwf24.pl/api/ai_assistant/ai/conversations/:conversationId" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
DELETE/ai_assistant/ai/conversations/{conversationId}
Auth requiredai_assistant.view

Soft-delete a conversation and its messages.

View-only callers can delete only their own conversations. Callers with `ai_assistant.conversations.manage` can delete conversations in the same tenant/organization. Marks the conversation row and every undeleted message row with a `deleted_at` timestamp in one transaction. The transcript remains in the database for audit/restore until a future retention worker hard-deletes it. Requires features: ai_assistant.view

Parameters

NameInRequiredSchemaDescription
conversationIdpathYesany

Responses

200Soft-delete acknowledgment.
Content-Type: application/json
"string"
404No conversation accessible to the caller.
Content-Type: application/json
"string"

Example

curl -X DELETE "https://app.nwf24.pl/api/ai_assistant/ai/conversations/:conversationId" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/ai_assistant/ai/conversations/{conversationId}/participants
Auth requiredai_assistant.view

List active participants of a conversation.

Returns the list of active (non-revoked) participants for the conversation. Only the conversation owner or a caller with `ai_assistant.conversations.manage` can call this endpoint. Requires features: ai_assistant.view

Parameters

NameInRequiredSchemaDescription
conversationIdpathYesany

Responses

200List of active participants.
Content-Type: application/json
"string"
404Conversation not found or not accessible.
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/ai_assistant/ai/conversations/:conversationId/participants" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Attachments

Showing 14 of 14 endpoints
GET/attachments
Auth requiredattachments.view

List attachments for a record

Returns uploaded attachments for the given entity record, ordered by newest first. Requires features: attachments.view

Parameters

NameInRequiredSchemaDescription
entityIdqueryYesanyEntity identifier that owns the attachments
recordIdqueryYesanyRecord identifier within the entity
pagequeryNoany
pageSizequeryNoany

Responses

200Attachments found for the record
Content-Type: application/json
{
  "items": [
    {
      "id": "string",
      "url": "string",
      "fileName": "string",
      "fileSize": 1,
      "createdAt": "string",
      "mimeType": null,
      "content": null
    }
  ]
}
400Missing entity or record identifiers
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/attachments?entityId=string&recordId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/attachments
Auth requiredattachments.manage

Upload attachment

Uploads a new attachment using multipart form-data and stores metadata for later retrieval. Requires features: attachments.manage

Request body (multipart/form-data)

entityId=string
recordId=string
file=string

Responses

200Attachment stored successfully
Content-Type: application/json
{
  "ok": true,
  "item": {
    "id": "string",
    "url": "string",
    "fileName": "string",
    "fileSize": 1,
    "content": null
  }
}
400Payload validation error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/attachments" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: multipart/form-data" \
  -d "{
  \"entityId\": \"string\",
  \"recordId\": \"string\",
  \"file\": \"string\"
}"
DELETE/attachments
Auth requiredattachments.manage

Delete attachment

Removes an uploaded attachment and deletes the stored asset. Requires features: attachments.manage

Parameters

NameInRequiredSchemaDescription
idqueryYesany

Responses

200Attachment deleted
Content-Type: application/json
{
  "ok": true
}
400Missing attachment identifier
Content-Type: application/json
{
  "error": "string"
}
404Attachment not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/attachments?id=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/attachments/file/{id}

Download or serve attachment file

Returns the raw file content for an attachment. Path parameter: {id} - Attachment UUID. Query parameter: ?download=1 - Force file download with Content-Disposition header. Access control is enforced based on partition settings.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200File content with appropriate MIME type
Content-Type: application/json
"string"
400Missing attachment ID
Content-Type: application/json
{
  "error": "string"
}
401Unauthorized - authentication required for private partitions
Content-Type: application/json
{
  "error": "string"
}
403Forbidden - insufficient permissions
Content-Type: application/json
{
  "error": "string"
}
404Attachment or file not found
Content-Type: application/json
{
  "error": "string"
}
500Partition misconfigured
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/attachments/file/:id" \
  -H "Accept: application/json"
GET/attachments/image/{id}/{slug}

Serve image with optional resizing

Returns an image attachment with optional on-the-fly resizing and cropping. Resized images are cached for performance. Only works with image MIME types. Path parameter: {id} - Attachment UUID. Query parameters: ?width=N (1-4000 pixels), ?height=N (1-4000 pixels), ?cropType=cover|contain (resize behavior).

Parameters

NameInRequiredSchemaDescription
idpathYesany
slugpathNoany

Responses

200Binary image content (Content-Type: image/jpeg, image/png, etc.)
Content-Type: application/json
"string"
400Invalid parameters, missing ID, or non-image attachment
Content-Type: application/json
{
  "error": "string"
}
401Unauthorized - authentication required for private partitions
Content-Type: application/json
{
  "error": "string"
}
403Forbidden - insufficient permissions
Content-Type: application/json
{
  "error": "string"
}
404Image not found
Content-Type: application/json
{
  "error": "string"
}
500Partition misconfigured or image rendering failed
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/attachments/image/:id/:slug" \
  -H "Accept: application/json"
GET/attachments/library
Auth requiredattachments.view

List attachments

Returns paginated list of attachments with optional filtering by search term, partition, and tags. Includes available tags and partitions. Requires features: attachments.view

Parameters

NameInRequiredSchemaDescription
pagequeryNoanyPage number for pagination
pageSizequeryNoanyNumber of items per page (max 100)
searchqueryNoanySearch by file name (case-insensitive)
partitionqueryNoanyFilter by partition code
tagsqueryNoanyFilter by tags (comma-separated)
sortFieldqueryNoanyField to sort by
sortDirqueryNoanySort direction

Responses

200Attachments list with pagination and metadata
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "fileName": "string",
      "fileSize": 1,
      "mimeType": "string",
      "partitionCode": "string",
      "partitionTitle": null,
      "url": null,
      "createdAt": "string",
      "tags": [
        "string"
      ],
      "assignments": [],
      "content": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1,
  "availableTags": [
    "string"
  ],
  "partitions": [
    {
      "code": "string",
      "title": "string",
      "description": null,
      "isPublic": true
    }
  ]
}
400Invalid query parameters
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/attachments/library?page=1&pageSize=25" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/attachments/library/{id}
Auth requiredattachments.view

Get attachment details

Returns complete details of an attachment including metadata, tags, assignments, and custom fields. Requires features: attachments.view

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Attachment details
Content-Type: application/json
{
  "item": {
    "id": "00000000-0000-4000-8000-000000000000",
    "fileName": "string",
    "fileSize": 1,
    "mimeType": "string",
    "partitionCode": "string",
    "partitionTitle": null,
    "tags": [
      "string"
    ],
    "assignments": [],
    "content": null,
    "customFields": null
  }
}
400Invalid attachment ID
Content-Type: application/json
{
  "error": "string"
}
404Attachment not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/attachments/library/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PATCH/attachments/library/{id}
Auth requiredattachments.manage

Update attachment metadata

Updates attachment tags, assignments, and custom fields. Emits CRUD side effects for indexing and events. Requires features: attachments.manage

Parameters

NameInRequiredSchemaDescription
idpathYesany

Request body (application/json)

{}

Responses

200Attachment updated successfully
Content-Type: application/json
{
  "ok": true
}
400Invalid payload or attachment ID
Content-Type: application/json
{
  "error": "string"
}
404Attachment not found
Content-Type: application/json
{
  "error": "string"
}
500Failed to save attributes
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PATCH "https://app.nwf24.pl/api/attachments/library/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{}"
DELETE/attachments/library/{id}
Auth requiredattachments.manage

Delete attachment

Permanently deletes an attachment file from storage and database. Emits CRUD side effects. Requires features: attachments.manage

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Attachment deleted successfully
Content-Type: application/json
{
  "ok": true
}
400Invalid attachment ID
Content-Type: application/json
{
  "error": "string"
}
404Attachment not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/attachments/library/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/attachments/partitions
Auth requiredattachments.manage

List all attachment partitions

Returns all configured attachment partitions with storage settings, OCR configuration, and access control settings. Requires features: attachments.manage

Responses

200List of partitions
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "code": "string",
      "title": "string",
      "description": null,
      "isPublic": true,
      "requiresOcr": true,
      "ocrModel": null,
      "configJson": null,
      "createdAt": null,
      "updatedAt": null,
      "envKey": "string"
    }
  ]
}

Example

curl -X GET "https://app.nwf24.pl/api/attachments/partitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/attachments/partitions
Auth requiredattachments.manage

Create new partition

Creates a new attachment partition with specified storage and OCR settings. Requires unique partition code. Requires features: attachments.manage

Request body (application/json)

{
  "code": "string",
  "title": "string",
  "description": null,
  "ocrModel": null,
  "storageDriver": "local",
  "configJson": null
}

Responses

201Partition created successfully
Content-Type: application/json
{
  "item": {
    "id": "00000000-0000-4000-8000-000000000000",
    "code": "string",
    "title": "string",
    "description": null,
    "isPublic": true,
    "requiresOcr": true,
    "ocrModel": null,
    "configJson": null,
    "createdAt": null,
    "updatedAt": null,
    "envKey": "string"
  }
}
400Invalid payload or partition code
Content-Type: application/json
{
  "error": "string"
}
409Partition code already exists
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/attachments/partitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"code\": \"string\",
  \"title\": \"string\",
  \"description\": null,
  \"ocrModel\": null,
  \"storageDriver\": \"local\",
  \"configJson\": null
}"
PUT/attachments/partitions
Auth requiredattachments.manage

Update partition

Updates an existing partition. Partition code cannot be changed. Title, description, OCR settings, and access control can be modified. Requires features: attachments.manage

Request body (application/json)

{
  "code": "string",
  "title": "string",
  "description": null,
  "ocrModel": null,
  "storageDriver": "local",
  "configJson": null,
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Partition updated successfully
Content-Type: application/json
{
  "item": {
    "id": "00000000-0000-4000-8000-000000000000",
    "code": "string",
    "title": "string",
    "description": null,
    "isPublic": true,
    "requiresOcr": true,
    "ocrModel": null,
    "configJson": null,
    "createdAt": null,
    "updatedAt": null,
    "envKey": "string"
  }
}
400Invalid payload or code change attempt
Content-Type: application/json
{
  "error": "string"
}
404Partition not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/attachments/partitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"code\": \"string\",
  \"title\": \"string\",
  \"description\": null,
  \"ocrModel\": null,
  \"storageDriver\": \"local\",
  \"configJson\": null,
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"
DELETE/attachments/partitions
Auth requiredattachments.manage

Delete partition

Deletes a partition. Default partitions cannot be deleted. Partitions with existing attachments cannot be deleted. Requires features: attachments.manage

Responses

200Partition deleted successfully
Content-Type: application/json
{
  "ok": true
}
400Invalid ID or default partition deletion attempt
Content-Type: application/json
{
  "error": "string"
}
404Partition not found
Content-Type: application/json
{
  "error": "string"
}
409Partition in use
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/attachments/partitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/attachments/transfer
Auth requiredattachments.manage

Transfer attachments to different record

Transfers one or more attachments from one record to another within the same entity type. Updates attachment assignments and metadata to reflect the new record. Requires features: attachments.manage

Request body (application/json)

{
  "entityId": "string",
  "attachmentIds": [
    "00000000-0000-4000-8000-000000000000"
  ],
  "toRecordId": "string"
}

Responses

200Attachments transferred successfully
Content-Type: application/json
{
  "ok": true,
  "updated": 1
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}
404Attachments not found
Content-Type: application/json
{
  "error": "string"
}
500Attachment model missing
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/attachments/transfer" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"attachmentIds\": [
    \"00000000-0000-4000-8000-000000000000\"
  ],
  \"toRecordId\": \"string\"
}"

Customer Portal

Showing 19 of 19 endpoints
GET/customer_accounts/portal/events/stream

Subscribe to portal events via SSE (Portal Event Bridge)

Long-lived SSE connection that receives server-side events marked with portalBroadcast: true. Events are filtered by the customer's tenant, organization, and recipient user audience.

Responses

200Event stream (text/event-stream)
Content-Type: application/json
"string"
401Not authenticated
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/portal/events/stream" \
  -H "Accept: application/json"
POST/customer_accounts/portal/feature-check

Check customer portal feature access

Checks which of the requested features the authenticated customer user has. Used by portal menu injection for feature-gating.

Request body (application/json)

{
  "features": [
    "string"
  ]
}

Responses

200Feature check result
Content-Type: application/json
{
  "ok": true,
  "granted": [
    "string"
  ]
}
400Invalid request
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/portal/feature-check" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"features\": [
    \"string\"
  ]
}"
POST/customer_accounts/portal/logout

Customer logout

Revokes the current session and clears authentication cookies.

Responses

200Logged out
Content-Type: application/json
{
  "ok": true
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/portal/logout" \
  -H "Accept: application/json"
GET/customer_accounts/portal/nav

Portal sidebar navigation

Returns the portal sidebar for the authenticated customer. Items are derived from each portal page's `nav` metadata and filtered by `requireCustomerFeatures` against the customer's grants (wildcards honored).

Responses

200Portal sidebar groups
Content-Type: application/json
{
  "ok": true,
  "orgSlug": "string",
  "groups": [
    {
      "id": "main",
      "items": [
        {
          "id": "string",
          "label": "string",
          "href": "string",
          "order": 1
        }
      ]
    }
  ],
  "grantedFeatures": [
    "string"
  ],
  "isPortalAdmin": true
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404Organization not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/portal/nav" \
  -H "Accept: application/json"
GET/customer_accounts/portal/notifications

List customer notifications

Returns paginated notifications for the authenticated customer user. Dismissed notifications are excluded by default unless ?status=dismissed is specified.

Responses

200Notification list
Content-Type: application/json
{
  "ok": true,
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "type": "string",
      "title": "string",
      "body": null,
      "titleKey": null,
      "bodyKey": null,
      "titleVariables": null,
      "bodyVariables": null,
      "icon": null,
      "severity": "info",
      "status": "unread",
      "actions": [
        {
          "id": "string",
          "label": "string"
        }
      ],
      "sourceModule": null,
      "sourceEntityType": null,
      "sourceEntityId": null,
      "linkHref": null,
      "createdAt": "string",
      "readAt": null,
      "actionTaken": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/portal/notifications" \
  -H "Accept: application/json"
PUT/customer_accounts/portal/notifications/{id}/dismiss

Dismiss notification

Dismisses a single notification for the authenticated customer user.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Notification dismissed
Content-Type: application/json
{
  "ok": true
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404Notification not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/customer_accounts/portal/notifications/00000000-0000-4000-8000-000000000000/dismiss" \
  -H "Accept: application/json"
PUT/customer_accounts/portal/notifications/{id}/read

Mark notification as read

Marks a single notification as read for the authenticated customer user.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Notification marked as read
Content-Type: application/json
{
  "ok": true
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404Notification not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/customer_accounts/portal/notifications/00000000-0000-4000-8000-000000000000/read" \
  -H "Accept: application/json"
PUT/customer_accounts/portal/notifications/mark-all-read

Mark all notifications as read

Marks all unread notifications as read for the authenticated customer user.

Responses

200All notifications marked as read
Content-Type: application/json
{
  "ok": true,
  "count": 1
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/customer_accounts/portal/notifications/mark-all-read" \
  -H "Accept: application/json"
GET/customer_accounts/portal/notifications/unread-count

Get unread notification count

Returns the number of unread notifications for the authenticated customer user.

Responses

200Unread count
Content-Type: application/json
{
  "ok": true,
  "unreadCount": 1
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/portal/notifications/unread-count" \
  -H "Accept: application/json"
POST/customer_accounts/portal/password-change

Change customer password

Changes the authenticated customer user password after verifying the current password. Revokes all existing sessions.

Request body (application/json)

{
  "currentPassword": "string",
  "newPassword": "string"
}

Responses

200Password changed
Content-Type: application/json
{
  "ok": true
}
400Current password incorrect or validation failed
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/portal/password-change" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"currentPassword\": \"string\",
  \"newPassword\": \"string\"
}"
GET/customer_accounts/portal/profile

Get customer profile

Returns the authenticated customer user profile with roles and permissions.

Responses

200Profile data
Content-Type: application/json
{
  "ok": true,
  "user": {
    "id": "00000000-0000-4000-8000-000000000000",
    "email": "string",
    "displayName": "string",
    "emailVerified": true,
    "customerEntityId": null,
    "personEntityId": null,
    "isActive": true,
    "lastLoginAt": null,
    "createdAt": "string"
  },
  "roles": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": "string",
      "slug": "string"
    }
  ],
  "resolvedFeatures": [
    "string"
  ],
  "isPortalAdmin": true
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/portal/profile" \
  -H "Accept: application/json"
PUT/customer_accounts/portal/profile

Update customer profile

Updates the authenticated customer user profile.

Request body (application/json)

{}

Responses

200Profile updated
Content-Type: application/json
{
  "ok": true,
  "user": {
    "id": "00000000-0000-4000-8000-000000000000",
    "email": "string",
    "displayName": "string"
  }
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/customer_accounts/portal/profile" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{}"
GET/customer_accounts/portal/sessions

List customer sessions

Returns active sessions for the authenticated customer user.

Responses

200Session list
Content-Type: application/json
{
  "ok": true,
  "sessions": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "ipAddress": null,
      "userAgent": null,
      "lastUsedAt": null,
      "createdAt": "string",
      "expiresAt": "string",
      "isCurrent": true
    }
  ]
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/portal/sessions" \
  -H "Accept: application/json"
POST/customer_accounts/portal/sessions-refresh

Refresh customer JWT from session token

Uses the session cookie to issue a fresh JWT access token.

Responses

200Token refreshed
Content-Type: application/json
{
  "ok": true,
  "resolvedFeatures": [
    "string"
  ]
}
401Invalid session
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/portal/sessions-refresh" \
  -H "Accept: application/json"
DELETE/customer_accounts/portal/sessions/{id}

Revoke a customer session

Revokes a specific session (not the current one).

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Session revoked
Content-Type: application/json
{
  "ok": true
}
400Cannot revoke current session
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404Session not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/customer_accounts/portal/sessions/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json"
GET/customer_accounts/portal/users

List company portal users

Lists portal users associated with the same company. Paginated (default pageSize 25, max 100).

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany

Responses

200Paginated user list
Content-Type: application/json
{
  "ok": true,
  "users": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "email": "string",
      "displayName": "string",
      "emailVerified": true,
      "isActive": true,
      "lastLoginAt": null,
      "createdAt": "string",
      "roles": [
        {
          "id": "00000000-0000-4000-8000-000000000000",
          "name": "string",
          "slug": "string"
        }
      ]
    }
  ],
  "total": 1,
  "totalPages": 1,
  "page": 1,
  "pageSize": 1
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/portal/users" \
  -H "Accept: application/json"
POST/customer_accounts/portal/users-invite

Invite a user to the company portal

Creates an invitation for a new user to join the company portal.

Request body (application/json)

{
  "email": "user@example.com",
  "roleIds": [
    "00000000-0000-4000-8000-000000000000"
  ]
}

Responses

201Invitation created
Content-Type: application/json
{
  "ok": true,
  "invitation": {
    "id": "00000000-0000-4000-8000-000000000000",
    "email": "string",
    "expiresAt": "string"
  }
}
400Validation failed
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions or non-assignable role
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
429Too many invitation requests
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/portal/users-invite" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"email\": \"user@example.com\",
  \"roleIds\": [
    \"00000000-0000-4000-8000-000000000000\"
  ]
}"
DELETE/customer_accounts/portal/users/{id}

Delete a company portal user

Soft deletes a portal user and revokes all their sessions.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200User deleted
Content-Type: application/json
{
  "ok": true
}
400Cannot delete self
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404User not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/customer_accounts/portal/users/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json"
PUT/customer_accounts/portal/users/{id}/roles

Update portal user roles

Assigns new roles to a company portal user.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Request body (application/json)

{
  "roleIds": [
    "00000000-0000-4000-8000-000000000000"
  ]
}

Responses

200Roles updated
Content-Type: application/json
{
  "ok": true
}
400Validation failed
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404User not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/customer_accounts/portal/users/00000000-0000-4000-8000-000000000000/roles" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"roleIds\": [
    \"00000000-0000-4000-8000-000000000000\"
  ]
}"

Business Rules

Showing 17 of 17 endpoints
POST/business_rules/execute
Auth requiredbusiness_rules.execute

Execute rules for given context

Manually executes applicable business rules for the specified entity type, event, and data. Supports dry-run mode to test rules without executing actions. Requires features: business_rules.execute

Request body (application/json)

{
  "entityType": "string",
  "dryRun": false
}

Responses

200Rules executed successfully
Content-Type: application/json
{
  "allowed": true,
  "executedRules": [
    {
      "ruleId": "string",
      "ruleName": "string",
      "conditionResult": true,
      "executionTime": 1
    }
  ],
  "totalExecutionTime": 1
}
400Invalid request payload
Content-Type: application/json
{
  "error": "string"
}
500Execution error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/business_rules/execute" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityType\": \"string\",
  \"dryRun\": false
}"
POST/business_rules/execute/{ruleId}
Auth requiredbusiness_rules.execute

Execute a specific rule by its database UUID

Directly executes a specific business rule identified by its UUID, bypassing the normal entityType/eventType discovery mechanism. Useful for workflows and targeted rule execution. Requires features: business_rules.execute

Parameters

NameInRequiredSchemaDescription
ruleIdpathYesanyThe database UUID of the business rule to execute

Request body (application/json)

{
  "dryRun": false
}

Responses

200Rule executed successfully
Content-Type: application/json
{
  "success": true,
  "ruleId": "string",
  "ruleName": "string",
  "conditionResult": true,
  "actionsExecuted": null,
  "executionTime": 1
}
400Invalid request payload or rule ID
Content-Type: application/json
{
  "error": "string"
}
404Rule not found
Content-Type: application/json
{
  "error": "string"
}
500Execution error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/business_rules/execute/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"dryRun\": false
}"
GET/business_rules/logs
Auth requiredbusiness_rules.view_logs

List rule execution logs

Returns rule execution history for the current tenant and organization with filtering and pagination. Useful for audit trails and debugging. Requires features: business_rules.view_logs

Parameters

NameInRequiredSchemaDescription
idqueryNoany
pagequeryNoany
pageSizequeryNoany
ruleIdqueryNoany
entityIdqueryNoany
entityTypequeryNoany
executionResultqueryNoany
executedByqueryNoany
executedAtFromqueryNoany
executedAtToqueryNoany
sortFieldqueryNoany
sortDirqueryNoany

Responses

200Rule execution logs collection
Content-Type: application/json
{
  "items": [
    {
      "id": "string",
      "ruleId": "string",
      "ruleName": "string",
      "ruleType": "string",
      "entityId": "00000000-0000-4000-8000-000000000000",
      "entityType": "string",
      "executionResult": "SUCCESS",
      "inputContext": null,
      "outputContext": null,
      "errorMessage": null,
      "executionTimeMs": 1,
      "executedAt": "string",
      "tenantId": "00000000-0000-4000-8000-000000000000",
      "organizationId": null,
      "executedBy": null
    }
  ],
  "total": 1,
  "totalPages": 1
}
400Invalid query parameters
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/business_rules/logs?page=1&pageSize=50&sortDir=desc" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/business_rules/logs/{id}
Auth requiredbusiness_rules.view_logs

Get execution log detail

Returns detailed information about a specific rule execution, including full context and results. Requires features: business_rules.view_logs

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Log entry details
Content-Type: application/json
{
  "id": "string",
  "rule": {
    "id": "00000000-0000-4000-8000-000000000000",
    "ruleId": "string",
    "ruleName": "string",
    "ruleType": "string",
    "entityType": "string"
  },
  "entityId": "00000000-0000-4000-8000-000000000000",
  "entityType": "string",
  "executionResult": "SUCCESS",
  "inputContext": null,
  "outputContext": null,
  "errorMessage": null,
  "executionTimeMs": 1,
  "executedAt": "string",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "organizationId": null,
  "executedBy": null
}
400Invalid log id
Content-Type: application/json
{
  "error": "string"
}
404Log entry not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/business_rules/logs/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/business_rules/rules
Auth requiredbusiness_rules.view

List business rules

Returns business rules for the current tenant and organization with filtering and pagination. Requires features: business_rules.view

Parameters

NameInRequiredSchemaDescription
idqueryNoany
pagequeryNoany
pageSizequeryNoany
searchqueryNoany
ruleIdqueryNoany
ruleTypequeryNoany
entityTypequeryNoany
eventTypequeryNoany
enabledqueryNoany
ruleCategoryqueryNoany
sortFieldqueryNoany
sortDirqueryNoany

Responses

200Business rules collection
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "ruleId": "string",
      "ruleName": "string",
      "description": null,
      "ruleType": "GUARD",
      "ruleCategory": null,
      "entityType": "string",
      "eventType": null,
      "enabled": true,
      "priority": 1,
      "version": 1,
      "effectiveFrom": null,
      "effectiveTo": null,
      "tenantId": "00000000-0000-4000-8000-000000000000",
      "organizationId": "00000000-0000-4000-8000-000000000000",
      "createdAt": "string",
      "updatedAt": "string"
    }
  ],
  "total": 1,
  "totalPages": 1
}
400Invalid query parameters
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/business_rules/rules?page=1&pageSize=50&sortDir=desc" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/business_rules/rules
Auth requiredbusiness_rules.manage

Create business rule

Creates a new business rule for the current tenant and organization. Requires features: business_rules.manage

Request body (application/json)

{
  "ruleId": "string",
  "ruleName": "string",
  "description": null,
  "ruleType": "GUARD",
  "ruleCategory": null,
  "entityType": "string",
  "eventType": null,
  "enabled": true,
  "priority": 100,
  "version": 1,
  "effectiveFrom": null,
  "effectiveTo": null,
  "tenantId": "string",
  "organizationId": "string",
  "createdBy": null,
  "conditionExpression": null,
  "successActions": null,
  "failureActions": null
}

Responses

201Business rule created
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000"
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/business_rules/rules" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"ruleId\": \"string\",
  \"ruleName\": \"string\",
  \"description\": null,
  \"ruleType\": \"GUARD\",
  \"ruleCategory\": null,
  \"entityType\": \"string\",
  \"eventType\": null,
  \"enabled\": true,
  \"priority\": 100,
  \"version\": 1,
  \"effectiveFrom\": null,
  \"effectiveTo\": null,
  \"tenantId\": \"string\",
  \"organizationId\": \"string\",
  \"createdBy\": null,
  \"conditionExpression\": null,
  \"successActions\": null,
  \"failureActions\": null
}"
PUT/business_rules/rules
Auth requiredbusiness_rules.manage

Update business rule

Updates an existing business rule. Requires features: business_rules.manage

Request body (application/json)

{
  "description": null,
  "ruleCategory": null,
  "eventType": null,
  "enabled": true,
  "priority": 100,
  "version": 1,
  "effectiveFrom": null,
  "effectiveTo": null,
  "conditionExpression": null,
  "successActions": null,
  "failureActions": null,
  "id": "string"
}

Responses

200Business rule updated
Content-Type: application/json
{
  "ok": true
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}
404Business rule not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/business_rules/rules" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"description\": null,
  \"ruleCategory\": null,
  \"eventType\": null,
  \"enabled\": true,
  \"priority\": 100,
  \"version\": 1,
  \"effectiveFrom\": null,
  \"effectiveTo\": null,
  \"conditionExpression\": null,
  \"successActions\": null,
  \"failureActions\": null,
  \"id\": \"string\"
}"
DELETE/business_rules/rules
Auth requiredbusiness_rules.manage

Delete business rule

Soft deletes a business rule by identifier. Requires features: business_rules.manage

Parameters

NameInRequiredSchemaDescription
idqueryYesanyBusiness rule identifier

Responses

200Business rule deleted
Content-Type: application/json
{
  "ok": true
}
400Invalid identifier
Content-Type: application/json
{
  "error": "string"
}
404Business rule not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/business_rules/rules?id=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/business_rules/rules/{id}
Auth requiredbusiness_rules.view

Fetch business rule by ID

Returns complete details of a business rule including conditions and actions. Requires features: business_rules.view

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Business rule detail
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000",
  "ruleId": "string",
  "ruleName": "string",
  "description": null,
  "ruleType": "GUARD",
  "ruleCategory": null,
  "entityType": "string",
  "eventType": null,
  "successActions": null,
  "failureActions": null,
  "enabled": true,
  "priority": 1,
  "version": 1,
  "effectiveFrom": null,
  "effectiveTo": null,
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "createdBy": null,
  "updatedBy": null,
  "createdAt": "string",
  "updatedAt": "string"
}
400Invalid identifier
Content-Type: application/json
{
  "error": "string"
}
404Business rule not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/business_rules/rules/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/business_rules/sets
Auth requiredbusiness_rules.view

List rule sets

Returns rule sets for the current tenant and organization with filtering and pagination. Requires features: business_rules.view

Parameters

NameInRequiredSchemaDescription
idqueryNoany
pagequeryNoany
pageSizequeryNoany
searchqueryNoany
setIdqueryNoany
enabledqueryNoany
sortFieldqueryNoany
sortDirqueryNoany

Responses

200Rule sets collection
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "setId": "string",
      "setName": "string",
      "description": null,
      "enabled": true,
      "tenantId": "00000000-0000-4000-8000-000000000000",
      "organizationId": "00000000-0000-4000-8000-000000000000",
      "createdBy": null,
      "updatedBy": null,
      "createdAt": "string",
      "updatedAt": "string"
    }
  ],
  "total": 1,
  "totalPages": 1
}
400Invalid query parameters
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/business_rules/sets?page=1&pageSize=50&sortDir=asc" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/business_rules/sets
Auth requiredbusiness_rules.manage_sets

Create rule set

Creates a new rule set for organizing business rules. Requires features: business_rules.manage_sets

Request body (application/json)

{
  "setId": "string",
  "setName": "string",
  "description": null,
  "enabled": true,
  "tenantId": "string",
  "organizationId": "string",
  "createdBy": null
}

Responses

201Rule set created
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000"
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/business_rules/sets" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"setId\": \"string\",
  \"setName\": \"string\",
  \"description\": null,
  \"enabled\": true,
  \"tenantId\": \"string\",
  \"organizationId\": \"string\",
  \"createdBy\": null
}"
PUT/business_rules/sets
Auth requiredbusiness_rules.manage_sets

Update rule set

Updates an existing rule set. Requires features: business_rules.manage_sets

Request body (application/json)

{
  "description": null,
  "enabled": true,
  "id": "string"
}

Responses

200Rule set updated
Content-Type: application/json
{
  "ok": true
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}
404Rule set not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/business_rules/sets" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"description\": null,
  \"enabled\": true,
  \"id\": \"string\"
}"
DELETE/business_rules/sets
Auth requiredbusiness_rules.manage_sets

Delete rule set

Soft deletes a rule set by identifier. Requires features: business_rules.manage_sets

Parameters

NameInRequiredSchemaDescription
idqueryYesanyRule set identifier

Responses

200Rule set deleted
Content-Type: application/json
{
  "ok": true
}
400Invalid identifier
Content-Type: application/json
{
  "error": "string"
}
404Rule set not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/business_rules/sets?id=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/business_rules/sets/{id}
Auth requiredbusiness_rules.view

Get rule set detail

Returns detailed information about a specific rule set, including all member rules. Requires features: business_rules.view

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Rule set details
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000",
  "setId": "string",
  "setName": "string",
  "description": null,
  "enabled": true,
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "createdBy": null,
  "updatedBy": null,
  "createdAt": "string",
  "updatedAt": "string",
  "members": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "ruleId": "00000000-0000-4000-8000-000000000000",
      "ruleName": "string",
      "ruleType": "string",
      "sequence": 1,
      "enabled": true
    }
  ]
}
400Invalid rule set id
Content-Type: application/json
{
  "error": "string"
}
404Rule set not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/business_rules/sets/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/business_rules/sets/{id}/members
Auth requiredbusiness_rules.manage_sets

Add rule to set

Adds a business rule to a rule set with specified sequence and enabled state. Requires features: business_rules.manage_sets

Parameters

NameInRequiredSchemaDescription
idpathYesany

Request body (application/json)

{
  "ruleId": "00000000-0000-4000-8000-000000000000",
  "sequence": 0,
  "enabled": true
}

Responses

201Member added
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000"
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}
404Rule set or rule not found
Content-Type: application/json
{
  "error": "string"
}
409Rule already in set
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/business_rules/sets/:id/members" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"ruleId\": \"00000000-0000-4000-8000-000000000000\",
  \"sequence\": 0,
  \"enabled\": true
}"
PUT/business_rules/sets/{id}/members
Auth requiredbusiness_rules.manage_sets

Update set member

Updates sequence or enabled state of a rule set member. Requires features: business_rules.manage_sets

Parameters

NameInRequiredSchemaDescription
idpathYesany

Request body (application/json)

{
  "memberId": "00000000-0000-4000-8000-000000000000"
}

Responses

200Member updated
Content-Type: application/json
{
  "ok": true
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}
404Member not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/business_rules/sets/:id/members" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"memberId\": \"00000000-0000-4000-8000-000000000000\"
}"
DELETE/business_rules/sets/{id}/members
Auth requiredbusiness_rules.manage_sets

Remove rule from set

Removes a business rule from a rule set (hard delete). Requires features: business_rules.manage_sets

Parameters

NameInRequiredSchemaDescription
idpathYesany
memberIdqueryYesanyMember identifier

Responses

200Member removed
Content-Type: application/json
{
  "ok": true
}
400Invalid identifier
Content-Type: application/json
{
  "error": "string"
}
404Member not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/business_rules/sets/:id/members?memberId=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Scheduler

Showing 8 of 8 endpoints
GET/scheduler/jobs
Auth requiredscheduler.jobs.view

List scheduledjobs

Returns a paginated collection of scheduledjobs scoped to the authenticated organization. Requires features: scheduler.jobs.view

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany
idqueryNoany
searchqueryNoany
scopeTypequeryNoany
isEnabledqueryYesany
sourceTypequeryNoany
sourceModulequeryNoany
sortqueryNoany
orderqueryNoany
idsqueryNoanyComma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated scheduledjobs
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": "string",
      "description": null,
      "scopeType": "system",
      "organizationId": null,
      "tenantId": null,
      "scheduleType": "cron",
      "scheduleValue": "string",
      "timezone": "string",
      "targetType": "queue",
      "targetQueue": null,
      "targetCommand": null,
      "targetPayload": null,
      "requireFeature": null,
      "isEnabled": true,
      "lastRunAt": null,
      "nextRunAt": null,
      "sourceType": "user",
      "sourceModule": null,
      "createdAt": "string",
      "updatedAt": "string"
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://app.nwf24.pl/api/scheduler/jobs?page=1&pageSize=20" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/scheduler/jobs
Auth requiredscheduler.jobs.manage

Create scheduledjob

Creates a new scheduled job with cron or interval-based scheduling. Requires features: scheduler.jobs.manage

Request body (application/json)

{
  "name": "string",
  "description": null,
  "scopeType": "system",
  "organizationId": null,
  "tenantId": null,
  "scheduleType": "cron",
  "scheduleValue": "string",
  "timezone": "UTC",
  "targetType": "queue",
  "targetQueue": null,
  "targetCommand": null,
  "targetPayload": null,
  "requireFeature": null,
  "isEnabled": true,
  "sourceType": "user",
  "sourceModule": null
}

Responses

201ScheduledJob created
Content-Type: application/json
{
  "id": null
}

Example

curl -X POST "https://app.nwf24.pl/api/scheduler/jobs" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"name\": \"string\",
  \"description\": null,
  \"scopeType\": \"system\",
  \"organizationId\": null,
  \"tenantId\": null,
  \"scheduleType\": \"cron\",
  \"scheduleValue\": \"string\",
  \"timezone\": \"UTC\",
  \"targetType\": \"queue\",
  \"targetQueue\": null,
  \"targetCommand\": null,
  \"targetPayload\": null,
  \"requireFeature\": null,
  \"isEnabled\": true,
  \"sourceType\": \"user\",
  \"sourceModule\": null
}"
PUT/scheduler/jobs
Auth requiredscheduler.jobs.manage

Update scheduledjob

Updates an existing scheduled job by ID. Requires features: scheduler.jobs.manage

Request body (application/json)

{
  "id": "string",
  "description": null,
  "targetQueue": null,
  "targetCommand": null,
  "targetPayload": null,
  "requireFeature": null
}

Responses

200ScheduledJob updated
Content-Type: application/json
{
  "ok": true
}

Example

curl -X PUT "https://app.nwf24.pl/api/scheduler/jobs" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"string\",
  \"description\": null,
  \"targetQueue\": null,
  \"targetCommand\": null,
  \"targetPayload\": null,
  \"requireFeature\": null
}"
DELETE/scheduler/jobs
Auth requiredscheduler.jobs.manage

Delete scheduledjob

Deletes a scheduled job by ID. Requires features: scheduler.jobs.manage

Request body (application/json)

{
  "id": "string"
}

Responses

200ScheduledJob deleted
Content-Type: application/json
{
  "ok": true
}

Example

curl -X DELETE "https://app.nwf24.pl/api/scheduler/jobs" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"string\"
}"
GET/scheduler/jobs/{id}/executions

Get execution history for a schedule

Fetch recent executions from BullMQ for a scheduled job. Requires QUEUE_STRATEGY=async.

Parameters

NameInRequiredSchemaDescription
idpathYesany
pageSizequeryNoany

Responses

200Execution history
Content-Type: application/json
{
  "items": [
    {
      "id": "string",
      "scheduleId": "00000000-0000-4000-8000-000000000000",
      "startedAt": "string",
      "finishedAt": null,
      "status": "running",
      "triggerType": "scheduled",
      "triggeredByUserId": null,
      "errorMessage": null,
      "errorStack": null,
      "durationMs": null,
      "queueJobId": "string",
      "queueName": "string",
      "attemptsMade": 1,
      "result": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1
}
400Local strategy not supported
Content-Type: application/json
{
  "error": "string"
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
403Access denied
Content-Type: application/json
{
  "error": "string"
}
404Schedule not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/scheduler/jobs/:id/executions?pageSize=20" \
  -H "Accept: application/json"
GET/scheduler/queue-jobs/{jobId}

Get BullMQ job details and logs

Fetch detailed information and logs for a queue job. Requires QUEUE_STRATEGY=async.

Parameters

NameInRequiredSchemaDescription
jobIdpathYesany
queuequeryYesany

Responses

200Job details and logs
Content-Type: application/json
{
  "id": "string",
  "name": "string",
  "state": "waiting",
  "progress": null,
  "returnvalue": null,
  "failedReason": null,
  "stacktrace": null,
  "attemptsMade": 1,
  "processedOn": null,
  "finishedOn": null,
  "logs": [
    "string"
  ]
}
400Invalid request or local strategy not supported
Content-Type: application/json
{
  "error": "string"
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
403Access denied
Content-Type: application/json
{
  "error": "string"
}
404Job not found
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/scheduler/queue-jobs/:jobId?queue=string" \
  -H "Accept: application/json"
GET/scheduler/targets

List available queues and commands

Returns all registered queue names (from module workers) and command IDs (from the command registry) that can be used as schedule targets.

Responses

200Available targets
Content-Type: application/json
{
  "queues": [
    {
      "value": "string",
      "label": "string"
    }
  ],
  "commands": [
    {
      "value": "string",
      "label": "string"
    }
  ]
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/scheduler/targets" \
  -H "Accept: application/json"
POST/scheduler/trigger

Manually trigger a schedule

Executes a scheduled job immediately, bypassing the scheduled time. Only works with async queue strategy.

Request body (application/json)

{
  "id": "string"
}

Responses

200Schedule triggered successfully
Content-Type: application/json
{
  "ok": true,
  "jobId": "string",
  "message": "string"
}
400Invalid request or local strategy not supported
Content-Type: application/json
{
  "error": "string"
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
403Access denied
Content-Type: application/json
{
  "error": "string"
}
404Schedule not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/scheduler/trigger" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"string\"
}"

Webhooks

Showing 20 of 24 endpoints
GET/webhooks
Auth requiredwebhooks.view

List webhooks

Returns paginated webhooks for the current tenant and organization. Requires features: webhooks.view

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany
searchqueryNoany
isActivequeryNoany

Responses

200Webhook collection
Content-Type: application/json
{
  "items": [
    {
      "id": "string",
      "name": "string",
      "description": null,
      "url": "string",
      "subscribedEvents": [
        "string"
      ],
      "httpMethod": "string",
      "isActive": true,
      "deliveryStrategy": "string",
      "maxRetries": 1,
      "consecutiveFailures": 1,
      "lastSuccessAt": null,
      "lastFailureAt": null,
      "createdAt": "string",
      "updatedAt": "string"
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}
400Tenant context missing
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/webhooks" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/webhooks
Auth requiredwebhooks.manage

Create webhook

Creates a new webhook endpoint. A signing secret (whsec_ prefixed) is auto-generated and returned once. Requires features: webhooks.manage

Request body (application/json)

{
  "name": "string",
  "description": null,
  "url": "https://example.com/resource",
  "subscribedEvents": [
    "string"
  ],
  "httpMethod": "POST",
  "customHeaders": null,
  "deliveryStrategy": "http",
  "strategyConfig": null,
  "maxRetries": 10,
  "timeoutMs": 15000,
  "rateLimitPerMinute": 0,
  "autoDisableThreshold": 100,
  "integrationId": null
}

Responses

201Webhook created
Content-Type: application/json
{
  "id": "string",
  "name": "string",
  "url": "string",
  "secret": "string",
  "subscribedEvents": [
    "string"
  ],
  "isActive": true
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/webhooks" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"name\": \"string\",
  \"description\": null,
  \"url\": \"https://example.com/resource\",
  \"subscribedEvents\": [
    \"string\"
  ],
  \"httpMethod\": \"POST\",
  \"customHeaders\": null,
  \"deliveryStrategy\": \"http\",
  \"strategyConfig\": null,
  \"maxRetries\": 10,
  \"timeoutMs\": 15000,
  \"rateLimitPerMinute\": 0,
  \"autoDisableThreshold\": 100,
  \"integrationId\": null
}"
GET/webhooks/{id}
Auth requiredwebhooks.view

Get webhook

Returns webhook configuration, masked secret metadata, and delivery settings. Requires features: webhooks.view

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Webhook detail
Content-Type: application/json
{
  "id": "string",
  "name": "string",
  "description": null,
  "url": "string",
  "subscribedEvents": [
    "string"
  ],
  "httpMethod": "string",
  "isActive": true,
  "deliveryStrategy": "string",
  "maxRetries": 1,
  "consecutiveFailures": 1,
  "lastSuccessAt": null,
  "lastFailureAt": null,
  "createdAt": "string",
  "updatedAt": "string",
  "customHeaders": null,
  "strategyConfig": null,
  "timeoutMs": 1,
  "rateLimitPerMinute": 1,
  "autoDisableThreshold": 1,
  "integrationId": null,
  "maskedSecret": "string",
  "previousSecretSetAt": null
}
404Webhook not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/webhooks/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PUT/webhooks/{id}
Auth requiredwebhooks.manage

Update webhook

Updates a single webhook configuration. Requires features: webhooks.manage

Parameters

NameInRequiredSchemaDescription
idpathYesany

Request body (application/json)

{
  "description": null,
  "httpMethod": "POST",
  "customHeaders": null,
  "deliveryStrategy": "http",
  "strategyConfig": null,
  "maxRetries": 10,
  "timeoutMs": 15000,
  "rateLimitPerMinute": 0,
  "autoDisableThreshold": 100,
  "integrationId": null
}

Responses

200Webhook updated
Content-Type: application/json
{
  "id": "string",
  "name": "string",
  "description": null,
  "url": "string",
  "subscribedEvents": [
    "string"
  ],
  "httpMethod": "string",
  "isActive": true,
  "deliveryStrategy": "string",
  "maxRetries": 1,
  "consecutiveFailures": 1,
  "lastSuccessAt": null,
  "lastFailureAt": null,
  "createdAt": "string",
  "updatedAt": "string",
  "customHeaders": null,
  "strategyConfig": null,
  "timeoutMs": 1,
  "rateLimitPerMinute": 1,
  "autoDisableThreshold": 1,
  "integrationId": null,
  "maskedSecret": "string",
  "previousSecretSetAt": null
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}
404Webhook not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/webhooks/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"description\": null,
  \"httpMethod\": \"POST\",
  \"customHeaders\": null,
  \"deliveryStrategy\": \"http\",
  \"strategyConfig\": null,
  \"maxRetries\": 10,
  \"timeoutMs\": 15000,
  \"rateLimitPerMinute\": 0,
  \"autoDisableThreshold\": 100,
  \"integrationId\": null
}"
DELETE/webhooks/{id}
Auth requiredwebhooks.manage

Delete webhook

Soft-deletes a webhook endpoint. Requires features: webhooks.manage

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Webhook deleted
Content-Type: application/json
{
  "success": true
}
404Webhook not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/webhooks/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/webhooks/{id}/rotate-secret
Auth requiredwebhooks.secrets

Rotate secret

Returns the new secret once. Store it immediately; future reads only expose a masked value. Requires features: webhooks.secrets

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Secret rotated
Content-Type: application/json
{
  "success": true,
  "secret": "string",
  "previousSecretSetAt": null
}
404Webhook not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/webhooks/00000000-0000-4000-8000-000000000000/rotate-secret" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/webhooks/{id}/test
Auth requiredwebhooks.test

Test webhook

Creates a synthetic event payload and delivers it immediately without using the queue. Requires features: webhooks.test

Parameters

NameInRequiredSchemaDescription
idpathYesany

Request body (application/json)

{}

Responses

200Test delivery result
Content-Type: application/json
{
  "success": true,
  "delivery": {
    "id": "string",
    "webhookId": "string",
    "eventType": "string",
    "messageId": "string",
    "status": "string",
    "responseStatus": null,
    "errorMessage": null,
    "attemptNumber": 1,
    "maxAttempts": 1,
    "targetUrl": "string",
    "durationMs": null,
    "enqueuedAt": "string",
    "lastAttemptAt": null,
    "deliveredAt": null,
    "createdAt": "string",
    "payload": {},
    "responseBody": null,
    "responseHeaders": null,
    "nextRetryAt": null,
    "updatedAt": "string"
  }
}
400Invalid request payload
Content-Type: application/json
{
  "error": "string"
}
404Webhook not found
Content-Type: application/json
{
  "error": "string"
}
409Webhook integration disabled
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/webhooks/00000000-0000-4000-8000-000000000000/test" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{}"
GET/webhooks/deliveries
Auth requiredwebhooks.view

List delivery logs

Returns paginated webhook delivery attempts with filtering by webhook, event type, and status. Requires features: webhooks.view

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany
webhookIdqueryNoany
eventTypequeryNoany
statusqueryNoany

Responses

200Delivery log collection
Content-Type: application/json
{
  "items": [
    {
      "id": "string",
      "webhookId": "string",
      "webhookName": null,
      "eventType": "string",
      "messageId": "string",
      "status": "string",
      "responseStatus": null,
      "errorMessage": null,
      "attemptNumber": 1,
      "maxAttempts": 1,
      "targetUrl": "string",
      "durationMs": null,
      "enqueuedAt": "string",
      "lastAttemptAt": null,
      "deliveredAt": null,
      "createdAt": "string"
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}
400Tenant context missing
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/webhooks/deliveries?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/webhooks/deliveries/{id}
Auth requiredwebhooks.view

Get delivery

Returns a single delivery attempt by ID. Requires features: webhooks.view

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Delivery detail
Content-Type: application/json
{
  "id": "string",
  "webhookId": "string",
  "eventType": "string",
  "messageId": "string",
  "status": "string",
  "responseStatus": null,
  "errorMessage": null,
  "attemptNumber": 1,
  "maxAttempts": 1,
  "targetUrl": "string",
  "durationMs": null,
  "enqueuedAt": "string",
  "lastAttemptAt": null,
  "deliveredAt": null,
  "createdAt": "string",
  "payload": {},
  "responseBody": null,
  "responseHeaders": null,
  "nextRetryAt": null,
  "updatedAt": "string"
}
404Delivery not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/webhooks/deliveries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/webhooks/deliveries/{id}/retry
Auth requiredwebhooks.manage

Retry delivery

Resets retry scheduling fields and enqueues the delivery again. Requires features: webhooks.manage

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Delivery re-enqueued
Content-Type: application/json
{
  "success": true,
  "delivery": {
    "id": "string",
    "webhookId": "string",
    "eventType": "string",
    "messageId": "string",
    "status": "string",
    "responseStatus": null,
    "errorMessage": null,
    "attemptNumber": 1,
    "maxAttempts": 1,
    "targetUrl": "string",
    "durationMs": null,
    "enqueuedAt": "string",
    "lastAttemptAt": null,
    "deliveredAt": null,
    "createdAt": "string",
    "payload": {},
    "responseBody": null,
    "responseHeaders": null,
    "nextRetryAt": null,
    "updatedAt": "string"
  }
}
404Delivery not found
Content-Type: application/json
{
  "error": "string"
}
409Webhook integration disabled
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/webhooks/deliveries/00000000-0000-4000-8000-000000000000/retry" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/webhooks/events
Auth requiredwebhooks.view

List webhook events

Returns all declared non-webhook events, sorted by event id. Requires features: webhooks.view

Responses

200Available events
Content-Type: application/json
{
  "data": [
    {
      "id": "string",
      "label": "string"
    }
  ],
  "total": 1
}

Example

curl -X GET "https://app.nwf24.pl/api/webhooks/events" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/webhooks/inbound/{endpointId}

Receive inbound webhook

Endpoint ids currently resolve to registered adapter provider keys.

Parameters

NameInRequiredSchemaDescription
endpointIdpathYesany

Responses

200Inbound webhook accepted
Content-Type: application/json
{
  "ok": true
}
400Verification failed
Content-Type: application/json
{
  "error": "string"
}
404Endpoint not found
Content-Type: application/json
{
  "error": "string"
}
429Rate limit exceeded
Content-Type: application/json
{
  "error": "string"
}
503Webhook integration disabled
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/webhooks/inbound/string" \
  -H "Accept: application/json"
GET/webhooks/webhook-deliveries
Auth requiredwebhooks.view

List delivery logs

Returns paginated webhook delivery attempts with filtering by webhook, event type, and status. Requires features: webhooks.view

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany
webhookIdqueryNoany
eventTypequeryNoany
statusqueryNoany

Responses

200Delivery log collection
Content-Type: application/json
{
  "items": [
    {
      "id": "string",
      "webhookId": "string",
      "webhookName": null,
      "eventType": "string",
      "messageId": "string",
      "status": "string",
      "responseStatus": null,
      "errorMessage": null,
      "attemptNumber": 1,
      "maxAttempts": 1,
      "targetUrl": "string",
      "durationMs": null,
      "enqueuedAt": "string",
      "lastAttemptAt": null,
      "deliveredAt": null,
      "createdAt": "string"
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}
400Tenant context missing
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/webhooks/webhook-deliveries?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/webhooks/webhook-deliveries/{id}
Auth requiredwebhooks.view

Get delivery

Returns a single delivery attempt by ID. Requires features: webhooks.view

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Delivery detail
Content-Type: application/json
{
  "id": "string",
  "webhookId": "string",
  "eventType": "string",
  "messageId": "string",
  "status": "string",
  "responseStatus": null,
  "errorMessage": null,
  "attemptNumber": 1,
  "maxAttempts": 1,
  "targetUrl": "string",
  "durationMs": null,
  "enqueuedAt": "string",
  "lastAttemptAt": null,
  "deliveredAt": null,
  "createdAt": "string",
  "payload": {},
  "responseBody": null,
  "responseHeaders": null,
  "nextRetryAt": null,
  "updatedAt": "string"
}
404Delivery not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/webhooks/webhook-deliveries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/webhooks/webhook-deliveries/{id}/retry
Auth requiredwebhooks.manage

Retry delivery

Resets retry scheduling fields and enqueues the delivery again. Requires features: webhooks.manage

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Delivery re-enqueued
Content-Type: application/json
{
  "success": true,
  "delivery": {
    "id": "string",
    "webhookId": "string",
    "eventType": "string",
    "messageId": "string",
    "status": "string",
    "responseStatus": null,
    "errorMessage": null,
    "attemptNumber": 1,
    "maxAttempts": 1,
    "targetUrl": "string",
    "durationMs": null,
    "enqueuedAt": "string",
    "lastAttemptAt": null,
    "deliveredAt": null,
    "createdAt": "string",
    "payload": {},
    "responseBody": null,
    "responseHeaders": null,
    "nextRetryAt": null,
    "updatedAt": "string"
  }
}
404Delivery not found
Content-Type: application/json
{
  "error": "string"
}
409Webhook integration disabled
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/webhooks/webhook-deliveries/00000000-0000-4000-8000-000000000000/retry" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/webhooks/webhooks
Auth requiredwebhooks.view

List webhooks

Returns paginated webhooks for the current tenant and organization. Requires features: webhooks.view

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany
searchqueryNoany
isActivequeryNoany

Responses

200Webhook collection
Content-Type: application/json
{
  "items": [
    {
      "id": "string",
      "name": "string",
      "description": null,
      "url": "string",
      "subscribedEvents": [
        "string"
      ],
      "httpMethod": "string",
      "isActive": true,
      "deliveryStrategy": "string",
      "maxRetries": 1,
      "consecutiveFailures": 1,
      "lastSuccessAt": null,
      "lastFailureAt": null,
      "createdAt": "string",
      "updatedAt": "string"
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}
400Tenant context missing
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/webhooks/webhooks" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/webhooks/webhooks
Auth requiredwebhooks.manage

Create webhook

Creates a new webhook endpoint. A signing secret (whsec_ prefixed) is auto-generated and returned once. Requires features: webhooks.manage

Request body (application/json)

{
  "name": "string",
  "description": null,
  "url": "https://example.com/resource",
  "subscribedEvents": [
    "string"
  ],
  "httpMethod": "POST",
  "customHeaders": null,
  "deliveryStrategy": "http",
  "strategyConfig": null,
  "maxRetries": 10,
  "timeoutMs": 15000,
  "rateLimitPerMinute": 0,
  "autoDisableThreshold": 100,
  "integrationId": null
}

Responses

201Webhook created
Content-Type: application/json
{
  "id": "string",
  "name": "string",
  "url": "string",
  "secret": "string",
  "subscribedEvents": [
    "string"
  ],
  "isActive": true
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/webhooks/webhooks" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"name\": \"string\",
  \"description\": null,
  \"url\": \"https://example.com/resource\",
  \"subscribedEvents\": [
    \"string\"
  ],
  \"httpMethod\": \"POST\",
  \"customHeaders\": null,
  \"deliveryStrategy\": \"http\",
  \"strategyConfig\": null,
  \"maxRetries\": 10,
  \"timeoutMs\": 15000,
  \"rateLimitPerMinute\": 0,
  \"autoDisableThreshold\": 100,
  \"integrationId\": null
}"
PUT/webhooks/webhooks
Auth requiredwebhooks.manage

Update webhook

Updates an existing webhook configuration. Requires features: webhooks.manage

Request body (application/json)

{
  "description": null,
  "httpMethod": "POST",
  "customHeaders": null,
  "deliveryStrategy": "http",
  "strategyConfig": null,
  "maxRetries": 10,
  "timeoutMs": 15000,
  "rateLimitPerMinute": 0,
  "autoDisableThreshold": 100,
  "integrationId": null
}

Responses

200Webhook updated
Content-Type: application/json
{
  "id": "string",
  "name": "string",
  "description": null,
  "url": "string",
  "subscribedEvents": [
    "string"
  ],
  "httpMethod": "string",
  "isActive": true,
  "deliveryStrategy": "string",
  "maxRetries": 1,
  "consecutiveFailures": 1,
  "lastSuccessAt": null,
  "lastFailureAt": null,
  "createdAt": "string",
  "updatedAt": "string",
  "customHeaders": null,
  "strategyConfig": null,
  "timeoutMs": 1,
  "rateLimitPerMinute": 1,
  "autoDisableThreshold": 1,
  "integrationId": null
}
400Invalid payload
Content-Type: application/json
{
  "error": "string"
}
404Not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/webhooks/webhooks" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"description\": null,
  \"httpMethod\": \"POST\",
  \"customHeaders\": null,
  \"deliveryStrategy\": \"http\",
  \"strategyConfig\": null,
  \"maxRetries\": 10,
  \"timeoutMs\": 15000,
  \"rateLimitPerMinute\": 0,
  \"autoDisableThreshold\": 100,
  \"integrationId\": null
}"
DELETE/webhooks/webhooks
Auth requiredwebhooks.manage

Delete webhook

Soft-deletes a webhook endpoint. Requires features: webhooks.manage

Parameters

NameInRequiredSchemaDescription
idqueryYesanyWebhook ID to delete

Responses

200Deleted
Content-Type: application/json
{
  "success": true
}
404Not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/webhooks/webhooks?id=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/webhooks/webhooks/{id}
Auth requiredwebhooks.view

Get webhook

Returns webhook configuration, masked secret metadata, and delivery settings. Requires features: webhooks.view

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Webhook detail
Content-Type: application/json
{
  "id": "string",
  "name": "string",
  "description": null,
  "url": "string",
  "subscribedEvents": [
    "string"
  ],
  "httpMethod": "string",
  "isActive": true,
  "deliveryStrategy": "string",
  "maxRetries": 1,
  "consecutiveFailures": 1,
  "lastSuccessAt": null,
  "lastFailureAt": null,
  "createdAt": "string",
  "updatedAt": "string",
  "customHeaders": null,
  "strategyConfig": null,
  "timeoutMs": 1,
  "rateLimitPerMinute": 1,
  "autoDisableThreshold": 1,
  "integrationId": null,
  "maskedSecret": "string",
  "previousSecretSetAt": null
}
404Webhook not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/webhooks/webhooks/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Auth

Showing 1 of 1 endpoints
GET/auth/users/consents
Auth requiredauth.users.edit

List user consents

Returns all consent records for a given user, with integrity verification status. Requires features: auth.users.edit

Parameters

NameInRequiredSchemaDescription
userIdqueryYesany

Responses

200Consent list returned
Content-Type: application/json
"string"

Example

curl -X GET "https://app.nwf24.pl/api/auth/users/consents?userId=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Configs

Showing 8 of 8 endpoints
GET/configs/cache
Auth requiredconfigs.cache.view

Get cache statistics

Returns detailed cache statistics including total entries and breakdown by cache segments. Requires cache service to be available. Requires features: configs.cache.view

Responses

200Cache statistics
Content-Type: application/json
{
  "generatedAt": "string",
  "totalKeys": 1,
  "segments": [
    {
      "segment": "string",
      "resource": null,
      "method": null,
      "path": null,
      "keyCount": 1,
      "keys": [
        "string"
      ]
    }
  ]
}
500Failed to resolve cache stats
Content-Type: application/json
{
  "error": "string"
}
503Cache service unavailable
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/configs/cache" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/configs/cache
Auth requiredconfigs.cache.manage

Purge cache

Purges cache entries. Supports two actions: purgeAll (clears entire cache) or purgeSegment (clears specific segment). Returns updated cache statistics after purge. Requires features: configs.cache.manage

Request body (application/json)

{
  "action": "purgeAll"
}

Responses

200Cache segment cleared successfully
Content-Type: application/json
{
  "action": "purgeSegment",
  "segment": "string",
  "deleted": 1,
  "stats": {
    "generatedAt": "string",
    "totalKeys": 1,
    "segments": [
      {
        "segment": "string",
        "resource": null,
        "method": null,
        "path": null,
        "keyCount": 1,
        "keys": [
          "string"
        ]
      }
    ]
  }
}
400Invalid request - missing segment identifier for purgeSegment action
Content-Type: application/json
{
  "error": "string"
}
500Failed to purge cache
Content-Type: application/json
{
  "error": "string"
}
503Cache service unavailable
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/configs/cache" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"action\": \"purgeAll\"
}"
GET/configs/module-telemetry
Auth requiredconfigs.system_status.view

Get module resource usage telemetry

Returns in-process module resource attribution for API routes, event subscribers, and queue workers. Requires features: configs.system_status.view

Responses

200Module resource usage report
Content-Type: application/json
{
  "generatedAt": "string",
  "startedAt": "string",
  "enabled": true,
  "bucketIntervalMs": 1,
  "totals": {
    "modules": 1,
    "operations": 1,
    "calls": 1,
    "errors": 1,
    "totalDurationMs": 1,
    "totalCpuMs": 1,
    "positiveHeapDeltaBytes": 1,
    "positiveRssDeltaBytes": 1
  },
  "thresholds": {
    "p95DurationMs": 1,
    "cpuMs": 1,
    "positiveHeapDeltaBytes": 1,
    "positiveRssDeltaBytes": 1,
    "errors": 1
  },
  "modules": [
    {
      "moduleId": "string",
      "calls": 1,
      "errors": 1,
      "totalDurationMs": 1,
      "p95DurationMs": 1,
      "totalCpuMs": 1,
      "positiveHeapDeltaBytes": 1,
      "positiveRssDeltaBytes": 1,
      "surfaces": [
        {
          "surface": "api",
          "calls": 1,
          "errors": 1,
          "totalDurationMs": 1,
          "p95DurationMs": 1,
          "totalCpuMs": 1,
          "positiveHeapDeltaBytes": 1,
          "positiveRssDeltaBytes": 1
        }
      ],
      "topOperations": [
        {
          "moduleId": "string",
          "surface": "api",
          "operation": "string",
          "resourceId": null,
          "calls": 1,
          "errors": 1,
          "totalDurationMs": 1,
          "maxDurationMs": 1,
          "p95DurationMs": 1,
          "totalCpuUserMs": 1,
          "totalCpuSystemMs": 1,
          "maxCpuMs": 1,
          "totalHeapDeltaBytes": 1,
          "positiveHeapDeltaBytes": 1,
          "maxHeapDeltaBytes": 1,
          "totalRssDeltaBytes": 1,
          "positiveRssDeltaBytes": 1,
          "maxRssDeltaBytes": 1,
          "firstSeenAt": "string",
          "lastSeenAt": "string"
        }
      ],
      "candidateReasons": [
        "string"
      ]
    }
  ],
  "candidates": [
    {
      "moduleId": "string",
      "calls": 1,
      "errors": 1,
      "totalDurationMs": 1,
      "p95DurationMs": 1,
      "totalCpuMs": 1,
      "positiveHeapDeltaBytes": 1,
      "positiveRssDeltaBytes": 1,
      "surfaces": [
        {
          "surface": "api",
          "calls": 1,
          "errors": 1,
          "totalDurationMs": 1,
          "p95DurationMs": 1,
          "totalCpuMs": 1,
          "positiveHeapDeltaBytes": 1,
          "positiveRssDeltaBytes": 1
        }
      ],
      "topOperations": [
        {
          "moduleId": "string",
          "surface": "api",
          "operation": "string",
          "resourceId": null,
          "calls": 1,
          "errors": 1,
          "totalDurationMs": 1,
          "maxDurationMs": 1,
          "p95DurationMs": 1,
          "totalCpuUserMs": 1,
          "totalCpuSystemMs": 1,
          "maxCpuMs": 1,
          "totalHeapDeltaBytes": 1,
          "positiveHeapDeltaBytes": 1,
          "maxHeapDeltaBytes": 1,
          "totalRssDeltaBytes": 1,
          "positiveRssDeltaBytes": 1,
          "maxRssDeltaBytes": 1,
          "firstSeenAt": "string",
          "lastSeenAt": "string"
        }
      ],
      "candidateReasons": [
        "string"
      ]
    }
  ],
  "buckets": [
    {
      "bucketStart": "string",
      "bucketEnd": "string",
      "bucketIntervalMs": 1,
      "stage": "startup",
      "partial": true,
      "totals": {
        "modules": 1,
        "calls": 1,
        "errors": 1,
        "totalDurationMs": 1,
        "totalCpuMs": 1,
        "positiveHeapDeltaBytes": 1,
        "positiveRssDeltaBytes": 1
      },
      "modules": [
        {
          "moduleId": "string",
          "calls": 1,
          "errors": 1,
          "totalDurationMs": 1,
          "p95DurationMs": 1,
          "totalCpuMs": 1,
          "positiveHeapDeltaBytes": 1,
          "positiveRssDeltaBytes": 1,
          "surfaces": [
            {
              "surface": "api",
              "calls": 1,
              "errors": 1,
              "totalDurationMs": 1,
              "p95DurationMs": 1,
              "totalCpuMs": 1,
              "positiveHeapDeltaBytes": 1,
              "positiveRssDeltaBytes": 1
            }
          ],
          "topOperations": [
            {
              "moduleId": "string",
              "surface": "api",
              "operation": "string",
              "resourceId": null,
              "calls": 1,
              "errors": 1,
              "totalDurationMs": 1,
              "maxDurationMs": 1,
              "p95DurationMs": 1,
              "totalCpuUserMs": 1,
              "totalCpuSystemMs": 1,
              "maxCpuMs": 1,
              "totalHeapDeltaBytes": 1,
              "positiveHeapDeltaBytes": 1,
              "maxHeapDeltaBytes": 1,
              "totalRssDeltaBytes": 1,
              "positiveRssDeltaBytes": 1,
              "maxRssDeltaBytes": 1,
              "firstSeenAt": "string",
              "lastSeenAt": "string"
            }
          ],
          "candidateReasons": [
            "string"
          ]
        }
      ]
    }
  ]
}

Example

curl -X GET "https://app.nwf24.pl/api/configs/module-telemetry" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
DELETE/configs/module-telemetry
Auth requiredconfigs.manage

Clear module telemetry data

Development-only endpoint that clears in-memory module telemetry and local process telemetry files. Requires features: configs.manage

Responses

200Module telemetry cleared
Content-Type: application/json
{
  "cleared": true
}

Example

curl -X DELETE "https://app.nwf24.pl/api/configs/module-telemetry" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/configs/system-status
Auth requiredconfigs.system_status.view

Get system health status

Returns comprehensive system health information including environment details, version, resource usage, and service connectivity status. Requires features: configs.system_status.view

Responses

200System status snapshot
Content-Type: application/json
{
  "generatedAt": "string",
  "runtimeMode": "development",
  "categories": [
    {
      "key": "profiling",
      "labelKey": "string",
      "descriptionKey": null,
      "items": [
        {
          "key": "string",
          "category": "profiling",
          "kind": "boolean",
          "labelKey": "string",
          "descriptionKey": "string",
          "docUrl": null,
          "defaultValue": null,
          "state": "enabled",
          "value": null,
          "normalizedValue": null
        }
      ]
    }
  ]
}
500Failed to load system status
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/configs/system-status" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/configs/system-status
Auth requiredconfigs.manage

Clear system cache

Purges the entire cache for the current tenant. Useful for troubleshooting or forcing fresh data loading. Requires features: configs.manage

Responses

200Cache cleared successfully
Content-Type: application/json
{
  "cleared": true
}
500Failed to purge cache
Content-Type: application/json
{
  "error": "string"
}
503Cache service unavailable
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/configs/system-status" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/configs/upgrade-actions
Auth requiredconfigs.manage

List pending upgrade actions

Returns a list of pending upgrade actions for the current version. These are one-time setup tasks that need to be executed after upgrading to a new version. Requires organization and tenant context. Requires features: configs.manage

Responses

200List of pending upgrade actions
Content-Type: application/json
{
  "version": "string",
  "actions": [
    {
      "id": "string",
      "version": "string",
      "message": "string",
      "ctaLabel": "string",
      "successMessage": "string",
      "loadingLabel": "string"
    }
  ]
}
400Missing organization or tenant context
Content-Type: application/json
{
  "error": "string"
}
500Failed to load upgrade actions
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/configs/upgrade-actions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/configs/upgrade-actions
Auth requiredconfigs.manage

Execute upgrade action

Executes a specific upgrade action by ID. Typically used for one-time setup tasks like seeding example data after version upgrade. Returns execution status and localized success message. Requires features: configs.manage

Request body (application/json)

{
  "actionId": "string"
}

Responses

200Upgrade action executed successfully
Content-Type: application/json
{
  "status": "string",
  "message": "string",
  "version": "string"
}
400Invalid request body or missing context
Content-Type: application/json
{
  "error": "string"
}
500Failed to execute upgrade action
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/configs/upgrade-actions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"actionId\": \"string\"
}"

CustomerAccounts

Showing 8 of 8 endpoints
GET/customer_accounts/admin/domain-mappings
Auth requiredcustomer_accounts.domain.manage

List domain mappings

Returns all custom-domain mappings for the current tenant, optionally filtered by organization. Requires features: customer_accounts.domain.manage

Responses

200OK
Content-Type: application/json
{
  "ok": true,
  "domainMappings": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "hostname": "string",
      "organizationId": "00000000-0000-4000-8000-000000000000",
      "tenantId": "00000000-0000-4000-8000-000000000000",
      "provider": "traefik",
      "status": "pending",
      "verifiedAt": null,
      "lastDnsCheckAt": null,
      "dnsFailureReason": null,
      "tlsFailureReason": null,
      "tlsRetryCount": 1,
      "cnameTarget": null,
      "aRecordTarget": null,
      "createdAt": "string",
      "updatedAt": null
    }
  ],
  "config": {
    "cnameTarget": null,
    "aRecordTarget": null
  }
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/admin/domain-mappings" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/customer_accounts/admin/domain-mappings
Auth requiredcustomer_accounts.domain.manage

Register a custom domain

Registers a new custom domain mapping for an organization. Verifies via DNS asynchronously. Requires features: customer_accounts.domain.manage

Request body (application/json)

{
  "hostname": "string",
  "organizationId": "00000000-0000-4000-8000-000000000000"
}

Responses

201Created
Content-Type: application/json
{
  "ok": true,
  "domainMapping": {
    "id": "00000000-0000-4000-8000-000000000000",
    "hostname": "string",
    "organizationId": "00000000-0000-4000-8000-000000000000",
    "tenantId": "00000000-0000-4000-8000-000000000000",
    "provider": "traefik",
    "status": "pending",
    "verifiedAt": null,
    "lastDnsCheckAt": null,
    "dnsFailureReason": null,
    "tlsFailureReason": null,
    "tlsRetryCount": 1,
    "cnameTarget": null,
    "aRecordTarget": null,
    "createdAt": "string",
    "updatedAt": null
  }
}
400Validation error
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
409Conflict
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/admin/domain-mappings" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"hostname\": \"string\",
  \"organizationId\": \"00000000-0000-4000-8000-000000000000\"
}"
DELETE/customer_accounts/admin/domain-mappings
Auth requiredcustomer_accounts.domain.manage

Remove a custom domain

Removes the domain mapping identified by ?id=. Cache and Traefik routing drain within TTL. Requires features: customer_accounts.domain.manage

Responses

200OK
Content-Type: application/json
{
  "ok": true
}
400Bad request
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/customer_accounts/admin/domain-mappings" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/customer_accounts/admin/domain-mappings/{id}/health-check
Auth requiredcustomer_accounts.domain.manage

Trigger TLS health check

Runs an HTTPS probe to verify Traefik has provisioned a certificate. On success: transitions the mapping to active. Requires features: customer_accounts.domain.manage

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200OK
Content-Type: application/json
{
  "ok": true,
  "domainMapping": {
    "id": "00000000-0000-4000-8000-000000000000",
    "hostname": "string",
    "status": "string",
    "tlsRetryCount": 1,
    "tlsFailureReason": null
  }
}
404Not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/admin/domain-mappings/:id/health-check" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/customer_accounts/admin/domain-mappings/{id}/verify
Auth requiredcustomer_accounts.domain.manage

Trigger DNS verification

Runs DNS verification (CNAME → A → reverse-resolve fallback) for the domain mapping. Returns diagnostics on failure. Requires features: customer_accounts.domain.manage

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200OK — see status
Content-Type: application/json
{
  "ok": true,
  "domainMapping": {
    "id": "00000000-0000-4000-8000-000000000000",
    "hostname": "string",
    "status": "string",
    "verifiedAt": null,
    "lastDnsCheckAt": null,
    "dnsFailureReason": null
  },
  "diagnostics": null
}
404Not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/admin/domain-mappings/:id/verify" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/customer_accounts/domain-check

Verify a hostname is allowed for TLS provisioning

Called by Traefik before issuing a Let's Encrypt certificate. Requires the X-Domain-Check-Secret header to match DOMAIN_CHECK_SECRET.

Responses

200Hostname allowed
Content-Type: application/json
{
  "ok": true
}
403Forbidden
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404Hostname not registered or not yet verified
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
503Server misconfiguration
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/domain-check" \
  -H "Accept: application/json"
GET/customer_accounts/domain-resolve

Single-host resolve for the Node middleware

Internal endpoint used by the portal middleware to populate its in-memory cache. Requires X-Domain-Resolve-Secret header.

Responses

200OK
Content-Type: application/json
{
  "ok": true,
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "orgSlug": null,
  "status": "active"
}
400Bad request
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Forbidden
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404Not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
503Server misconfiguration
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/domain-resolve" \
  -H "Accept: application/json"
GET/customer_accounts/domain-resolve/all

Batch warm-up for the Node middleware

Returns every active domain mapping in a single payload so the middleware can populate its cache on process start. Requires X-Domain-Resolve-Secret header.

Responses

200OK
Content-Type: application/json
{
  "ok": true,
  "domains": [
    {
      "hostname": "string",
      "tenantId": "00000000-0000-4000-8000-000000000000",
      "organizationId": "00000000-0000-4000-8000-000000000000",
      "orgSlug": null,
      "status": "active"
    }
  ]
}
403Forbidden
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
429Too many requests
Content-Type: application/json
{
  "error": "string"
}
503Server misconfiguration
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/domain-resolve/all" \
  -H "Accept: application/json"

Customer Accounts Admin

Showing 15 of 15 endpoints
GET/customer_accounts/admin/roles

List customer roles (admin)

Returns all customer roles for the tenant.

Responses

200Role list
Content-Type: application/json
{
  "ok": true,
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": "string",
      "slug": "string",
      "description": null,
      "isDefault": true,
      "isSystem": true,
      "customerAssignable": true,
      "createdAt": "string",
      "updatedAt": null
    }
  ],
  "total": 1,
  "totalPages": 1,
  "page": 1
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/admin/roles" \
  -H "Accept: application/json"
POST/customer_accounts/admin/roles

Create customer role (admin)

Creates a new customer role with an empty ACL.

Request body (application/json)

{
  "name": "string",
  "slug": "string"
}

Responses

201Role created
Content-Type: application/json
{
  "ok": true,
  "role": {
    "id": "00000000-0000-4000-8000-000000000000",
    "name": "string",
    "slug": "string",
    "description": null,
    "isDefault": true,
    "isSystem": true,
    "customerAssignable": true,
    "createdAt": "string"
  }
}
400Validation failed
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
409Slug already exists
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/admin/roles" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"name\": \"string\",
  \"slug\": \"string\"
}"
GET/customer_accounts/admin/roles/{id}

Get customer role detail (admin)

Returns full customer role details including ACL features.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Role detail with ACL
Content-Type: application/json
{
  "ok": true,
  "role": {
    "id": "00000000-0000-4000-8000-000000000000",
    "name": "string",
    "slug": "string",
    "description": null,
    "isDefault": true,
    "isSystem": true,
    "customerAssignable": true,
    "createdAt": "string",
    "updatedAt": null,
    "acl": {
      "features": [
        "string"
      ],
      "isPortalAdmin": true
    }
  }
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404Role not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/admin/roles/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json"
PUT/customer_accounts/admin/roles/{id}

Update customer role (admin)

Updates a customer role. System roles are protected from name changes.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Request body (application/json)

{}

Responses

200Role updated
Content-Type: application/json
{
  "ok": true
}
400Validation failed or system role restriction
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404Role not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/customer_accounts/admin/roles/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{}"
DELETE/customer_accounts/admin/roles/{id}

Delete customer role (admin)

Soft deletes a customer role and its ACL. The default role (auto-assigned to new portal users) and roles with assigned users cannot be deleted.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Role deleted
Content-Type: application/json
{
  "ok": true
}
400Default role or has assigned users
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404Role not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/customer_accounts/admin/roles/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json"
PUT/customer_accounts/admin/roles/{id}/acl

Update customer role ACL (admin)

Updates the ACL (features and portal admin flag) for a customer role. Invalidates RBAC cache after update.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Request body (application/json)

{
  "features": [
    "string"
  ]
}

Responses

200ACL updated
Content-Type: application/json
{
  "ok": true,
  "updatedAt": "string"
}
400Validation failed
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404Role not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
409Stale ACL write (optimistic-lock conflict)
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/customer_accounts/admin/roles/00000000-0000-4000-8000-000000000000/acl" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"features\": [
    \"string\"
  ]
}"
GET/customer_accounts/admin/users

List customer users (admin)

Returns a paginated list of customer users with roles. Supports filtering by status, company, role, and search.

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany
statusqueryNoany
customerEntityIdqueryNoany
roleIdqueryNoany
searchqueryNoany

Responses

200Paginated user list
Content-Type: application/json
{
  "ok": true,
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "email": "string",
      "displayName": "string",
      "emailVerified": true,
      "isActive": true,
      "lockedUntil": null,
      "lastLoginAt": null,
      "customerEntityId": null,
      "personEntityId": null,
      "createdAt": "string",
      "updatedAt": null,
      "roles": [
        {
          "id": "00000000-0000-4000-8000-000000000000",
          "name": "string",
          "slug": "string"
        }
      ]
    }
  ],
  "total": 1,
  "totalPages": 1,
  "page": 1
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/admin/users" \
  -H "Accept: application/json"
POST/customer_accounts/admin/users

Create customer user (admin)

Creates a new customer user directly. Staff-initiated, bypasses signup flow.

Request body (application/json)

{
  "email": "user@example.com",
  "password": "string",
  "displayName": "string"
}

Responses

201User created
Content-Type: application/json
{
  "ok": true,
  "user": {
    "id": "00000000-0000-4000-8000-000000000000",
    "email": "string",
    "displayName": "string"
  }
}
400Validation failed
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
409Email already exists
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/admin/users" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"email\": \"user@example.com\",
  \"password\": \"string\",
  \"displayName\": \"string\"
}"
POST/customer_accounts/admin/users-invite

Invite customer user (admin)

Creates a staff-initiated invitation for a new customer user. The invitedByUserId is set from the staff auth context.

Request body (application/json)

{
  "email": "user@example.com",
  "roleIds": [
    "00000000-0000-4000-8000-000000000000"
  ]
}

Responses

201Invitation created
Content-Type: application/json
{
  "ok": true,
  "invitation": {
    "id": "00000000-0000-4000-8000-000000000000",
    "email": "string",
    "expiresAt": "string"
  }
}
400Validation failed
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
429Too many invitation requests
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/admin/users-invite" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"email\": \"user@example.com\",
  \"roleIds\": [
    \"00000000-0000-4000-8000-000000000000\"
  ]
}"
GET/customer_accounts/admin/users/{id}

Get customer user detail (admin)

Returns full customer user details including CRM links, roles, and active session count.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200User detail
Content-Type: application/json
{
  "ok": true,
  "user": {
    "id": "00000000-0000-4000-8000-000000000000",
    "email": "string",
    "displayName": "string",
    "emailVerified": true,
    "isActive": true,
    "lockedUntil": null,
    "lastLoginAt": null,
    "failedLoginAttempts": 1,
    "customerEntityId": null,
    "personEntityId": null,
    "createdAt": "string",
    "updatedAt": null,
    "roles": [
      {
        "id": "00000000-0000-4000-8000-000000000000",
        "name": "string",
        "slug": "string"
      }
    ],
    "activeSessionCount": 1
  }
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404User not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customer_accounts/admin/users/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json"
PUT/customer_accounts/admin/users/{id}

Update customer user (admin)

Updates a customer user. Staff can update status, lock, CRM links, and roles. Role assignment bypasses customer_assignable check.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Request body (application/json)

{
  "lockedUntil": null,
  "personEntityId": null,
  "customerEntityId": null
}

Responses

200User updated
Content-Type: application/json
{
  "ok": true
}
400Validation failed or role not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404User not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/customer_accounts/admin/users/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"lockedUntil\": null,
  \"personEntityId\": null,
  \"customerEntityId\": null
}"
DELETE/customer_accounts/admin/users/{id}

Delete customer user (admin)

Soft deletes a customer user and revokes all their active sessions.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200User deleted
Content-Type: application/json
{
  "ok": true
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404User not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/customer_accounts/admin/users/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json"
POST/customer_accounts/admin/users/{id}/reset-password

Reset customer user password (admin)

Allows staff to set a new password for a customer user.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Request body (application/json)

{
  "newPassword": "string"
}

Responses

200Password reset
Content-Type: application/json
{
  "ok": true
}
400Validation failed
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404User not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/admin/users/00000000-0000-4000-8000-000000000000/reset-password" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"newPassword\": \"string\"
}"
POST/customer_accounts/admin/users/{id}/send-reset-link

Send password reset link for customer user (admin)

Creates a password reset token for a customer user and returns a reset link URL. The admin must prepend the appropriate portal domain/slug to the relative URL.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Reset link generated
Content-Type: application/json
{
  "ok": true,
  "resetLink": "string"
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404User not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/admin/users/00000000-0000-4000-8000-000000000000/send-reset-link" \
  -H "Accept: application/json"
POST/customer_accounts/admin/users/{id}/verify-email

Verify customer user email (admin)

Allows staff to manually mark a customer user email as verified.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Email verified
Content-Type: application/json
{
  "ok": true
}
401Not authenticated
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
404User not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/admin/users/00000000-0000-4000-8000-000000000000/verify-email" \
  -H "Accept: application/json"

Customer Authentication

Showing 8 of 8 endpoints
POST/customer_accounts/email/verify

Verify customer email address

Validates the email verification token and marks the email as verified.

Request body (application/json)

{
  "token": "string"
}

Responses

200Email verified
Content-Type: application/json
{
  "ok": true
}
400Invalid or expired token
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/email/verify" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"token\": \"string\"
}"
POST/customer_accounts/invitations/accept

Accept customer invitation

Accepts an invitation, creates the user account, assigns roles, and auto-logs in.

Request body (application/json)

{
  "token": "string",
  "password": "string",
  "displayName": "string"
}

Responses

201Invitation accepted and user created
Content-Type: application/json
{
  "ok": true,
  "user": {
    "id": "00000000-0000-4000-8000-000000000000",
    "email": "user@example.com",
    "displayName": "string",
    "emailVerified": true
  },
  "resolvedFeatures": [
    "string"
  ]
}
400Invalid or expired invitation
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/invitations/accept" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"token\": \"string\",
  \"password\": \"string\",
  \"displayName\": \"string\"
}"
POST/customer_accounts/login

Authenticate customer credentials

Validates customer credentials and issues JWT + session cookies.

Request body (application/json)

{
  "email": "user@example.com",
  "password": "string"
}

Responses

200Login successful
Content-Type: application/json
{
  "ok": true,
  "user": {
    "id": "00000000-0000-4000-8000-000000000000",
    "email": "user@example.com",
    "displayName": "string",
    "emailVerified": true
  },
  "resolvedFeatures": [
    "string"
  ]
}
400Validation failed
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Invalid credentials
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
429Too many login attempts
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/login" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"email\": \"user@example.com\",
  \"password\": \"string\"
}"
POST/customer_accounts/magic-link/request

Request magic link login

Sends a magic link to the customer email. Always returns 200 to prevent enumeration.

Request body (application/json)

{
  "email": "user@example.com"
}

Responses

200Request accepted
Content-Type: application/json
{
  "ok": true
}
429Too many requests
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/magic-link/request" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"email\": \"user@example.com\"
}"
POST/customer_accounts/magic-link/verify

Verify magic link token

Validates the magic link token, auto-verifies email, and creates a session.

Request body (application/json)

{
  "token": "string"
}

Responses

200Login successful
Content-Type: application/json
{
  "ok": true,
  "user": {
    "id": "00000000-0000-4000-8000-000000000000",
    "email": "user@example.com",
    "displayName": "string",
    "emailVerified": true
  },
  "resolvedFeatures": [
    "string"
  ]
}
400Invalid or expired token
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
401Account not found
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/magic-link/verify" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"token\": \"string\"
}"
POST/customer_accounts/password/reset-confirm

Confirm customer password reset

Validates the reset token and sets a new password. Revokes all existing sessions.

Request body (application/json)

{
  "token": "string",
  "password": "string"
}

Responses

200Password reset successful
Content-Type: application/json
{
  "ok": true
}
400Invalid or expired token
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/password/reset-confirm" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"token\": \"string\",
  \"password\": \"string\"
}"
POST/customer_accounts/password/reset-request

Request customer password reset

Initiates a password reset flow. Always returns 200 to prevent email enumeration.

Request body (application/json)

{
  "email": "user@example.com"
}

Responses

200Request accepted
Content-Type: application/json
{
  "ok": true
}
429Too many requests
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/password/reset-request" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"email\": \"user@example.com\"
}"
POST/customer_accounts/signup

Register a new customer account

Accepts a signup request and always returns 202 to prevent account enumeration.

Request body (application/json)

{
  "email": "user@example.com",
  "password": "string",
  "displayName": "string"
}

Responses

202Signup accepted
Content-Type: application/json
{
  "ok": true
}
400Validation failed or invalid request origin
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}
429Too many signup attempts
Content-Type: application/json
{
  "error": "string"
}
500Signup email origin is not configured
Content-Type: application/json
{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/customer_accounts/signup" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"email\": \"user@example.com\",
  \"password\": \"string\",
  \"displayName\": \"string\"
}"

Customers

Showing 20 of 101 endpoints
GET/customers/activities
Auth requiredcustomers.activities.view

List activitys

Returns a paginated collection of activitys scoped to the authenticated organization. Requires features: customers.activities.view

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany
entityIdqueryNoany
dealIdqueryNoany
activityTypequeryNoany
sortFieldqueryNoany
sortDirqueryNoany
idsqueryNoanyComma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated activitys
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "activityType": "string",
      "subject": null,
      "body": null,
      "occurredAt": null,
      "createdAt": "string",
      "appearanceIcon": null,
      "appearanceColor": null,
      "entityId": null,
      "authorUserId": null,
      "authorName": null,
      "authorEmail": null,
      "dealId": null,
      "dealTitle": null,
      "customValues": null,
      "activityTypeLabel": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://app.nwf24.pl/api/customers/activities?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/customers/activities
Auth requiredcustomers.activities.manage

Create activity

DEPRECATED (sunset 2026-06-30): Creates a timeline activity. Use POST /api/customers/interactions instead. Requires features: customers.activities.manage

Request body (application/json)

{
  "entityId": "00000000-0000-4000-8000-000000000000",
  "activityType": "string",
  "phoneNumber": null,
  "appearanceIcon": null,
  "appearanceColor": null
}

Responses

201Activity created
Content-Type: application/json
{
  "id": null
}

Example

curl -X POST "https://app.nwf24.pl/api/customers/activities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"00000000-0000-4000-8000-000000000000\",
  \"activityType\": \"string\",
  \"phoneNumber\": null,
  \"appearanceIcon\": null,
  \"appearanceColor\": null
}"
PUT/customers/activities
Auth requiredcustomers.activities.manage

Update activity

DEPRECATED (sunset 2026-06-30): Updates an activity. Use PUT /api/customers/interactions instead. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "phoneNumber": null,
  "appearanceIcon": null,
  "appearanceColor": null
}

Responses

200Activity updated
Content-Type: application/json
{
  "ok": true
}

Example

curl -X PUT "https://app.nwf24.pl/api/customers/activities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"phoneNumber\": null,
  \"appearanceIcon\": null,
  \"appearanceColor\": null
}"
DELETE/customers/activities
Auth requiredcustomers.activities.manage

Delete activity

DEPRECATED (sunset 2026-06-30): Deletes an activity. Use DELETE /api/customers/interactions instead. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Activity deleted
Content-Type: application/json
{
  "ok": true
}

Example

curl -X DELETE "https://app.nwf24.pl/api/customers/activities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"
GET/customers/addresses
Auth requiredcustomers.activities.view

List addresss

Returns a paginated collection of addresss scoped to the authenticated organization. Requires features: customers.activities.view

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany
entityIdqueryNoany
idqueryNoany
sortFieldqueryNoany
sortDirqueryNoany
idsqueryNoanyComma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated addresss
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "entity_id": "00000000-0000-4000-8000-000000000000",
      "name": null,
      "purpose": null,
      "company_name": null,
      "address_line1": null,
      "address_line2": null,
      "building_number": null,
      "flat_number": null,
      "city": null,
      "region": null,
      "postal_code": null,
      "country": null,
      "latitude": null,
      "longitude": null,
      "is_primary": null,
      "organization_id": null,
      "tenant_id": null,
      "updated_at": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://app.nwf24.pl/api/customers/addresses?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/customers/addresses
Auth requiredcustomers.activities.manage

Create address

Creates a customer address record and associates it with the referenced entity. Requires features: customers.activities.manage

Request body (application/json)

{
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "entityId": "00000000-0000-4000-8000-000000000000",
  "addressLine1": "string",
  "latitude": null,
  "longitude": null
}

Responses

201Address created
Content-Type: application/json
{
  "id": null
}

Example

curl -X POST "https://app.nwf24.pl/api/customers/addresses" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"organizationId\": \"00000000-0000-4000-8000-000000000000\",
  \"tenantId\": \"00000000-0000-4000-8000-000000000000\",
  \"entityId\": \"00000000-0000-4000-8000-000000000000\",
  \"addressLine1\": \"string\",
  \"latitude\": null,
  \"longitude\": null
}"
PUT/customers/addresses
Auth requiredcustomers.activities.manage

Update address

Updates fields on an existing customer address. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "latitude": null,
  "longitude": null
}

Responses

200Address updated
Content-Type: application/json
{
  "ok": true
}

Example

curl -X PUT "https://app.nwf24.pl/api/customers/addresses" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"latitude\": null,
  \"longitude\": null
}"
DELETE/customers/addresses
Auth requiredcustomers.activities.manage

Delete address

Deletes an address by id. The identifier may be included in the body or query. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Address deleted
Content-Type: application/json
{
  "ok": true
}

Example

curl -X DELETE "https://app.nwf24.pl/api/customers/addresses" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"
GET/customers/assignable-staff
Auth requiredcustomers.roles.view

DEPRECATED: use GET /api/staff/team-members/assignable instead.

Deprecated. Returns 308 Permanent Redirect to /api/staff/team-members/assignable preserving the query string. Will be removed no earlier than the next major release. Requires features: customers.roles.view

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany
searchqueryNoany

Responses

200Assignable staff members (only reachable by following the redirect).
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "teamMemberId": "00000000-0000-4000-8000-000000000000",
      "userId": "00000000-0000-4000-8000-000000000000",
      "displayName": "string",
      "email": null,
      "teamName": null,
      "user": null,
      "team": null
    }
  ],
  "total": 1,
  "totalPages": 1
}
308Permanent redirect to /api/staff/team-members/assignable.
Content-Type: application/json
{
  "error": "string"
}
400Invalid request
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customers/assignable-staff?page=1&pageSize=24" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/customers/comments
Auth requiredcustomers.activities.view

List comments

Returns a paginated collection of comments scoped to the authenticated organization. Requires features: customers.activities.view

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany
entityIdqueryNoany
dealIdqueryNoany
sortFieldqueryNoany
sortDirqueryNoany
idsqueryNoanyComma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated comments
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "entity_id": null,
      "deal_id": null,
      "body": null,
      "author_user_id": null,
      "appearance_icon": null,
      "appearance_color": null,
      "organization_id": null,
      "tenant_id": null,
      "created_at": null,
      "updated_at": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://app.nwf24.pl/api/customers/comments?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/customers/comments
Auth requiredcustomers.activities.manage

Create comment

Adds a comment to a customer timeline. Requires features: customers.activities.manage

Request body (application/json)

{
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "entityId": "00000000-0000-4000-8000-000000000000",
  "body": "string",
  "appearanceIcon": null,
  "appearanceColor": null
}

Responses

201Comment created
Content-Type: application/json
{
  "id": null,
  "authorUserId": null
}

Example

curl -X POST "https://app.nwf24.pl/api/customers/comments" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"organizationId\": \"00000000-0000-4000-8000-000000000000\",
  \"tenantId\": \"00000000-0000-4000-8000-000000000000\",
  \"entityId\": \"00000000-0000-4000-8000-000000000000\",
  \"body\": \"string\",
  \"appearanceIcon\": null,
  \"appearanceColor\": null
}"
PUT/customers/comments
Auth requiredcustomers.activities.manage

Update comment

Updates an existing timeline comment. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "appearanceIcon": null,
  "appearanceColor": null
}

Responses

200Comment updated
Content-Type: application/json
{
  "ok": true
}

Example

curl -X PUT "https://app.nwf24.pl/api/customers/comments" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"appearanceIcon\": null,
  \"appearanceColor\": null
}"
DELETE/customers/comments
Auth requiredcustomers.activities.manage

Delete comment

Deletes a comment identified by `id` supplied via body or query string. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Comment deleted
Content-Type: application/json
{
  "ok": true
}

Example

curl -X DELETE "https://app.nwf24.pl/api/customers/comments" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"
GET/customers/companies
Auth requiredcustomers.companies.view

List companies

Returns a paginated collection of companies scoped to the authenticated organization. Requires features: customers.companies.view

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany
searchqueryNoany
emailqueryNoany
emailStartsWithqueryNoany
emailContainsqueryNoany
sortFieldqueryNoany
sortDirqueryNoany
statusqueryNoany
lifecycleStagequeryNoany
sourcequeryNoany
hasEmailqueryNoany
hasPhonequeryNoany
hasNextInteractionqueryNoany
createdFromqueryNoany
createdToqueryNoany
idqueryNoany
tagIdsqueryNoany
tagIdsEmptyqueryNoany
excludeIdsqueryNoany
excludeLinkedPersonIdqueryNoany
excludeLinkedCompanyIdqueryNoany
excludeLinkedDealIdqueryNoany
idsqueryNoanyComma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated companies
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "description": null,
      "owner_user_id": null,
      "primary_email": null,
      "primary_phone": null,
      "status": null,
      "lifecycle_stage": null,
      "source": null,
      "next_interaction_at": null,
      "next_interaction_name": null,
      "next_interaction_ref_id": null,
      "next_interaction_icon": null,
      "next_interaction_color": null,
      "organization_id": null,
      "tenant_id": null,
      "created_at": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://app.nwf24.pl/api/customers/companies?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/customers/companies
Auth requiredcustomers.companies.manage

Create company

Creates a company record and associated profile data. Requires features: customers.companies.manage

Request body (application/json)

{
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "displayName": "string",
  "description": null,
  "primaryEmail": null,
  "primaryPhone": null,
  "nextInteraction": null,
  "legalName": null,
  "brandName": null,
  "domain": null,
  "websiteUrl": null,
  "sizeBucket": null,
  "annualRevenue": null
}

Responses

201Company created
Content-Type: application/json
{
  "id": null,
  "companyId": null
}

Example

curl -X POST "https://app.nwf24.pl/api/customers/companies" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"organizationId\": \"00000000-0000-4000-8000-000000000000\",
  \"tenantId\": \"00000000-0000-4000-8000-000000000000\",
  \"displayName\": \"string\",
  \"description\": null,
  \"primaryEmail\": null,
  \"primaryPhone\": null,
  \"nextInteraction\": null,
  \"legalName\": null,
  \"brandName\": null,
  \"domain\": null,
  \"websiteUrl\": null,
  \"sizeBucket\": null,
  \"annualRevenue\": null
}"
PUT/customers/companies
Auth requiredcustomers.companies.manage

Update company

Updates company profile fields, tags, or custom attributes. Requires features: customers.companies.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "description": null,
  "primaryEmail": null,
  "primaryPhone": null,
  "nextInteraction": null,
  "legalName": null,
  "brandName": null,
  "domain": null,
  "websiteUrl": null,
  "sizeBucket": null,
  "annualRevenue": null
}

Responses

200Company updated
Content-Type: application/json
{
  "ok": true
}

Example

curl -X PUT "https://app.nwf24.pl/api/customers/companies" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"description\": null,
  \"primaryEmail\": null,
  \"primaryPhone\": null,
  \"nextInteraction\": null,
  \"legalName\": null,
  \"brandName\": null,
  \"domain\": null,
  \"websiteUrl\": null,
  \"sizeBucket\": null,
  \"annualRevenue\": null
}"
DELETE/customers/companies
Auth requiredcustomers.companies.manage

Delete company

Deletes a company by id. The identifier can be provided via body or query. Requires features: customers.companies.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Company deleted
Content-Type: application/json
{
  "ok": true
}
422Company has dependent records (people, deals, or direct staff); unlink or reassign before delete.
Content-Type: application/json
{
  "error": "string",
  "code": "COMPANY_HAS_DEPENDENTS"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/customers/companies" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"
GET/customers/companies/{id}
Auth requiredcustomers.companies.view

Fetch company with related data

Returns a company customer record with optional related resources such as addresses, comments, activities, interactions, deals, todos, and linked people. Requires features: customers.companies.view

Parameters

NameInRequiredSchemaDescription
idpathYesany
includequeryNoanyComma-separated list of relations to include (addresses, comments, activities, interactions, deals, todos, people).

Responses

200Company detail payload
Content-Type: application/json
{
  "interactionMode": "canonical",
  "company": {
    "id": "00000000-0000-4000-8000-000000000000",
    "displayName": null,
    "description": null,
    "ownerUserId": null,
    "primaryEmail": null,
    "primaryPhone": null,
    "status": null,
    "lifecycleStage": null,
    "source": null,
    "nextInteractionAt": null,
    "nextInteractionName": null,
    "nextInteractionRefId": null,
    "nextInteractionIcon": null,
    "nextInteractionColor": null,
    "organizationId": null,
    "tenantId": null,
    "temperature": null,
    "renewalQuarter": null,
    "createdAt": "string",
    "updatedAt": "string"
  },
  "profile": null,
  "customFields": {},
  "tags": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "label": "string",
      "color": null
    }
  ],
  "addresses": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": null,
      "purpose": null,
      "addressLine1": null,
      "addressLine2": null,
      "buildingNumber": null,
      "flatNumber": null,
      "city": null,
      "region": null,
      "postalCode": null,
      "country": null,
      "latitude": null,
      "longitude": null,
      "isPrimary": null,
      "createdAt": "string"
    }
  ],
  "comments": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "body": null,
      "authorUserId": null,
      "authorName": null,
      "authorEmail": null,
      "dealId": null,
      "createdAt": "string",
      "appearanceIcon": null,
      "appearanceColor": null
    }
  ],
  "activities": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "activityType": "string",
      "subject": null,
      "body": null,
      "occurredAt": null,
      "dealId": null,
      "authorUserId": null,
      "authorName": null,
      "authorEmail": null,
      "createdAt": "string",
      "appearanceIcon": null,
      "appearanceColor": null
    }
  ],
  "interactions": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "entityId": null,
      "interactionType": "string",
      "title": null,
      "body": null,
      "status": "string",
      "scheduledAt": null,
      "occurredAt": null,
      "priority": null,
      "authorUserId": null,
      "ownerUserId": null,
      "dealId": null,
      "organizationId": null,
      "tenantId": null,
      "authorName": null,
      "authorEmail": null,
      "dealTitle": null,
      "customValues": null,
      "appearanceIcon": null,
      "appearanceColor": null,
      "source": null,
      "createdAt": "string",
      "updatedAt": "string"
    }
  ],
  "deals": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "title": null,
      "status": null,
      "pipelineStage": null,
      "valueAmount": null,
      "valueCurrency": null,
      "probability": null,
      "expectedCloseAt": null,
      "ownerUserId": null,
      "source": null,
      "createdAt": "string",
      "updatedAt": "string"
    }
  ],
  "todos": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "todoId": "00000000-0000-4000-8000-000000000000",
      "todoSource": "string",
      "createdAt": "string",
      "createdByUserId": null,
      "title": null,
      "isDone": null,
      "priority": null,
      "severity": null,
      "description": null,
      "dueAt": null,
      "todoOrganizationId": null,
      "customValues": null
    }
  ],
  "people": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "displayName": null,
      "primaryEmail": null,
      "primaryPhone": null,
      "status": null,
      "lifecycleStage": null,
      "jobTitle": null,
      "department": null,
      "createdAt": "string",
      "organizationId": null,
      "source": null,
      "temperature": null,
      "linkedAt": null
    }
  ],
  "viewer": {
    "userId": null,
    "name": null,
    "email": null
  }
}
400Invalid identifier
Content-Type: application/json
{
  "error": "string"
}
404Company not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customers/companies/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/customers/companies/{id}/people
Auth requiredcustomers.companies.view

List linked people for a company

Requires features: customers.companies.view

Parameters

NameInRequiredSchemaDescription
idpathYesany
pagequeryNoany
pageSizequeryNoany
searchqueryNoany
sortqueryNoany

Responses

200Paginated linked people
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "displayName": "string",
      "primaryEmail": null,
      "primaryPhone": null,
      "status": null,
      "lifecycleStage": null,
      "jobTitle": null,
      "department": null,
      "createdAt": "string",
      "organizationId": null,
      "temperature": null,
      "source": null,
      "linkedAt": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}

Example

curl -X GET "https://app.nwf24.pl/api/customers/companies/:id/people?page=1&pageSize=20&sort=name-asc" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/customers/companies/{id}/roles
Auth requiredcustomers.roles.view

List roles for a company

Requires features: customers.roles.view

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Role assignments
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "entityType": "company",
      "entityId": "00000000-0000-4000-8000-000000000000",
      "userId": "00000000-0000-4000-8000-000000000000",
      "userName": null,
      "userEmail": null,
      "userPhone": null,
      "roleType": "string",
      "createdAt": "string",
      "updatedAt": "string"
    }
  ]
}
400Invalid request
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/customers/companies/00000000-0000-4000-8000-000000000000/roles" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Dashboards

Showing 10 of 10 endpoints
GET/dashboards/layout
Auth requireddashboards.view

Load the current dashboard layout

Returns the saved widget layout together with the widgets the current user is allowed to place. Requires features: dashboards.view

Responses

200Current dashboard layout and available widgets.
Content-Type: application/json
{
  "layout": {
    "items": [
      {
        "id": "00000000-0000-4000-8000-000000000000",
        "widgetId": "string",
        "order": 1
      }
    ]
  },
  "allowedWidgetIds": [
    "string"
  ],
  "canConfigure": true,
  "context": {
    "userId": "00000000-0000-4000-8000-000000000000",
    "tenantId": null,
    "organizationId": null,
    "userName": null,
    "userEmail": null,
    "userLabel": "string"
  },
  "widgets": [
    {
      "id": "string",
      "title": "string",
      "description": null,
      "defaultSize": "sm",
      "defaultEnabled": true,
      "defaultSettings": null,
      "features": [
        "string"
      ],
      "moduleId": "string",
      "icon": null,
      "loaderKey": "string",
      "supportsRefresh": true
    }
  ]
}

Example

curl -X GET "https://app.nwf24.pl/api/dashboards/layout" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PUT/dashboards/layout
Auth requireddashboards.configure

Persist dashboard layout changes

Saves the provided widget ordering, sizes, and settings for the current user. Requires features: dashboards.configure

Request body (application/json)

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "widgetId": "string",
      "order": 1
    }
  ]
}

Responses

200Layout updated successfully.
Content-Type: application/json
{
  "ok": true
}
400Invalid layout payload
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/dashboards/layout" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"items\": [
    {
      \"id\": \"00000000-0000-4000-8000-000000000000\",
      \"widgetId\": \"string\",
      \"order\": 1
    }
  ]
}"
PATCH/dashboards/layout/{itemId}
Auth requireddashboards.configure

Update a dashboard layout item

Adjusts the size or settings for a single widget within the dashboard layout. Requires features: dashboards.configure

Parameters

NameInRequiredSchemaDescription
itemIdpathYesany

Request body (application/json)

{}

Responses

200Layout item updated.
Content-Type: application/json
{
  "ok": true
}
400Invalid payload or missing item id
Content-Type: application/json
{
  "error": "string"
}
404Item not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PATCH "https://app.nwf24.pl/api/dashboards/layout/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{}"
GET/dashboards/roles/widgets
Auth requireddashboards.admin.assign-widgets

Fetch widget assignments for a role

Returns the widgets explicitly assigned to the given role together with the evaluation scope. Requires features: dashboards.admin.assign-widgets

Parameters

NameInRequiredSchemaDescription
roleIdqueryYesany
tenantIdqueryNoany
organizationIdqueryNoany

Responses

200Current widget configuration for the role.
Content-Type: application/json
{
  "widgetIds": [
    "string"
  ],
  "hasCustom": true,
  "scope": {
    "tenantId": null,
    "organizationId": null
  }
}
400Missing role identifier
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/dashboards/roles/widgets?roleId=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PUT/dashboards/roles/widgets
Auth requireddashboards.admin.assign-widgets

Update widgets assigned to a role

Persists the widget list for a role within the provided tenant and organization scope. Requires features: dashboards.admin.assign-widgets

Request body (application/json)

{
  "roleId": "00000000-0000-4000-8000-000000000000",
  "widgetIds": [
    "string"
  ]
}

Responses

200Widgets updated successfully.
Content-Type: application/json
{
  "ok": true,
  "widgetIds": [
    "string"
  ]
}
400Invalid payload or unknown widgets
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/dashboards/roles/widgets" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"roleId\": \"00000000-0000-4000-8000-000000000000\",
  \"widgetIds\": [
    \"string\"
  ]
}"
GET/dashboards/users/widgets
Auth requireddashboards.admin.assign-widgets

Read widget overrides for a user

Returns the widgets inherited and explicitly configured for the requested user within the current scope. Requires features: dashboards.admin.assign-widgets

Parameters

NameInRequiredSchemaDescription
userIdqueryYesany
tenantIdqueryNoany
organizationIdqueryNoany

Responses

200Widget settings for the user.
Content-Type: application/json
{
  "mode": "inherit",
  "widgetIds": [
    "string"
  ],
  "hasCustom": true,
  "effectiveWidgetIds": [
    "string"
  ],
  "scope": {
    "tenantId": null,
    "organizationId": null
  }
}
400Missing user identifier
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/dashboards/users/widgets?userId=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PUT/dashboards/users/widgets
Auth requireddashboards.admin.assign-widgets

Update user-specific dashboard widgets

Sets the widget override mode and allowed widgets for a user. Passing `mode: inherit` clears overrides. Requires features: dashboards.admin.assign-widgets

Request body (application/json)

{
  "userId": "00000000-0000-4000-8000-000000000000",
  "mode": "inherit",
  "widgetIds": [
    "string"
  ]
}

Responses

200Overrides saved.
Content-Type: application/json
{
  "ok": true,
  "mode": "inherit",
  "widgetIds": [
    "string"
  ]
}
400Invalid payload or unknown widgets
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/dashboards/users/widgets" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"userId\": \"00000000-0000-4000-8000-000000000000\",
  \"mode\": \"inherit\",
  \"widgetIds\": [
    \"string\"
  ]
}"
GET/dashboards/widgets/catalog
Auth requireddashboards.admin.assign-widgets

List available dashboard widgets

Returns the catalog of widgets that modules expose, including defaults and feature requirements. Requires features: dashboards.admin.assign-widgets

Responses

200Widgets available for assignment.
Content-Type: application/json
{
  "items": [
    {
      "id": "string",
      "title": "string",
      "description": null,
      "defaultSize": "sm",
      "defaultEnabled": true,
      "defaultSettings": null,
      "features": [
        "string"
      ],
      "moduleId": "string",
      "icon": null,
      "loaderKey": "string",
      "supportsRefresh": true
    }
  ]
}

Example

curl -X GET "https://app.nwf24.pl/api/dashboards/widgets/catalog" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/dashboards/widgets/data
Auth requiredanalytics.view

Fetch aggregated data for dashboard widgets

Executes an aggregation query against the specified entity type and returns the result. Supports date range filtering, grouping, and period-over-period comparison. Requires features: analytics.view

Request body (application/json)

{
  "entityType": "string",
  "metric": {
    "field": "string",
    "aggregate": "count"
  }
}

Responses

200Aggregated data for the widget.
Content-Type: application/json
{
  "value": null,
  "data": [
    {
      "value": null
    }
  ],
  "metadata": {
    "fetchedAt": "string",
    "recordCount": 1
  }
}
400Invalid request payload
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/dashboards/widgets/data" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityType\": \"string\",
  \"metric\": {
    \"field\": \"string\",
    \"aggregate\": \"count\"
  }
}"
POST/dashboards/widgets/data/batch
Auth requiredanalytics.view

Fetch aggregated data for multiple dashboard widgets in one request

Resolves a batch of widget data requests with a single authentication, RBAC, organization-scope, and database-context setup. Each request is keyed by an opaque widget id and resolved independently, so a failure in one widget does not fail the batch. Requires features: analytics.view

Request body (application/json)

{
  "requests": [
    {
      "id": "string",
      "request": {
        "entityType": "string",
        "metric": {
          "field": "string",
          "aggregate": "count"
        }
      }
    }
  ]
}

Responses

200Per-widget aggregation results keyed by request id.
Content-Type: application/json
{
  "results": [
    {
      "id": "string",
      "ok": true,
      "data": {
        "value": null,
        "data": [
          {
            "value": null
          }
        ],
        "metadata": {
          "fetchedAt": "string",
          "recordCount": 1
        }
      }
    }
  ]
}
400Invalid request payload
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/dashboards/widgets/data/batch" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"requests\": [
    {
      \"id\": \"string\",
      \"request\": {
        \"entityType\": \"string\",
        \"metric\": {
          \"field\": \"string\",
          \"aggregate\": \"count\"
        }
      }
    }
  ]
}"

Dictionaries

Showing 11 of 11 endpoints
GET/dictionaries
Auth requireddictionaries.view

List dictionaries

Returns dictionaries accessible to the current organization, optionally including inactive records. Requires features: dictionaries.view

Parameters

NameInRequiredSchemaDescription
includeInactivequeryNoany

Responses

200Dictionary collection.
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "key": "string",
      "name": "string",
      "description": null,
      "isSystem": true,
      "isActive": true,
      "managerVisibility": null,
      "organizationId": null,
      "createdAt": "string",
      "updatedAt": null
    }
  ]
}
500Failed to load dictionaries
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/dictionaries" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/dictionaries
Auth requireddictionaries.manage

Create dictionary

Registers a dictionary scoped to the current organization. Requires features: dictionaries.manage

Request body (application/json)

{
  "key": "string",
  "name": "string"
}

Responses

201Dictionary created.
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000",
  "key": "string",
  "name": "string",
  "description": null,
  "isSystem": true,
  "isActive": true,
  "managerVisibility": null,
  "organizationId": null,
  "createdAt": "string",
  "updatedAt": null
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}
409Dictionary key already exists
Content-Type: application/json
{
  "error": "string"
}
500Failed to create dictionary
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/dictionaries" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"key\": \"string\",
  \"name\": \"string\"
}"
GET/dictionaries/{dictionaryId}
Auth requireddictionaries.view

Get dictionary

Returns details for the specified dictionary, including inheritance flags. Requires features: dictionaries.view

Parameters

NameInRequiredSchemaDescription
dictionaryIdpathYesany

Responses

200Dictionary details.
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000",
  "key": "string",
  "name": "string",
  "description": null,
  "isSystem": true,
  "isActive": true,
  "managerVisibility": null,
  "organizationId": null,
  "createdAt": "string",
  "updatedAt": null
}
400Invalid parameters
Content-Type: application/json
{
  "error": "string"
}
404Dictionary not found
Content-Type: application/json
{
  "error": "string"
}
500Failed to load dictionary
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/dictionaries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PATCH/dictionaries/{dictionaryId}
Auth requireddictionaries.manage

Update dictionary

Updates mutable attributes of the dictionary. Currency dictionaries are protected from modification. Requires features: dictionaries.manage

Parameters

NameInRequiredSchemaDescription
dictionaryIdpathYesany

Request body (application/json)

{}

Responses

200Dictionary updated.
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000",
  "key": "string",
  "name": "string",
  "description": null,
  "isSystem": true,
  "isActive": true,
  "managerVisibility": null,
  "organizationId": null,
  "createdAt": "string",
  "updatedAt": null
}
400Validation failed or protected dictionary
Content-Type: application/json
{
  "error": "string"
}
404Dictionary not found
Content-Type: application/json
{
  "error": "string"
}
409Dictionary key already exists
Content-Type: application/json
{
  "error": "string"
}
500Failed to update dictionary
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PATCH "https://app.nwf24.pl/api/dictionaries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{}"
DELETE/dictionaries/{dictionaryId}
Auth requireddictionaries.manage

Delete dictionary

Soft deletes the dictionary unless it is the protected currency dictionary. Requires features: dictionaries.manage

Parameters

NameInRequiredSchemaDescription
dictionaryIdpathYesany

Responses

200Dictionary archived.
Content-Type: application/json
{
  "ok": true
}
400Protected dictionary cannot be deleted
Content-Type: application/json
{
  "error": "string"
}
404Dictionary not found
Content-Type: application/json
{
  "error": "string"
}
500Failed to delete dictionary
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/dictionaries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/dictionaries/{dictionaryId}/entries
Auth requireddictionaries.view

List dictionary entries

Returns entries for the specified dictionary ordered by its configured entry sort mode. Requires features: dictionaries.view

Parameters

NameInRequiredSchemaDescription
dictionaryIdpathYesany

Responses

200Dictionary entries.
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "value": "string",
      "label": "string",
      "color": null,
      "icon": null,
      "position": 1,
      "isDefault": true,
      "createdAt": "string",
      "updatedAt": null
    }
  ]
}
400Invalid parameters
Content-Type: application/json
{
  "error": "string"
}
404Dictionary not found
Content-Type: application/json
{
  "error": "string"
}
500Failed to load dictionary entries
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/dictionaries/00000000-0000-4000-8000-000000000000/entries" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/dictionaries/{dictionaryId}/entries
Auth requireddictionaries.manage

Create dictionary entry

Creates a new entry in the specified dictionary. Requires features: dictionaries.manage

Parameters

NameInRequiredSchemaDescription
dictionaryIdpathYesany

Request body (application/json)

{
  "value": "string",
  "color": null,
  "icon": null
}

Responses

201Dictionary entry created.
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000",
  "value": "string",
  "label": "string",
  "color": null,
  "icon": null,
  "position": 1,
  "isDefault": true,
  "createdAt": "string",
  "updatedAt": null
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}
404Dictionary not found
Content-Type: application/json
{
  "error": "string"
}
500Failed to create dictionary entry
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/dictionaries/00000000-0000-4000-8000-000000000000/entries" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"value\": \"string\",
  \"color\": null,
  \"icon\": null
}"
PATCH/dictionaries/{dictionaryId}/entries/{entryId}
Auth requireddictionaries.manage

Update dictionary entry

Updates the specified dictionary entry using the command bus pipeline. Requires features: dictionaries.manage

Parameters

NameInRequiredSchemaDescription
dictionaryIdpathYesany
entryIdpathYesany

Request body (application/json)

{
  "color": null,
  "icon": null
}

Responses

200Dictionary entry updated.
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000",
  "value": "string",
  "label": "string",
  "color": null,
  "icon": null,
  "position": 1,
  "isDefault": true,
  "createdAt": "string",
  "updatedAt": null
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}
404Dictionary or entry not found
Content-Type: application/json
{
  "error": "string"
}
500Failed to update entry
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PATCH "https://app.nwf24.pl/api/dictionaries/00000000-0000-4000-8000-000000000000/entries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"color\": null,
  \"icon\": null
}"
DELETE/dictionaries/{dictionaryId}/entries/{entryId}
Auth requireddictionaries.manage

Delete dictionary entry

Deletes the specified dictionary entry via the command bus. Requires features: dictionaries.manage

Parameters

NameInRequiredSchemaDescription
dictionaryIdpathYesany
entryIdpathYesany

Responses

200Entry deleted.
Content-Type: application/json
{
  "ok": true
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}
404Dictionary or entry not found
Content-Type: application/json
{
  "error": "string"
}
500Failed to delete entry
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/dictionaries/00000000-0000-4000-8000-000000000000/entries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/dictionaries/{dictionaryId}/entries/reorder
Auth requireddictionaries.manage

Reorder dictionary entries

Updates the position of dictionary entries for drag-and-drop reordering. Requires features: dictionaries.manage

Parameters

NameInRequiredSchemaDescription
dictionaryIdpathYesany

Request body (application/json)

{
  "entries": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "position": 1
    }
  ]
}

Responses

200Entries reordered.
Content-Type: application/json
{
  "ok": true
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}
404Dictionary not found
Content-Type: application/json
{
  "error": "string"
}
500Failed to reorder entries
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/dictionaries/00000000-0000-4000-8000-000000000000/entries/reorder" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entries\": [
    {
      \"id\": \"00000000-0000-4000-8000-000000000000\",
      \"position\": 1
    }
  ]
}"
POST/dictionaries/{dictionaryId}/entries/set-default
Auth requireddictionaries.manage

Set default dictionary entry

Marks the specified entry as the default for this dictionary, clearing any previous default. Requires features: dictionaries.manage

Parameters

NameInRequiredSchemaDescription
dictionaryIdpathYesany

Request body (application/json)

{
  "entryId": "00000000-0000-4000-8000-000000000000"
}

Responses

200Default entry set.
Content-Type: application/json
{
  "ok": true
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}
404Dictionary or entry not found
Content-Type: application/json
{
  "error": "string"
}
500Failed to set default entry
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/dictionaries/00000000-0000-4000-8000-000000000000/entries/set-default" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entryId\": \"00000000-0000-4000-8000-000000000000\"
}"

Directory

Showing 11 of 11 endpoints
GET/directory/organization-branding
Auth requireddirectory.organizations.view

Read sidebar branding for the selected organization

Returns the logo URL used by the backend sidebar for the currently selected organization. Requires features: directory.organizations.view

Responses

200Organization branding
Content-Type: application/json
{
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "organizationName": "string",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "logoUrl": null,
  "updatedAt": null
}
400A concrete organization scope is required
Content-Type: application/json
{
  "error": "string"
}
404Organization not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/directory/organization-branding" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
PUT/directory/organization-branding
Auth requireddirectory.organizations.manage

Update sidebar branding for the selected organization

Stores an external image URL or an internal attachment image URL as the selected organization logo. Requires features: directory.organizations.manage

Request body (application/json)

{
  "logoUrl": null
}

Responses

200Updated organization branding
Content-Type: application/json
{
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "organizationName": "string",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "logoUrl": null,
  "updatedAt": null
}
400Save failed
Content-Type: application/json
{
  "error": "string"
}
409Organization branding changed since it was loaded
Content-Type: application/json
{
  "error": "string"
}
422Invalid logo URL
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/directory/organization-branding" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"logoUrl\": null
}"
GET/directory/organization-switcher
Auth required

Load organization switcher menu

Returns the hierarchical menu of organizations the current user may switch to within the active tenant.

Responses

200Organization switcher payload.
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": "string",
      "depth": 1,
      "selectable": true,
      "children": []
    }
  ],
  "selectedId": null,
  "canManage": true,
  "canViewAllOrganizations": true,
  "tenantId": null,
  "tenants": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": "string",
      "isActive": true
    }
  ],
  "isSuperAdmin": true
}

Example

curl -X GET "https://app.nwf24.pl/api/directory/organization-switcher" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/directory/organizations
Auth requireddirectory.organizations.view

List organizations

Returns organizations using options, tree, or paginated manage view depending on the `view` parameter. Requires features: directory.organizations.view

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany
searchqueryNoany
viewqueryNoany
idsqueryNoany
tenantIdqueryNoany
includeInactivequeryNoany
statusqueryNoany

Responses

200Organization data for the requested view.
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": "string",
      "parentId": null,
      "parentName": null,
      "tenantId": null,
      "tenantName": null,
      "rootId": null,
      "treePath": null
    }
  ]
}
400Invalid query or tenant scope
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/directory/organizations?page=1&pageSize=50&view=options" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/directory/organizations
Auth requireddirectory.organizations.manage

Create organization

Creates a new organization within a tenant and optionally assigns hierarchy relationships. Requires features: directory.organizations.manage

Request body (application/json)

{
  "name": "string",
  "slug": null,
  "logoUrl": null,
  "parentId": null
}

Responses

201Organization created.
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000"
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/directory/organizations" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"name\": \"string\",
  \"slug\": null,
  \"logoUrl\": null,
  \"parentId\": null
}"
PUT/directory/organizations
Auth requireddirectory.organizations.manage

Update organization

Updates organization details and hierarchy assignments. Requires features: directory.organizations.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "slug": null,
  "logoUrl": null,
  "parentId": null
}

Responses

200Organization updated.
Content-Type: application/json
{
  "ok": true
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/directory/organizations" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"slug\": null,
  \"logoUrl\": null,
  \"parentId\": null
}"
DELETE/directory/organizations
Auth requireddirectory.organizations.manage

Delete organization

Soft deletes an organization identified by id. Requires features: directory.organizations.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Organization deleted.
Content-Type: application/json
{
  "ok": true
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/directory/organizations" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"
GET/directory/tenants
Auth requireddirectory.tenants.view

List tenants

Returns tenants visible to the current user with optional search and pagination. Requires features: directory.tenants.view

Parameters

NameInRequiredSchemaDescription
idqueryNoany
pagequeryNoany
pageSizequeryNoany
searchqueryNoany
sortFieldqueryNoany
sortDirqueryNoany
isActivequeryNoany

Responses

200Paged list of tenants.
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": "string",
      "isActive": true,
      "createdAt": null,
      "updatedAt": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}
400Invalid query parameters
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/directory/tenants?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/directory/tenants
Auth requireddirectory.tenants.manage

Create tenant

Creates a new tenant and returns its identifier. Requires features: directory.tenants.manage

Request body (application/json)

{
  "name": "string"
}

Responses

201Tenant created.
Content-Type: application/json
{
  "id": "00000000-0000-4000-8000-000000000000"
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/directory/tenants" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"name\": \"string\"
}"
PUT/directory/tenants
Auth requireddirectory.tenants.manage

Update tenant

Updates tenant properties such as name or activation state. Requires features: directory.tenants.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Tenant updated.
Content-Type: application/json
{
  "ok": true
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/directory/tenants" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"
DELETE/directory/tenants
Auth requireddirectory.tenants.manage

Delete tenant

Soft deletes the tenant identified by id. Requires features: directory.tenants.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Tenant removed.
Content-Type: application/json
{
  "ok": true
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/directory/tenants" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

Entities

Showing 17 of 17 endpoints
GET/entities/definitions
Auth required

List active custom field definitions

Returns active custom field definitions for the supplied entity ids, respecting tenant scope and tombstones.

Parameters

NameInRequiredSchemaDescription
entityIdqueryNoany
entityIdsqueryNoany
fieldsetqueryNoany

Responses

200Definition list
Content-Type: application/json
{
  "items": [
    {
      "key": "string",
      "kind": "string",
      "label": "string",
      "entityId": "string"
    }
  ]
}
400Missing entity id
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/entities/definitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/entities/definitions
Auth requiredentities.definitions.manage

Upsert custom field definition

Creates or updates a custom field definition for the current tenant/org scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "key": "string",
  "kind": "text"
}

Responses

200Definition saved
Content-Type: application/json
{
  "ok": true,
  "item": {
    "id": "00000000-0000-4000-8000-000000000000",
    "key": "string",
    "kind": "string",
    "configJson": {}
  }
}
400Validation failed
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/entities/definitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"key\": \"string\",
  \"kind\": \"text\"
}"
DELETE/entities/definitions
Auth requiredentities.definitions.manage

Soft delete custom field definition

Marks the specified definition inactive and tombstones it for the current scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "key": "string"
}

Responses

200Definition deleted
Content-Type: application/json
{
  "ok": true,
  "version": null
}
400Missing entity id or key
Content-Type: application/json
{
  "error": "string"
}
404Definition not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/entities/definitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"key\": \"string\"
}"
POST/entities/definitions.batch
Auth requiredentities.definitions.manage

Save multiple custom field definitions

Creates or updates multiple definitions for a single entity in one transaction. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "definitions": [
    {
      "key": "string",
      "kind": "text"
    }
  ]
}

Responses

200Definitions saved
Content-Type: application/json
{
  "ok": true,
  "version": null
}
400Validation error
Content-Type: application/json
{
  "error": "string"
}
500Unexpected failure
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/entities/definitions.batch" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"definitions\": [
    {
      \"key\": \"string\",
      \"kind\": \"text\"
    }
  ]
}"
GET/entities/definitions.manage
Auth requiredentities.definitions.manage

Get management snapshot

Returns scoped custom field definitions (including inactive tombstones) for administration interfaces. Requires features: entities.definitions.manage

Parameters

NameInRequiredSchemaDescription
entityIdqueryYesany

Responses

200Scoped definitions and deleted keys
Content-Type: application/json
{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "key": "string",
      "kind": "string",
      "configJson": null,
      "organizationId": null,
      "tenantId": null
    }
  ],
  "deletedKeys": [
    "string"
  ],
  "version": null
}
400Missing entity id
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/entities/definitions.manage?entityId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/entities/definitions.restore
Auth requiredentities.definitions.manage

Restore definition

Reactivates a previously soft-deleted definition within the current tenant/org scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "key": "string"
}

Responses

200Definition restored
Content-Type: application/json
{
  "ok": true
}
400Missing entity id or key
Content-Type: application/json
{
  "error": "string"
}
404Definition not found
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/entities/definitions.restore" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"key\": \"string\"
}"
GET/entities/encryption
Auth requiredentities.definitions.manage

Fetch encryption map

Returns the encrypted field map for the current tenant/organization scope. Requires features: entities.definitions.manage

Parameters

NameInRequiredSchemaDescription
entityIdqueryYesany

Responses

200Map
Content-Type: application/json
{
  "entityId": "string",
  "fields": [
    {
      "field": "string",
      "hashField": null
    }
  ],
  "updatedAt": null
}

Example

curl -X GET "https://app.nwf24.pl/api/entities/encryption?entityId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/entities/encryption
Auth requiredentities.definitions.manage

Upsert encryption map

Creates or updates the encryption map for the current tenant/organization scope. Enforces optimistic locking when the caller sends the expected version header. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "tenantId": null,
  "organizationId": null,
  "fields": [
    {
      "field": "string",
      "hashField": null
    }
  ]
}

Responses

200Saved
Content-Type: application/json
{
  "ok": true,
  "updatedAt": null
}
409Optimistic-lock conflict (stale write)
Content-Type: application/json
{
  "error": "string",
  "code": "string",
  "currentUpdatedAt": "string",
  "expectedUpdatedAt": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/entities/encryption" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"tenantId\": null,
  \"organizationId\": null,
  \"fields\": [
    {
      \"field\": \"string\",
      \"hashField\": null
    }
  ]
}"
GET/entities/entities
Auth required

List available entities

Returns generated and custom entities scoped to the caller with field counts per entity.

Responses

200List of entities
Content-Type: application/json
{
  "items": [
    {
      "entityId": "string",
      "source": "code",
      "label": "string",
      "count": 1
    }
  ]
}

Example

curl -X GET "https://app.nwf24.pl/api/entities/entities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/entities/entities
Auth requiredentities.definitions.manage

Upsert custom entity

Creates or updates a tenant/org scoped custom entity definition. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "label": "string",
  "description": null,
  "showInSidebar": false
}

Responses

200Entity saved
Content-Type: application/json
{
  "ok": true,
  "item": {
    "id": "00000000-0000-4000-8000-000000000000",
    "entityId": "string",
    "label": "string"
  }
}
400Validation error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/entities/entities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"label\": \"string\",
  \"description\": null,
  \"showInSidebar\": false
}"
DELETE/entities/entities
Auth requiredentities.definitions.manage

Soft delete custom entity

Marks the specified custom entity inactive within the current scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string"
}

Responses

200Entity deleted
Content-Type: application/json
{
  "ok": true
}
400Missing entity id
Content-Type: application/json
{
  "error": "string"
}
404Entity not found in scope
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/entities/entities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\"
}"
GET/entities/records
Auth requiredentities.records.view

List records

Returns paginated records for the supplied entity. Supports custom field filters, exports, and soft-delete toggles. Requires features: entities.records.view

Parameters

NameInRequiredSchemaDescription
entityIdqueryYesany
pagequeryNoany
pageSizequeryNoany
sortFieldqueryNoany
sortDirqueryNoany
searchqueryNoany
searchFieldsqueryNoany
withDeletedqueryNoany
formatqueryNoany
exportScopequeryNoany
export_scopequeryNoany
allqueryNoany
fullqueryNoany

Responses

200Paginated records
Content-Type: application/json
{
  "items": [
    {}
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}
400Missing entity id
Content-Type: application/json
{
  "error": "string"
}
500Unexpected failure
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/entities/records?entityId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
POST/entities/records
Auth requiredentities.records.manage

Create record

Creates a record for the given entity. When `recordId` is omitted or not a UUID the data engine will generate one automatically. Requires features: entities.records.manage

Request body (application/json)

{
  "entityId": "string",
  "values": {}
}

Responses

200Record created
Content-Type: application/json
{
  "ok": true
}
400Validation failure
Content-Type: application/json
{
  "error": "string"
}
500Unexpected failure
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/entities/records" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"values\": {}
}"
PUT/entities/records
Auth requiredentities.records.manage

Update record

Updates an existing record. If the provided recordId is not a UUID the record will be created instead to support optimistic flows. Requires features: entities.records.manage

Request body (application/json)

{
  "entityId": "string",
  "recordId": "string",
  "values": {}
}

Responses

200Record updated
Content-Type: application/json
{
  "ok": true
}
400Validation failure
Content-Type: application/json
{
  "error": "string"
}
500Unexpected failure
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X PUT "https://app.nwf24.pl/api/entities/records" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"recordId\": \"string\",
  \"values\": {}
}"
DELETE/entities/records
Auth requiredentities.records.manage

Delete record

Soft deletes the specified record within the current tenant/org scope. Requires features: entities.records.manage

Request body (application/json)

{
  "entityId": "string",
  "recordId": "string"
}

Responses

200Record deleted
Content-Type: application/json
{
  "ok": true
}
400Missing entity id or record id
Content-Type: application/json
{
  "error": "string"
}
404Record not found
Content-Type: application/json
{
  "error": "string"
}
500Unexpected failure
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/entities/records" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"recordId\": \"string\"
}"
GET/entities/relations/options
Auth requiredentities.definitions.view

List relation options

Returns up to 200 option entries for populating relation dropdowns, automatically resolving label fields when omitted. Requires features: entities.definitions.view

Parameters

NameInRequiredSchemaDescription
entityIdqueryYesany
labelFieldqueryNoany
qqueryNoany
idsqueryNoany
routeContextFieldsqueryNoany

Responses

200Option list
Content-Type: application/json
{
  "items": [
    {
      "value": "string",
      "label": "string"
    }
  ]
}

Example

curl -X GET "https://app.nwf24.pl/api/entities/relations/options?entityId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"
GET/entities/sidebar-entities
Auth required

Get sidebar entities

Returns custom entities flagged with `showInSidebar` for the current tenant/org scope.

Responses

200Sidebar entities for navigation
Content-Type: application/json
{
  "items": [
    {
      "entityId": "string",
      "label": "string",
      "href": "string"
    }
  ]
}

Example

curl -X GET "https://app.nwf24.pl/api/entities/sidebar-entities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Query Index

Showing 3 of 3 endpoints
POST/query_index/purge
Auth requiredquery_index.purge

Purge query index records

Queues a purge job to remove indexed records for an entity type within the active scope. Requires features: query_index.purge

Request body (application/json)

{
  "entityType": "string"
}

Responses

200Purge job accepted.
Content-Type: application/json
{
  "ok": true
}
400Missing entity type
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/query_index/purge" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityType\": \"string\"
}"
POST/query_index/reindex
Auth requiredquery_index.reindex

Trigger query index rebuild

Queues a reindex job for the specified entity type within the current tenant scope. Requires features: query_index.reindex

Request body (application/json)

{
  "entityType": "string"
}

Responses

200Reindex job accepted.
Content-Type: application/json
{
  "ok": true
}
400Missing entity type
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/query_index/reindex" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityType\": \"string\"
}"
GET/query_index/status
Auth requiredquery_index.status.view

Inspect query index coverage

Returns entity counts comparing base tables with the query index along with the latest job status. Requires features: query_index.status.view

Responses

200Current query index status.
Content-Type: application/json
{
  "items": [
    {
      "entityId": "string",
      "label": "string",
      "baseCount": null,
      "indexCount": null,
      "vectorCount": null,
      "ok": true,
      "job": {
        "status": "idle",
        "startedAt": null,
        "finishedAt": null,
        "heartbeatAt": null,
        "processedCount": null,
        "totalCount": null,
        "scope": null
      }
    }
  ],
  "errors": [
    {
      "id": "string",
      "source": "string",
      "handler": "string",
      "entityType": null,
      "recordId": null,
      "tenantId": null,
      "organizationId": null,
      "message": "string",
      "stack": null,
      "payload": null,
      "occurredAt": "string"
    }
  ],
  "logs": [
    {
      "id": "string",
      "source": "string",
      "handler": "string",
      "level": "info",
      "entityType": null,
      "recordId": null,
      "tenantId": null,
      "organizationId": null,
      "message": "string",
      "details": null,
      "occurredAt": "string"
    }
  ]
}
400Tenant or organization context required
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/query_index/status" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Workflows

Showing 20 of 23 endpoints
GET/workflows/definitions

List workflow definitions

Get a list of workflow definitions with optional filters. Supports pagination and search.

Parameters

NameInRequiredSchemaDescription
workflowIdqueryYesany
enabledqueryNoany
searchqueryNoany
limitqueryNoany
offsetqueryNoany

Responses

200List of workflow definitions with pagination
Content-Type: application/json
{
  "data": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "workflowId": "checkout-flow",
      "workflowName": "Checkout Flow",
      "description": "Complete checkout workflow for processing orders",
      "version": 1,
      "definition": {
        "steps": [
          {
            "stepId": "start",
            "stepName": "Start",
            "stepType": "START"
          },
          {
            "stepId": "validate-cart",
            "stepName": "Validate Cart",
            "stepType": "AUTOMATED"
          },
          {
            "stepId": "end",
            "stepName": "End",
            "stepType": "END"
          }
        ],
        "transitions": [
          {
            "transitionId": "start-to-validate",
            "fromStepId": "start",
            "toStepId": "validate-cart",
            "trigger": "auto"
          },
          {
            "transitionId": "validate-to-end",
            "fromStepId": "validate-cart",
            "toStepId": "end",
            "trigger": "auto"
          }
        ]
      },
      "enabled": true,
      "tenantId": "123e4567-e89b-12d3-a456-426614174001",
      "organizationId": "123e4567-e89b-12d3-a456-426614174002",
      "createdAt": "2025-12-08T10:00:00.000Z",
      "updatedAt": "2025-12-08T10:00:00.000Z"
    }
  ],
  "pagination": {
    "total": 1,
    "limit": 50,
    "offset": 0,
    "hasMore": false
  }
}

Example

curl -X GET "https://app.nwf24.pl/api/workflows/definitions?workflowId=string&limit=50&offset=0" \
  -H "Accept: application/json"
POST/workflows/definitions

Create workflow definition

Create a new workflow definition. The definition must include at least START and END steps with at least one transition connecting them.

Request body (application/json)

{
  "workflowId": "checkout-flow",
  "workflowName": "Checkout Flow",
  "description": "Complete checkout workflow for processing orders",
  "version": 1,
  "definition": {
    "steps": [
      {
        "stepId": "start",
        "stepName": "Start",
        "stepType": "START"
      },
      {
        "stepId": "validate-cart",
        "stepName": "Validate Cart",
        "stepType": "AUTOMATED",
        "description": "Validate cart items and check inventory"
      },
      {
        "stepId": "payment",
        "stepName": "Process Payment",
        "stepType": "AUTOMATED",
        "description": "Charge payment method",
        "retryPolicy": {
          "maxAttempts": 3,
          "backoffMs": 1000
        }
      },
      {
        "stepId": "end",
        "stepName": "End",
        "stepType": "END"
      }
    ],
    "transitions": [
      {
        "transitionId": "start-to-validate",
        "fromStepId": "start",
        "toStepId": "validate-cart",
        "trigger": "auto"
      },
      {
        "transitionId": "validate-to-payment",
        "fromStepId": "validate-cart",
        "toStepId": "payment",
        "trigger": "auto"
      },
      {
        "transitionId": "payment-to-end",
        "fromStepId": "payment",
        "toStepId": "end",
        "trigger": "auto",
        "activities": [
          {
            "activityName": "Send Order Confirmation",
            "activityType": "SEND_EMAIL",
            "config": {
              "to": "{{context.customerEmail}}",
              "subject": "Order Confirmation #{{context.orderId}}",
              "template": "order_confirmation"
            }
          }
        ]
      }
    ]
  },
  "enabled": true
}

Responses

201Workflow definition created successfully
Content-Type: application/json
{
  "data": {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "workflowId": "checkout-flow",
    "workflowName": "Checkout Flow",
    "description": "Complete checkout workflow for processing orders",
    "version": 1,
    "definition": {
      "steps": [
        {
          "stepId": "start",
          "stepName": "Start",
          "stepType": "START"
        },
        {
          "stepId": "validate-cart",
          "stepName": "Validate Cart",
          "stepType": "AUTOMATED"
        },
        {
          "stepId": "payment",
          "stepName": "Process Payment",
          "stepType": "AUTOMATED"
        },
        {
          "stepId": "end",
          "stepName": "End",
          "stepType": "END"
        }
      ],
      "transitions": [
        {
          "transitionId": "start-to-validate",
          "fromStepId": "start",
          "toStepId": "validate-cart",
          "trigger": "auto"
        },
        {
          "transitionId": "validate-to-payment",
          "fromStepId": "validate-cart",
          "toStepId": "payment",
          "trigger": "auto"
        },
        {
          "transitionId": "payment-to-end",
          "fromStepId": "payment",
          "toStepId": "end",
          "trigger": "auto"
        }
      ]
    },
    "enabled": true,
    "tenantId": "123e4567-e89b-12d3-a456-426614174001",
    "organizationId": "123e4567-e89b-12d3-a456-426614174002",
    "createdAt": "2025-12-08T10:00:00.000Z",
    "updatedAt": "2025-12-08T10:00:00.000Z"
  },
  "message": "Workflow definition created successfully"
}
400Validation error - invalid workflow structure
Content-Type: application/json
{
  "error": "Validation failed",
  "details": [
    {
      "code": "invalid_type",
      "message": "Workflow must have at least START and END steps",
      "path": [
        "definition",
        "steps"
      ]
    }
  ]
}
409Conflict - workflow with same ID and version already exists
Content-Type: application/json
{
  "error": "Workflow definition with ID \"checkout-flow\" and version 1 already exists"
}

Example

curl -X POST "https://app.nwf24.pl/api/workflows/definitions" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"workflowId\": \"string\",
  \"workflowName\": \"string\",
  \"description\": null,
  \"version\": 1,
  \"definition\": {
    \"steps\": [
      {
        \"stepId\": \"string\",
        \"stepName\": \"string\",
        \"stepType\": \"START\"
      }
    ],
    \"transitions\": [
      {
        \"transitionId\": \"string\",
        \"fromStepId\": \"string\",
        \"toStepId\": \"string\",
        \"trigger\": \"auto\",
        \"continueOnActivityFailure\": false,
        \"priority\": 0
      }
    ]
  },
  \"metadata\": null,
  \"enabled\": true
}"
GET/workflows/definitions/{id}

Get workflow definition

Get a single workflow definition by ID. Returns the complete workflow structure including steps and transitions (with embedded activities).

Parameters

NameInRequiredSchemaDescription
idpathYesanyUUID for DB definitions, or "code:<workflowId>" for code-based definitions

Responses

200Workflow definition found
Content-Type: application/json
{
  "data": {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "workflowId": "checkout-flow",
    "workflowName": "Checkout Flow",
    "description": "Complete checkout workflow for processing orders",
    "version": 1,
    "definition": {
      "steps": [
        {
          "stepId": "start",
          "stepName": "Start",
          "stepType": "START"
        },
        {
          "stepId": "validate-cart",
          "stepName": "Validate Cart",
          "stepType": "AUTOMATED",
          "description": "Validate cart items and check inventory"
        },
        {
          "stepId": "payment",
          "stepName": "Process Payment",
          "stepType": "AUTOMATED",
          "description": "Charge payment method",
          "retryPolicy": {
            "maxAttempts": 3,
            "backoffMs": 1000
          }
        },
        {
          "stepId": "end",
          "stepName": "End",
          "stepType": "END"
        }
      ],
      "transitions": [
        {
          "transitionId": "start-to-validate",
          "fromStepId": "start",
          "toStepId": "validate-cart",
          "trigger": "auto"
        },
        {
          "transitionId": "validate-to-payment",
          "fromStepId": "validate-cart",
          "toStepId": "payment",
          "trigger": "auto"
        },
        {
          "transitionId": "payment-to-end",
          "fromStepId": "payment",
          "toStepId": "end",
          "trigger": "auto",
          "activities": [
            {
              "activityName": "Send Order Confirmation",
              "activityType": "SEND_EMAIL",
              "config": {
                "to": "{{context.customerEmail}}",
                "subject": "Order Confirmation #{{context.orderId}}",
                "template": "order_confirmation"
              }
            }
          ]
        }
      ]
    },
    "enabled": true,
    "tenantId": "123e4567-e89b-12d3-a456-426614174001",
    "organizationId": "123e4567-e89b-12d3-a456-426614174002",
    "createdAt": "2025-12-08T10:00:00.000Z",
    "updatedAt": "2025-12-08T10:00:00.000Z"
  }
}
404Workflow definition not found
Content-Type: application/json
{
  "error": "Workflow definition not found"
}

Example

curl -X GET "https://app.nwf24.pl/api/workflows/definitions/string" \
  -H "Accept: application/json"
PUT/workflows/definitions/{id}

Update workflow definition

Update an existing workflow definition. Supports partial updates - only provided fields will be updated.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Request body (application/json)

{
  "definition": {
    "steps": [
      {
        "stepId": "start",
        "stepName": "Start",
        "stepType": "START"
      },
      {
        "stepId": "validate-cart",
        "stepName": "Validate Cart",
        "stepType": "AUTOMATED"
      },
      {
        "stepId": "payment",
        "stepName": "Process Payment",
        "stepType": "AUTOMATED"
      },
      {
        "stepId": "confirmation",
        "stepName": "Order Confirmation",
        "stepType": "AUTOMATED"
      },
      {
        "stepId": "end",
        "stepName": "End",
        "stepType": "END"
      }
    ],
    "transitions": [
      {
        "transitionId": "start-to-validate",
        "fromStepId": "start",
        "toStepId": "validate-cart",
        "trigger": "auto"
      },
      {
        "transitionId": "validate-to-payment",
        "fromStepId": "validate-cart",
        "toStepId": "payment",
        "trigger": "auto"
      },
      {
        "transitionId": "payment-to-confirmation",
        "fromStepId": "payment",
        "toStepId": "confirmation",
        "trigger": "auto"
      },
      {
        "transitionId": "confirmation-to-end",
        "fromStepId": "confirmation",
        "toStepId": "end",
        "trigger": "auto"
      }
    ]
  },
  "enabled": true
}

Responses

200Workflow definition updated successfully
Content-Type: application/json
{
  "data": {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "workflowId": "checkout-flow",
    "workflowName": "Checkout Flow",
    "description": "Complete checkout workflow for processing orders",
    "version": 1,
    "definition": {
      "steps": [
        {
          "stepId": "start",
          "stepName": "Start",
          "stepType": "START"
        },
        {
          "stepId": "validate-cart",
          "stepName": "Validate Cart",
          "stepType": "AUTOMATED"
        },
        {
          "stepId": "payment",
          "stepName": "Process Payment",
          "stepType": "AUTOMATED"
        },
        {
          "stepId": "confirmation",
          "stepName": "Order Confirmation",
          "stepType": "AUTOMATED"
        },
        {
          "stepId": "end",
          "stepName": "End",
          "stepType": "END"
        }
      ],
      "transitions": [
        {
          "transitionId": "start-to-validate",
          "fromStepId": "start",
          "toStepId": "validate-cart",
          "trigger": "auto"
        },
        {
          "transitionId": "validate-to-payment",
          "fromStepId": "validate-cart",
          "toStepId": "payment",
          "trigger": "auto"
        },
        {
          "transitionId": "payment-to-confirmation",
          "fromStepId": "payment",
          "toStepId": "confirmation",
          "trigger": "auto"
        },
        {
          "transitionId": "confirmation-to-end",
          "fromStepId": "confirmation",
          "toStepId": "end",
          "trigger": "auto"
        }
      ]
    },
    "enabled": true,
    "tenantId": "123e4567-e89b-12d3-a456-426614174001",
    "organizationId": "123e4567-e89b-12d3-a456-426614174002",
    "createdAt": "2025-12-08T10:00:00.000Z",
    "updatedAt": "2025-12-08T11:30:00.000Z"
  },
  "message": "Workflow definition updated successfully"
}
400Validation error
Content-Type: application/json
{
  "error": "Validation failed",
  "details": [
    {
      "code": "invalid_type",
      "message": "Expected object, received string",
      "path": [
        "definition"
      ]
    }
  ]
}
404Workflow definition not found
Content-Type: application/json
{
  "error": "Workflow definition not found"
}

Example

curl -X PUT "https://app.nwf24.pl/api/workflows/definitions/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"description\": null,
  \"metadata\": null,
  \"effectiveFrom\": null,
  \"effectiveTo\": null
}"
DELETE/workflows/definitions/{id}

Delete workflow definition

Soft delete a workflow definition. Cannot be deleted if there are active workflow instances (RUNNING or WAITING status) using this definition.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Workflow definition deleted successfully
Content-Type: application/json
{
  "message": "Workflow definition deleted successfully"
}
404Workflow definition not found
Content-Type: application/json
{
  "error": "Workflow definition not found"
}
409Cannot delete - active workflow instances exist
Content-Type: application/json
{
  "error": "Cannot delete workflow definition with 3 active instance(s)"
}

Example

curl -X DELETE "https://app.nwf24.pl/api/workflows/definitions/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json"
POST/workflows/definitions/{id}/customize

Customize code-based workflow definition

Creates a DB override for a code-based workflow definition, seeded from the current code registry values. The id param must be of the form "code:<workflowId>".

Parameters

NameInRequiredSchemaDescription
idpathYesanyMust be of the form "code:<workflowId>"

Responses

200Workflow definition customized successfully
Content-Type: application/json
{
  "data": {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "workflowId": "workflows.simple-approval",
    "workflowName": "Simple Approval Workflow",
    "source": "code_override"
  },
  "message": "Workflow definition customized successfully"
}
400Not a code-based id
Content-Type: application/json
{
  "error": "Customize is only supported for code-based workflow definitions"
}
404Code workflow not found
Content-Type: application/json
{
  "error": "Workflow definition not found"
}

Example

curl -X POST "https://app.nwf24.pl/api/workflows/definitions/string/customize" \
  -H "Accept: application/json"
POST/workflows/definitions/{id}/reset-to-code

Reset workflow definition to code version

Deletes the DB override for a code-based workflow definition, reverting it to the original code registry version. Cannot be reset if there are active instances.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Workflow definition reset to code version
Content-Type: application/json
{
  "data": {
    "id": "code:checkout-flow",
    "workflowId": "checkout-flow",
    "workflowName": "Checkout Flow",
    "description": "Code-defined checkout workflow",
    "version": 1,
    "source": "code",
    "isCodeBased": true
  },
  "message": "Workflow definition reset to code version"
}
400Definition is not a code-based override
Content-Type: application/json
{
  "error": "This workflow definition is not a code-based override and cannot be reset"
}
404Workflow definition not found
Content-Type: application/json
{
  "error": "Workflow definition not found"
}
409Cannot reset - active workflow instances exist
Content-Type: application/json
{
  "error": "Cannot reset workflow definition with 3 active instance(s)"
}

Example

curl -X POST "https://app.nwf24.pl/api/workflows/definitions/00000000-0000-4000-8000-000000000000/reset-to-code" \
  -H "Accept: application/json"
GET/workflows/events

List all workflow events

Get a paginated list of all workflow events with filtering options

Parameters

NameInRequiredSchemaDescription
pagequeryNoany
pageSizequeryNoany
eventTypequeryNoany
workflowInstanceIdqueryNoany
userIdqueryNoany
occurredAtFromqueryNoany
occurredAtToqueryNoany
sortFieldqueryNoany
sortDirqueryNoany

Responses

200List of workflow events
Content-Type: application/json
{
  "items": [
    {
      "id": "string",
      "workflowInstanceId": "00000000-0000-4000-8000-000000000000",
      "stepInstanceId": null,
      "eventType": "string",
      "occurredAt": "string",
      "userId": null,
      "workflowInstance": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/workflows/events?page=1&pageSize=50&sortField=occurredAt&sortDir=desc" \
  -H "Accept: application/json"
GET/workflows/events/{id}

Get workflow event by ID

Get detailed information about a specific workflow event

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Workflow event details
Content-Type: application/json
{
  "id": "string",
  "workflowInstanceId": "00000000-0000-4000-8000-000000000000",
  "stepInstanceId": null,
  "eventType": "string",
  "occurredAt": "string",
  "userId": null,
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "workflowInstance": null
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "error": "string"
}
404Workflow event not found
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/workflows/events/:id" \
  -H "Accept: application/json"
GET/workflows/instances

List workflow instances

Get a list of workflow instances with optional filters. Supports pagination and filtering by status, workflowId, correlationKey, etc.

Parameters

NameInRequiredSchemaDescription
workflowIdqueryNoany
statusqueryNoany
correlationKeyqueryNoany
entityTypequeryNoany
entityIdqueryNoany
limitqueryNoany
offsetqueryNoany

Responses

200List of workflow instances
Content-Type: application/json
{
  "data": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "definitionId": "00000000-0000-4000-8000-000000000000",
      "workflowId": "string",
      "version": 1,
      "status": "RUNNING",
      "currentStepId": "string",
      "correlationKey": null,
      "metadata": null,
      "startedAt": "string",
      "completedAt": null,
      "pausedAt": null,
      "cancelledAt": null,
      "errorMessage": null,
      "errorDetails": null,
      "pendingTransition": null,
      "retryCount": 1,
      "tenantId": "00000000-0000-4000-8000-000000000000",
      "organizationId": "00000000-0000-4000-8000-000000000000",
      "createdAt": "string",
      "updatedAt": "string",
      "deletedAt": null
    }
  ],
  "pagination": {
    "total": 1,
    "limit": 1,
    "offset": 1,
    "hasMore": true
  }
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/workflows/instances?limit=50&offset=0" \
  -H "Accept: application/json"
POST/workflows/instances

Start workflow instance

Start a new workflow instance from a workflow definition. The workflow will execute immediately.

Request body (application/json)

{
  "workflowId": "string"
}

Responses

201Workflow started successfully
Content-Type: application/json
{
  "data": {
    "instance": {
      "id": "00000000-0000-4000-8000-000000000000",
      "definitionId": "00000000-0000-4000-8000-000000000000",
      "workflowId": "string",
      "version": 1,
      "status": "RUNNING",
      "currentStepId": "string",
      "correlationKey": null,
      "metadata": null,
      "startedAt": "string",
      "completedAt": null,
      "pausedAt": null,
      "cancelledAt": null,
      "errorMessage": null,
      "errorDetails": null,
      "pendingTransition": null,
      "retryCount": 1,
      "tenantId": "00000000-0000-4000-8000-000000000000",
      "organizationId": "00000000-0000-4000-8000-000000000000",
      "createdAt": "string",
      "updatedAt": "string",
      "deletedAt": null
    },
    "execution": {
      "status": "RUNNING",
      "currentStep": "string",
      "message": "string"
    }
  },
  "message": "string"
}
400Bad request - Validation failed or definition disabled/invalid
Content-Type: application/json
{
  "error": "string"
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
403Forbidden - Insufficient permissions
Content-Type: application/json
{
  "error": "string"
}
404Workflow definition not found
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/workflows/instances" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"workflowId\": \"string\"
}"
GET/workflows/instances/{id}

Get workflow instance

Get detailed information about a specific workflow instance including current state, context, and execution status.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Workflow instance details
Content-Type: application/json
{
  "data": {
    "id": "00000000-0000-4000-8000-000000000000",
    "definitionId": "00000000-0000-4000-8000-000000000000",
    "workflowId": "string",
    "version": 1,
    "status": "RUNNING",
    "currentStepId": "string",
    "correlationKey": null,
    "metadata": null,
    "startedAt": "string",
    "completedAt": null,
    "pausedAt": null,
    "cancelledAt": null,
    "errorMessage": null,
    "errorDetails": null,
    "pendingTransition": null,
    "retryCount": 1,
    "tenantId": "00000000-0000-4000-8000-000000000000",
    "organizationId": "00000000-0000-4000-8000-000000000000",
    "createdAt": "string",
    "updatedAt": "string",
    "deletedAt": null
  }
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
404Workflow instance not found
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/workflows/instances/:id" \
  -H "Accept: application/json"
POST/workflows/instances/{id}/advance

Manually advance workflow to next step

Manually advance a workflow instance to the next step. Useful for manual progression, step-by-step testing, user-triggered transitions, and approval flows. Validates transitions and auto-progresses if possible.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Request body (application/json)

{}

Responses

200Workflow advanced successfully
Content-Type: application/json
{
  "data": {
    "instance": {
      "id": "00000000-0000-4000-8000-000000000000",
      "status": "string",
      "currentStepId": null,
      "previousStepId": null,
      "transitionFired": null
    }
  },
  "message": "string"
}
400Invalid request, no valid transitions, or workflow already completed/cancelled/failed
Content-Type: application/json
{
  "error": "string"
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "error": "string"
}
404Workflow instance not found
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/workflows/instances/:id/advance" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{}"
POST/workflows/instances/{id}/cancel

Cancel workflow instance

Cancel a running or paused workflow instance. The workflow will be marked as CANCELLED and will not execute further.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Workflow cancelled successfully
Content-Type: application/json
{
  "data": {
    "id": "00000000-0000-4000-8000-000000000000",
    "definitionId": "00000000-0000-4000-8000-000000000000",
    "workflowId": "string",
    "version": 1,
    "status": "RUNNING",
    "currentStepId": "string",
    "correlationKey": null,
    "metadata": null,
    "startedAt": "string",
    "completedAt": null,
    "pausedAt": null,
    "cancelledAt": null,
    "errorMessage": null,
    "errorDetails": null,
    "pendingTransition": null,
    "retryCount": 1,
    "tenantId": "00000000-0000-4000-8000-000000000000",
    "organizationId": "00000000-0000-4000-8000-000000000000",
    "createdAt": "string",
    "updatedAt": "string",
    "deletedAt": null
  },
  "message": "string"
}
400Bad request - Workflow cannot be cancelled in current status
Content-Type: application/json
{
  "error": "string"
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
403Forbidden - Insufficient permissions
Content-Type: application/json
{
  "error": "string"
}
404Workflow instance not found
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/workflows/instances/:id/cancel" \
  -H "Accept: application/json"
GET/workflows/instances/{id}/events

Get workflow instance events

Get a chronological list of events for a workflow instance. Events track all state changes, transitions, and activities.

Parameters

NameInRequiredSchemaDescription
idpathYesany
eventTypequeryNoany
limitqueryNoany
offsetqueryNoany

Responses

200List of workflow events
Content-Type: application/json
{
  "data": [
    {
      "id": "string",
      "workflowInstanceId": "00000000-0000-4000-8000-000000000000",
      "stepInstanceId": null,
      "eventType": "string",
      "occurredAt": "string",
      "userId": null,
      "tenantId": "00000000-0000-4000-8000-000000000000",
      "organizationId": "00000000-0000-4000-8000-000000000000"
    }
  ],
  "pagination": {
    "total": 1,
    "limit": 1,
    "offset": 1,
    "hasMore": true
  }
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
404Workflow instance not found
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/workflows/instances/:id/events?limit=100&offset=0" \
  -H "Accept: application/json"
POST/workflows/instances/{id}/retry

Retry failed workflow instance

Retry a failed workflow instance from its current step. The workflow will be reset to RUNNING status and execution will continue.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Responses

200Workflow retry initiated successfully
Content-Type: application/json
{
  "data": {
    "instance": {
      "id": "00000000-0000-4000-8000-000000000000",
      "definitionId": "00000000-0000-4000-8000-000000000000",
      "workflowId": "string",
      "version": 1,
      "status": "RUNNING",
      "currentStepId": "string",
      "correlationKey": null,
      "metadata": null,
      "startedAt": "string",
      "completedAt": null,
      "pausedAt": null,
      "cancelledAt": null,
      "errorMessage": null,
      "errorDetails": null,
      "pendingTransition": null,
      "retryCount": 1,
      "tenantId": "00000000-0000-4000-8000-000000000000",
      "organizationId": "00000000-0000-4000-8000-000000000000",
      "createdAt": "string",
      "updatedAt": "string",
      "deletedAt": null
    },
    "execution": {
      "status": "RUNNING",
      "currentStep": "string",
      "events": [
        {
          "eventType": "string",
          "occurredAt": "string"
        }
      ],
      "executionTime": 1
    }
  },
  "message": "string"
}
400Bad request - Workflow cannot be retried in current status or execution error
Content-Type: application/json
{
  "error": "string"
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
403Forbidden - Insufficient permissions
Content-Type: application/json
{
  "error": "string"
}
404Workflow instance not found
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/workflows/instances/:id/retry" \
  -H "Accept: application/json"
POST/workflows/instances/{id}/signal

Send signal to specific workflow

Sends a signal to a specific workflow instance waiting for a signal. The workflow must be in PAUSED status and waiting for the specified signal.

Parameters

NameInRequiredSchemaDescription
idpathYesany

Request body (application/json)

{
  "signalName": "string"
}

Responses

200Signal sent successfully
Content-Type: application/json
{
  "success": true,
  "message": "string"
}
400Invalid request body or signal name mismatch
Content-Type: application/json
{
  "error": "string"
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "error": "string"
}
404Instance or definition not found
Content-Type: application/json
{
  "error": "string"
}
409Workflow not paused or not waiting for signal
Content-Type: application/json
{
  "error": "string"
}
500Internal server error or transition failed
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/workflows/instances/:id/signal" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"signalName\": \"string\"
}"
POST/workflows/instances/validate-start

Validate if workflow can be started

Evaluates pre-conditions defined on the START step and returns validation errors with localized messages if any fail. Returns canStart: true/false with details.

Request body (application/json)

{
  "workflowId": "string"
}

Responses

200Validation result (canStart, errors, validatedRules)
Content-Type: application/json
{
  "canStart": true,
  "workflowId": "string"
}
400Invalid request body or missing context
Content-Type: application/json
{
  "error": "string"
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/workflows/instances/validate-start" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"workflowId\": \"string\"
}"
POST/workflows/signals

Send signal to workflows by correlation key

Sends a signal to all workflow instances waiting for the specified signal that match the correlation key. Returns the count of workflows that received the signal.

Request body (application/json)

{
  "correlationKey": "string",
  "signalName": "string"
}

Responses

200Signal sent to matching workflows
Content-Type: application/json
{
  "success": true,
  "message": "string",
  "count": 1
}
400Missing tenant or organization context
Content-Type: application/json
{
  "error": "string"
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
403Insufficient permissions
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X POST "https://app.nwf24.pl/api/workflows/signals" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"correlationKey\": \"string\",
  \"signalName\": \"string\"
}"
GET/workflows/tasks

List user tasks

Returns paginated list of user tasks with optional filtering by status, assignee, workflow instance, overdue, and myTasks flags.

Parameters

NameInRequiredSchemaDescription
statusqueryNoanyFilter by status (comma-separated for multiple: PENDING,IN_PROGRESS,COMPLETED,CANCELLED,ESCALATED)
assignedToqueryNoanyFilter by assigned user ID
workflowInstanceIdqueryNoanyFilter by workflow instance ID
overduequeryNoanyFilter overdue tasks (true/false)
myTasksqueryNoanyShow only tasks assigned to or claimable by current user
limitqueryNoanyNumber of results (max 100)
offsetqueryNoanyPagination offset

Responses

200User tasks list with pagination
Content-Type: application/json
{
  "data": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "workflowInstanceId": "00000000-0000-4000-8000-000000000000",
      "stepInstanceId": "00000000-0000-4000-8000-000000000000",
      "taskName": "string",
      "description": null,
      "status": "PENDING",
      "formSchema": null,
      "formData": null,
      "assignedTo": null,
      "assignedToRoles": null,
      "claimedBy": null,
      "claimedAt": null,
      "dueDate": null,
      "escalatedAt": null,
      "escalatedTo": null,
      "completedBy": null,
      "completedAt": null,
      "tenantId": "00000000-0000-4000-8000-000000000000",
      "organizationId": "00000000-0000-4000-8000-000000000000",
      "createdAt": "string",
      "updatedAt": "string"
    }
  ],
  "pagination": {
    "total": 1,
    "limit": 1,
    "offset": 1,
    "hasMore": true
  }
}
400Invalid query parameters or missing tenant context
Content-Type: application/json
{
  "error": "string"
}
401Unauthorized
Content-Type: application/json
{
  "error": "string"
}
500Internal server error
Content-Type: application/json
{
  "error": "string"
}

Example

curl -X GET "https://app.nwf24.pl/api/workflows/tasks?limit=50&offset=0" \
  -H "Accept: application/json"