API Overview
The JemetiOS API is a REST API over HTTPS, returning JSON. It powers the Workshop app and the Customer Portal, and is available for customer integrations.
Base URL
https://api.jemeti.app/v1
All endpoints are scoped to your workspace via your subdomain. Authentication carries your workspace identity through the request context.
Authentication
All API requests require a bearer token, issued at login from
/api/auth/login. Tokens are short-lived (configurable per tenant).
curl https://api.jemeti.app/v1/jobs \
-H "Authorization: Bearer $TOKEN"
For browser-based use, the Workshop app stores the token in an
httpOnly cookie (os_token, SameSite=Lax, 7-day expiry).
Workspaces
Workspaces are multi-tenant and isolated by Postgres row-level security. Each request is scoped to the calling tenant — you cannot read or write another tenant's data even with a valid token.
Feature gating
The platform ships a hierarchical feature flag system. Some
endpoints are gated by feature slug and only respond if your
subscription enables the feature. Disabled features return a 402 Payment Required response.
Core resources
The API is organized around these resources:
| Resource | Description |
|---|---|
/jobs | Job lifecycle — FSM-driven, intake through delivery. |
/jobs/dvi-inspections | Photo-backed vehicle inspections. |
/jobs/quotations | Quotes, line items, amendments. |
/jobs/{id}/payments | Job-side payments, invoices, credit notes. |
/crm/customers | Customer records. |
/crm/membership-plans | Loyalty / membership plans. |
/crm/appointments | Standalone booking. |
/vehicles/customer | Customer-owned vehicle records. |
/inventory/products | Parts catalog (weighted-average cost). |
/inventory/vendors | Vendor directory + ledger. |
/inventory/purchase-orders | PO state machine. |
/inventory/warranty | Warranty claim lifecycle. |
/sales | Sales orders. |
/sales/pos/checkout | Atomic POS checkout. |
/sales/invoices | Sales invoices + PDF. |
/sales/returns | Returns + restock. |
/staff/employees | Employee directory. |
/staff/attendance | Clock-in / clock-out (web + device). |
/staff/leave | Leave types, allotments, requests. |
/staff/payroll | Components, advances, salary sheets. |
/accounting/accounts | Chart of accounts. |
/accounting/journal | Manual journal entries. |
/accounting/reports/... | Trial balance, P&L. |
/users, /roles | User and role management. |
Customer portal
Customers access their data through a separate, OTP-authenticated
surface at /portal/*:
- OTP login (email or SMS).
- View their jobs, invoices, DVI reports.
- Approve / reject quotations and amendments.
- Submit satisfaction surveys.
Pagination
List endpoints accept ?page and ?per_page (max 100), returning a
meta.total_pages field.
Errors
Errors return a standard shape:
{
"error": {
"code": "not_found",
"message": "Job JOB_ID does not exist"
}
}
Common codes:
not_found— resource missing or not visible to your tenant.forbidden— role lacks the required permission.unauthorized— invalid / expired token.conflict— duplicate (e.g. email already exists).payment_required— feature gated by subscription.bad_request— validation error.
Rate limits
Per-tenant rate limits are enforced (login attempts, password reset
requests, etc.). Exceeded limits return 429 Too Many Requests.
See the user journey guide for end-to-end context.