WebninjaAfrica Intact API Documentation

Complete RESTful API for Certification Management System

38
Tables
9
Modules
150+
Endpoints

Authentication

POST /auth/login Login and get JWT token

Description: Authenticates a user and returns a JWT token for subsequent API calls.

Request Body:

{
    "email": "user@example.com",
    "password": "your_password"
}

Response:

{
    "success": true,
    "token": "eyJhbGciOiJIUzI1NiIs...",
    "user": {
        "id": "uuid",
        "tenant_id": "uuid",
        "email": "user@example.com",
        "first_name": "John",
        "last_name": "Doe",
        "roles": ["admin", "auditor"]
    },
    "expires_in": 86400
}
POST /auth/logout Logout user

Headers:

Authorization: Bearer {token}

Response:

{
    "success": true,
    "message": "Logged out successfully"
}
GET /auth/me Get current user info

Headers:

Authorization: Bearer {token}

Response:

{
    "success": true,
    "data": {
        "id": "uuid",
        "email": "user@example.com",
        "first_name": "John",
        "last_name": "Doe",
        "tenant_id": "uuid"
    }
}
POST /auth/change-password Change user password

Headers:

Authorization: Bearer {token}

Request Body:

{
    "current_password": "old_password",
    "new_password": "new_password"
}

Response:

{
    "success": true,
    "message": "Password changed successfully"
}

Base URL

http://your-server/api/v1

All endpoints are relative to this base URL.

Response Format

Success Response:

{
    "success": true,
    "data": {...},
    "pagination": {
        "current_page": 1,
        "per_page": 50,
        "total": 100,
        "total_pages": 2
    }
}

Error Response:

{
    "success": false,
    "message": "Error description",
    "status_code": 400
}

Module 1: Core System - Tenants

GET /tenants List all tenants

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
pageintegerPage number (default: 1)
limitintegerItems per page (default: 50, max: 100)
searchstringSearch term for name, legal_name, country
statusstringFilter by status (active, suspended, trial)
countrystringFilter by country
GET /tenants/{id} Get tenant by ID

Headers:

Authorization: Bearer {token}

Path Parameters:

ParameterTypeDescription
idUUIDTenant ID
POST /tenants Create a new tenant

Headers:

Authorization: Bearer {token}

Request Body:

{
    "name": "Certification Body Name",
    "legal_name": "Legal Entity Name",
    "tax_id": "TAX123456",
    "website": "https://example.com",
    "country": "Kenya",
    "timezone": "Africa/Nairobi",
    "subscription_tier": "professional",
    "status": "active"
}
PUT /tenants/{id} Update tenant

Headers:

Authorization: Bearer {token}

Request Body:

{
    "name": "Updated Name",
    "status": "active"
}
DELETE /tenants/{id} Soft delete tenant

Headers:

Authorization: Bearer {token}

Users Management

GET /users List all users

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
pageintegerPage number
limitintegerItems per page
searchstringSearch by email, first_name, last_name, phone
tenant_idUUIDFilter by tenant
is_activebooleanFilter by active status
job_titlestringFilter by job title
GET /users/{id} Get user by ID

Headers:

Authorization: Bearer {token}
POST /users Create a new user

Request Body:

{
    "tenant_id": "uuid",
    "email": "user@example.com",
    "password": "secure_password",
    "first_name": "John",
    "last_name": "Doe",
    "job_title": "Lead Auditor",
    "phone": "+254700000000",
    "is_active": true
}
PUT /users/{id} Update user

Request Body:

{
    "first_name": "Updated Name",
    "job_title": "Senior Auditor",
    "is_active": true
}
DELETE /users/{id} Delete user

Headers:

Authorization: Bearer {token}

Roles Management

GET /roles List all roles

Headers:

Authorization: Bearer {token}
GET /roles/{id} Get role by ID

Headers:

Authorization: Bearer {token}
POST /roles Create a new role

Request Body:

{
    "tenant_id": "uuid",
    "name": "Quality Manager",
    "description": "Manages quality processes",
    "is_system_role": false
}
PUT /roles/{id} Update role

Request Body:

{
    "name": "Senior Quality Manager",
    "description": "Updated description"
}
GET /roles/{id}/permissions Get role permissions

Headers:

Authorization: Bearer {token}
POST /roles/{id}/permissions Assign permissions to role

Request Body:

{
    "permission_ids": ["uuid1", "uuid2", "uuid3"]
}

Permissions Management

GET /permissions List all permissions

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
resourcestringFilter by resource (tenant, user, client, audit, etc.)
GET /permissions/{id} Get permission by ID

Headers:

Authorization: Bearer {token}
POST /permissions Create a new permission

Request Body:

{
    "resource": "report",
    "action": "export",
    "description": "Ability to export reports"
}

Audit Logs

GET /audit-logs List audit logs

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
actionstringFilter by action (CREATE, UPDATE, DELETE, LOGIN)
resource_typestringFilter by resource type
user_idUUIDFilter by user
start_datedateFilter by start date
end_datedateFilter by end date
GET /audit-logs/{id} Get audit log entry

Headers:

Authorization: Bearer {token}

Documents Management

GET /documents List documents

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
parent_idUUIDFilter by parent folder
is_folderbooleanFilter by folder/file type
searchstringSearch by name or description
GET /documents/{id} Get document by ID

Headers:

Authorization: Bearer {token}
POST /documents Upload a file

Headers:

Authorization: Bearer {token}
Content-Type: multipart/form-data

Form Data:

ParameterTypeDescription
filefileRequiredThe file to upload
parent_idUUIDParent folder ID (optional)
descriptionstringFile description
POST /documents/folder Create a folder

Request Body:

{
    "name": "Audit Reports",
    "parent_id": "uuid",
    "description": "Folder for audit reports"
}
GET /documents/{id}/download Download a file

Headers:

Authorization: Bearer {token}

Returns the actual file content with appropriate headers.

DELETE /documents/{id} Delete document/folder

Headers:

Authorization: Bearer {token}

Module 2: Client Management - Clients

GET /clients List all clients

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
searchstringSearch by legal_name, trading_name, client_code
statusstringFilter by status (active, inactive)
industry_sectorstringFilter by industry sector
GET /clients/{id} Get client by ID

Headers:

Authorization: Bearer {token}
POST /clients Create a new client

Request Body:

{
    "client_code": "CLT001",
    "legal_name": "ABC Manufacturing Ltd",
    "trading_name": "ABC Manufacturing",
    "registration_number": "REG123456",
    "tax_id": "TAX789012",
    "website": "https://abcmfg.com",
    "industry_sector": "Manufacturing",
    "employee_count": 500,
    "annual_revenue": 50000000,
    "currency": "KES",
    "status": "active"
}
PUT /clients/{id} Update client

Request Body:

{
    "legal_name": "Updated Company Name",
    "status": "active"
}
GET /clients/{id}/contacts Get client contacts

Headers:

Authorization: Bearer {token}
GET /clients/{id}/sites Get client sites

Headers:

Authorization: Bearer {token}
GET /clients/{id}/certificates Get client certificates

Headers:

Authorization: Bearer {token}
DELETE /clients/{id} Soft delete client

Headers:

Authorization: Bearer {token}

Client Contacts

GET /client-contacts List client contacts

Headers:

Authorization: Bearer {token}
GET /client-contacts/{id} Get contact by ID

Headers:

Authorization: Bearer {token}
POST /client-contacts Create client contact

Request Body:

{
    "client_id": "uuid",
    "first_name": "John",
    "last_name": "Smith",
    "job_title": "Quality Manager",
    "email": "john.smith@example.com",
    "phone": "+254700000000",
    "mobile": "+254711111111",
    "is_primary": true,
    "is_billing": true,
    "is_technical": false
}

Client Sites

GET /client-sites List client sites

Headers:

Authorization: Bearer {token}
POST /client-sites Create client site

Request Body:

{
    "client_id": "uuid",
    "site_name": "Nairobi Office",
    "site_code": "NBO001",
    "address_line1": "123 Moi Avenue",
    "city": "Nairobi",
    "country": "Kenya",
    "is_headquarters": true,
    "is_active": true
}

Certification Applications

GET /applications List applications

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
statusstringFilter by status (draft, submitted, approved, rejected)
scheme_typestringFilter by scheme type
POST /applications Create application

Request Body:

{
    "client_id": "uuid",
    "application_number": "APP-2025-001",
    "scheme_type": "ISO 9001",
    "standard_id": "uuid",
    "scope_description": "Manufacturing of industrial equipment",
    "status": "draft"
}
POST /applications/{id}/submit Submit application

Headers:

Authorization: Bearer {token}
POST /applications/{id}/approve Approve application

Headers:

Authorization: Bearer {token}
POST /applications/{id}/reject Reject application

Request Body:

{
    "rejection_reason": "Incomplete documentation"
}

Quotations

GET /quotations List quotations

Headers:

Authorization: Bearer {token}
POST /quotations Create quotation

Request Body:

{
    "application_id": "uuid",
    "quotation_number": "Q-2025-001",
    "total_amount": 150000,
    "currency": "KES",
    "audit_days": 3,
    "daily_rate": 45000,
    "travel_cost": 15000,
    "valid_until": "2025-07-15"
}
POST /quotations/{id}/accept Accept quotation

Headers:

Authorization: Bearer {token}

Contracts

GET /contracts List contracts

Headers:

Authorization: Bearer {token}
POST /contracts Create contract

Request Body:

{
    "client_id": "uuid",
    "quotation_id": "uuid",
    "contract_number": "CT-2025-001",
    "start_date": "2025-07-01",
    "end_date": "2028-06-30",
    "auto_renew": false,
    "terms_and_conditions": "Standard terms apply..."
}
POST /contracts/{id}/sign Sign contract

Request Body:

{
    "signature_data": "base64_encoded_signature"
}

Module 3: Standards & Accreditation - Accreditations

GET /accreditations List accreditations

Headers:

Authorization: Bearer {token}
POST /accreditations Create accreditation

Request Body:

{
    "accreditation_body": "UKAS",
    "accreditation_number": "UKAS-001",
    "scope": "ISO 9001 Certification",
    "issue_date": "2024-01-01",
    "expiry_date": "2027-12-31",
    "status": "active"
}

Standards

GET /standards List standards

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
is_activebooleanFilter by active status
accreditation_idUUIDFilter by accreditation
POST /standards Create standard

Request Body:

{
    "accreditation_id": "uuid",
    "standard_code": "ISO 9001",
    "standard_name": "Quality Management Systems",
    "version": "2015",
    "description": "International standard for quality management",
    "is_active": true
}
GET /standards/{id}/clauses Get standard clauses

Headers:

Authorization: Bearer {token}

Standard Clauses

GET /standard-clauses List clauses

Headers:

Authorization: Bearer {token}
POST /standard-clauses Create clause

Request Body:

{
    "standard_id": "uuid",
    "clause_number": "4.1",
    "clause_title": "Understanding the organization",
    "clause_text": "The organization shall determine external and internal issues...",
    "requirement_level": "shall"
}

Module 4: Audit Management - Audit Schedules

GET /audit-schedules List audit schedules

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
statusstringscheduled, in_progress, completed, cancelled
audit_typestringinitial, surveillance, recertification, special
risk_levelstringlow, medium, high
client_idUUIDFilter by client
POST /audit-schedules Create audit schedule

Request Body:

{
    "client_id": "uuid",
    "site_id": "uuid",
    "contract_id": "uuid",
    "audit_type": "initial",
    "audit_stage": "stage1",
    "scheduled_start_date": "2025-07-15",
    "scheduled_end_date": "2025-07-17",
    "total_audit_days": 3,
    "risk_level": "medium",
    "status": "scheduled"
}
POST /audit-schedules/{id}/start Start audit

Headers:

Authorization: Bearer {token}

Response:

{
    "success": true,
    "message": "Audit started",
    "data": {
        "actual_start_date": "2025-07-15",
        "status": "in_progress"
    }
}
POST /audit-schedules/{id}/complete Complete audit

Headers:

Authorization: Bearer {token}

Request Body:

{
    "audit_report": "Summary of audit findings"
}
POST /audit-schedules/{id}/cancel Cancel audit

Request Body:

{
    "cancellation_reason": "Client requested postponement"
}

Audit Teams

GET /audit-teams List audit teams

Headers:

Authorization: Bearer {token}
POST /audit-teams Assign auditor to audit

Request Body:

{
    "audit_schedule_id": "uuid",
    "user_id": "uuid",
    "role": "lead_auditor",
    "is_lead": true
}

Audit Checklists

GET /audit-checklists List checklists

Headers:

Authorization: Bearer {token}
POST /audit-checklists Create checklist item

Request Body:

{
    "audit_schedule_id": "uuid",
    "clause_reference": "4.1",
    "clause_title": "Understanding the organization",
    "requirement": "Has the organization identified external and internal issues?",
    "auditor_finding": "Fully compliant",
    "rating": "compliant",
    "is_ok": true
}
PUT /audit-checklists/{id} Update checklist item

Request Body:

{
    "auditor_finding": "Non-compliance identified",
    "rating": "non_compliant",
    "is_ok": false
}

Audit Evidence

GET /audit-evidence List evidence

Headers:

Authorization: Bearer {token}
POST /audit-evidence Add evidence

Request Body:

{
    "audit_checklist_id": "uuid",
    "document_id": "uuid",
    "description": "Evidence of process implementation"
}

Module 5: Non-Conformity - Non-Conformities

GET /non-conformities List non-conformities

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
severitystringmajor, minor, observation, opportunity
statusstringopen, under_review, closed
audit_schedule_idUUIDFilter by audit
POST /non-conformities Create non-conformity

Request Body:

{
    "audit_schedule_id": "uuid",
    "nc_number": "NC-2025-001",
    "severity": "major",
    "description": "Documentation not available for review",
    "requirement_reference": "ISO 9001:2015 clause 7.5",
    "evidence": "No records found",
    "status": "open"
}
POST /non-conformities/{id}/close Close non-conformity

Headers:

Authorization: Bearer {token}

Response:

{
    "success": true,
    "message": "Non-conformity closed",
    "data": {
        "status": "closed",
        "closed_at": "2025-07-20 14:30:00"
    }
}

Corrective Actions

GET /corrective-actions List corrective actions

Headers:

Authorization: Bearer {token}
POST /corrective-actions Create corrective action

Request Body:

{
    "non_conformity_id": "uuid",
    "action_plan": "Update documentation and train staff",
    "responsible_person": "Quality Manager",
    "due_date": "2025-08-15"
}
POST /corrective-actions/{id}/verify Verify corrective action

Request Body:

{
    "verification_notes": "Action completed and verified effective",
    "evidence_document_id": "uuid"
}

Module 6: Certificate Management - Certificates

GET /certificates List certificates

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
statusstringactive, suspended, withdrawn, expired
client_idUUIDFilter by client
standard_idUUIDFilter by standard
POST /certificates Issue a certificate

Request Body:

{
    "client_id": "uuid",
    "audit_schedule_id": "uuid",
    "standard_id": "uuid",
    "certificate_number": "CERT-2025-001",
    "scope": "Manufacturing of industrial equipment",
    "issue_date": "2025-07-20",
    "expiry_date": "2028-07-19",
    "status": "active"
}
GET /certificates/verify/{number} Verify certificate by number

Public endpoint - No authentication required

Response:

{
    "success": true,
    "data": {
        "certificate_number": "CERT-2025-001",
        "client_name": "ABC Manufacturing Ltd",
        "standard": "ISO 9001:2015",
        "issue_date": "2025-07-20",
        "expiry_date": "2028-07-19",
        "status": "active",
        "is_valid": true
    }
}
POST /certificates/{id}/suspend Suspend certificate

Request Body:

{
    "suspension_reason": "Non-compliance found during surveillance"
}
POST /certificates/{id}/reinstate Reinstate certificate

Request Body:

{
    "reinstatement_reason": "Corrective actions completed"
}
POST /certificates/{id}/withdraw Withdraw certificate

Request Body:

{
    "withdrawal_reason": "Client requested voluntary withdrawal"
}

Certificate History

GET /certificate-history List certificate history

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
certificate_idUUIDFilter by certificate
actionstringissued, renewed, amended, suspended, reinstated, withdrawn

Module 7: Financial - Invoices

GET /invoices List invoices

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
statusstringissued, paid, overdue, cancelled
client_idUUIDFilter by client
POST /invoices Create invoice

Request Body:

{
    "client_id": "uuid",
    "contract_id": "uuid",
    "invoice_number": "INV-2025-001",
    "amount": 150000,
    "tax_amount": 24000,
    "total_amount": 174000,
    "currency": "KES",
    "issue_date": "2025-07-20",
    "due_date": "2025-08-19",
    "status": "issued"
}
POST /invoices/{id}/mark-paid Mark invoice as paid

Headers:

Authorization: Bearer {token}

Response:

{
    "success": true,
    "message": "Invoice marked as paid",
    "data": {
        "status": "paid",
        "paid_at": "2025-07-25 10:30:00"
    }
}

Payments

GET /payments List payments

Headers:

Authorization: Bearer {token}
POST /payments Record payment

Request Body:

{
    "invoice_id": "uuid",
    "payment_number": "PAY-2025-001",
    "amount": 174000,
    "payment_method": "bank_transfer",
    "transaction_id": "TRX123456",
    "payment_date": "2025-07-25",
    "notes": "Full payment received"
}

Module 8: Quality - Complaints

GET /complaints List complaints

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
statusstringopen, investigating, resolved, closed
complaint_typestringFilter by type
POST /complaints Create complaint

Request Body:

{
    "client_id": "uuid",
    "complaint_number": "CMP-2025-001",
    "complaint_type": "Service Quality",
    "description": "Client dissatisfied with audit response time",
    "received_date": "2025-07-20",
    "status": "open"
}
POST /complaints/{id}/resolve Resolve complaint

Request Body:

{
    "resolution": "Apology sent and process improved",
    "investigation_summary": "Found delay due to staff shortage"
}

Module 9: Training - Training Records

GET /training-records List training records

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
user_idUUIDFilter by user
statusstringcompleted, pending, expired
POST /training-records Create training record

Request Body:

{
    "user_id": "uuid",
    "course_name": "Lead Auditor Training",
    "provider": "IRCA",
    "completion_date": "2025-06-15",
    "expiry_date": "2028-06-14",
    "score": 92,
    "status": "completed",
    "certificate_url": "https://example.com/cert.pdf"
}

Auditor Competencies

GET /auditor-competencies List competencies

Headers:

Authorization: Bearer {token}
POST /auditor-competencies Create competency record

Request Body:

{
    "user_id": "uuid",
    "standard_id": "uuid",
    "competency_level": "lead",
    "assessment_date": "2025-06-15",
    "expiry_date": "2028-06-14",
    "notes": "Qualified for ISO 9001 lead audits"
}

Dashboard & Reports - Dashboard

GET /dashboard/stats Get dashboard statistics

Headers:

Authorization: Bearer {token}

Response:

{
    "success": true,
    "data": {
        "total_clients": 150,
        "active_certificates": 120,
        "upcoming_audits": 15,
        "open_non_conformities": 8,
        "expiring_certificates": 12,
        "outstanding_invoices": 250000
    }
}
GET /dashboard/recent-activities Get recent activities

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
limitintegerNumber of activities (default: 10, max: 50)
GET /dashboard/upcoming-audits Get upcoming audits

Headers:

Authorization: Bearer {token}
GET /dashboard/expiring-certificates Get expiring certificates

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
daysintegerDays to look ahead (default: 90)

Reports

GET /reports/audit-summary Get audit summary report

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
yearintegerYear for report (default: current year)
GET /reports/certificate-expiry Get certificate expiry report

Headers:

Authorization: Bearer {token}
GET /reports/financial Get financial report

Headers:

Authorization: Bearer {token}

Query Parameters:

ParameterTypeDescription
yearintegerYear for financial report (default: current year)
GET /reports/non-conformities Get non-conformity report

Headers:

Authorization: Bearer {token}

WebninjaAfrica Intact API Documentation - Version 1.0.0

Generated for Certification Management System | All 38 Tables | 150+ Endpoints

© 2025 WebninjaAfrica Intact Software System