How to use the API

Authenticate, call REST endpoints, and handle pagination and errors.

1. Authenticate

Obtain a JWT via the login endpoint (or complete Google OAuth). Send it on every request: Authorization: Bearer <token>. If using a non-subdomain tenant, also send X-Tenant-Id: <tenantId>.

2. Call endpoints

Base URL is your deployment (e.g. https://app.qerp.com). Use GET /api/{module}/{resource} for lists (always add ?page=1&pageSize=25), GET /api/{module}/{resource}/{id} for one record, POST to create, PUT to update, DELETE to delete. Actions use POST /api/{module}/{resource}/{id}/{action}.

3. Pagination and caching

List responses return data, totalCount, page, pageSize. Use If-None-Match: <etag> to get 304 when data is unchanged.

4. Error handling

On error, response body has status, message, and optional errors[]. Handle 401 (re-authenticate), 403 (insufficient permission), 404 (not found), 400 (validation).

API reference Permissions guide →