Authentication & Access

Endpoints for provisioning back-office users, synchronising till credentials and supporting customer login flows. Controllers in this module inherit from BaseAPIController unless noted and therefore require an authenticated POS admin bearer token.

UserController

Supplies POS terminals with user accounts and outlet assignments, supports self-registration from consumer channels and allows updating stored customer profiles.

Endpoint Description Request Response
GET /api/User/GetUsers Returns all POS users, outlet-user assignments and role mappings updated within a time window. Query: Dates with LastExecutedDate and CurrentDate. UserData containing Users, Roles, TillUsers and UserRoles.
GET /api/User/GetNewUsers Registers a till user coming from POSSUM back office and returns the full user data payload so tills can refresh their caches. Query: UserModel with outlet, credentials and Dallas key. UserData with the newly created outlet user and associated lookup information.
POST /api/User/PostUser Creates a new POS admin/portal account and links it to an outlet. Body: UserModel JSON payload. HTTP 200 when the account is created; HTTP 412 or 417 when creation fails.
GET /api/User/Login/{phoneNo} Starts the mobile consumer login flow by generating or reusing a PIN code and texting it to the customer. Route: customer phone number. UsersLoginResponse with messaging and the generated PIN (also stored on the customer record).
GET /api/User/SMSValidation/{phoneNo}/{pin} Validates the SMS PIN provided by the customer and returns their account profile when successful. Route: phone number and the submitted PIN code. UsersLoginResponse containing the matched Customer and success message.
POST /api/User/UpdateCustomer Updates stored customer contact information after a successful login or profile edit. Body: Customer entity with revised fields (name, address, organisation number, etc.). UsersPutResponse indicating whether the update was persisted.
GET /api/User/GetTenantUserByCompanyId/{companyId} Retrieves the POS admin portal credentials tied to a tenant for integrations that need to impersonate that tenant. Route: Tenant companyId (GUID). TenantUser with username and encoded password, or empty values if the company has no assigned user.

OutletUserController

Enables tills to synchronise local outlet user lists in scheduled batches so they can work offline when needed.

Endpoint Description Request Response
GET /api/OutletUser/GetOutletUsers Returns active outlet users that changed within the provided timeframe for a specific outlet. Query: DatesApi with From, To and the outlet identifier. JSON array of OutletUserApi objects representing till login accounts.

AccountController (MVC)

Web-based endpoints that power the POS admin portal's login, registration and two-factor authentication screens.

Endpoint Description Request Response
GET /Account/Login Renders the login form for POS admin portal users. Query: optional return URL. HTML view prompting for username and password.
POST /Account/Login Authenticates the submitted credentials and redirects to the requested page or shows validation errors. Body: form encoded LoginViewModel with email, password and remember-me flag. Redirect to the admin portal on success; lockout, verification or validation views otherwise.
GET /Account/Register Presents the registration form used when onboarding a new master tenant. None. HTML form capturing company and administrator information.
POST /Account/Register Creates a new master admin user and associates it with a company record. Body: RegisterMasterUserViewModel posted from the registration form. Redirect to the account index when successful, otherwise re-renders with validation errors.

ManageController (MVC)

Provides authenticated portal users with self-service actions such as updating passwords, managing phone numbers and toggling two-factor authentication.

Endpoint Description Request Response
GET /Manage/Index Displays the user profile dashboard including linked logins and two-factor status. Query: optional status message identifier. HTML dashboard summarising the signed-in user's account state.
POST /Manage/AddPhoneNumber Registers a phone number for two-factor authentication and sends a verification SMS. Body: AddPhoneNumberViewModel. Redirect to /Manage/VerifyPhoneNumber to enter the received token.
POST /Manage/EnableTwoFactorAuthentication Turns on two-factor authentication for the current portal user. Anti-forgery protected form submission. Redirect back to the manage dashboard once enabled.
POST /Manage/DisableTwoFactorAuthentication Disables two-factor authentication for the current portal user. Anti-forgery protected form submission. Redirect back to the manage dashboard once disabled.