API Categories

OpenAPI Explorer

Auto-generated OpenAPI definition for all enabled modules.

Default server: https://milton2.stectus.com/api

Authentication & Accounts

Showing 20 of 34 endpoints

GET/auth/admin/nav

Auth required

Resolve backend chrome bootstrap payload

Returns the backend chrome payload available to the authenticated administrator after applying scope, RBAC, role defaults, and personal sidebar preferences.

Responses

200Backend chrome payload

Content-Type: application/json

{
  "groups": [
    {
      "name": "string",
      "items": [
        {
          "href": "string",
          "title": "string"
        }
      ]
    }
  ],
  "settingsSections": [
    {
      "id": "string",
      "label": "string",
      "items": [
        {
          "id": "string",
          "label": "string",
          "href": "string"
        }
      ]
    }
  ],
  "settingsPathPrefixes": [
    "string"
  ],
  "profileSections": [
    {
      "id": "string",
      "label": "string",
      "items": [
        {
          "id": "string",
          "label": "string",
          "href": "string"
        }
      ]
    }
  ],
  "profilePathPrefixes": [
    "string"
  ],
  "grantedFeatures": [
    "string"
  ],
  "roles": [
    "string"
  ]
}

Example

curl -X GET "https://milton2.stectus.com/api/auth/admin/nav" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/auth/feature-check

Auth required

Check feature grants for the current user

Evaluates which of the requested features are available to the signed-in user within the active tenant / organization context.

Request body (application/json)

{
  "features": [
    "string"
  ]
}

Responses

200Evaluation result

Content-Type: application/json

{
  "ok": true,
  "granted": [
    "string"
  ],
  "userId": "string"
}

400Invalid request — features array missing, too large, or contains invalid entries

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/auth/feature-check" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"features\": [
    \"string\"
  ]
}"

GET/auth/features

Auth requiredauth.acl.manage

List declared feature flags

Returns all static features contributed by the enabled modules along with their module source. Requires features: auth.acl.manage

Responses

200Aggregated feature catalog

Content-Type: application/json

{
  "items": [
    {
      "id": "string",
      "title": "string",
      "module": "string"
    }
  ],
  "modules": [
    {
      "id": "string",
      "title": "string"
    }
  ]
}

Example

curl -X GET "https://milton2.stectus.com/api/auth/features" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/auth/locale

Set locale and redirect

Stores the selected locale in a cookie and redirects to a safe local path.

Parameters

Name	In	Required	Schema	Description
locale	query	Yes	any	—
redirect	query	No	any	—

Responses

200Success response

Content-Type: application/json

"string"

302Locale cookie set and request redirected

Content-Type: application/json

"string"

400Invalid locale

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/auth/locale?locale=en" \
  -H "Accept: application/json"

POST/auth/locale

Set locale

Stores the selected locale in a cookie and returns a JSON success response.

Request body (application/json)

{
  "locale": "en"
}

Responses

200Locale cookie set

Content-Type: application/json

{
  "ok": true
}

400Invalid locale or malformed request body

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/auth/locale" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"locale\": \"en\"
}"

POST/auth/login

Authenticate user credentials

Validates the submitted credentials and issues a bearer token cookie for subsequent API calls.

Request body (application/x-www-form-urlencoded)

email=user%40example.com&password=string

Responses

200Authentication succeeded

Content-Type: application/json

{
  "ok": true,
  "token": "string",
  "redirect": null
}

400Validation failed

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

401Invalid credentials

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

403User lacks required role

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

429Too many login attempts

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/auth/login" \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "email=user%40example.com&password=string"

POST/auth/logout

Auth required

Invalidate session and redirect

Clears authentication cookies and redirects the browser to the login page.

Responses

201Success response

Content-Type: application/json

"string"

302Redirect to login after successful logout

Content-Type: text/html

string

Example

curl -X POST "https://milton2.stectus.com/api/auth/logout" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/auth/profile

Auth required

Get current profile

Returns the email address for the signed-in user.

Responses

200Profile payload

Content-Type: application/json

{
  "email": "[email protected]",
  "roles": [
    "string"
  ]
}

404User not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/auth/profile" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/auth/profile

Auth required

Update current profile

Updates the email address or password for the signed-in user.

Request body (application/json)

{}

Responses

200Profile updated

Content-Type: application/json

{
  "ok": true,
  "email": "[email protected]"
}

400Invalid payload

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://milton2.stectus.com/api/auth/profile" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{}"

POST/auth/reset

Send reset email

Requests a password reset email for the given account. The endpoint always returns `ok: true` to avoid leaking account existence.

Request body (application/x-www-form-urlencoded)

email=user%40example.com

Responses

200Reset email dispatched (or ignored for unknown accounts)

Content-Type: application/json

{
  "ok": true
}

400Invalid request origin

Content-Type: application/json

{
  "error": "string"
}

429Too many password reset requests

Content-Type: application/json

{
  "error": "string"
}

500Password reset email origin is not configured

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/auth/reset" \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "email=user%40example.com"

POST/auth/reset/confirm

Complete password reset

Validates the reset token and updates the user password.

Request body (application/x-www-form-urlencoded)

token=string&password=string

Responses

200Password reset succeeded

Content-Type: application/json

{
  "ok": true,
  "redirect": "string"
}

400Invalid token or payload

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

429Too many reset confirmation attempts

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/auth/reset/confirm" \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "token=string&password=string"

GET/auth/roles

Auth requiredauth.roles.list

List roles

Returns available roles within the current tenant. Super administrators receive visibility across tenants. Requires features: auth.roles.list

Parameters

Name	In	Required	Schema	Description
id	query	No	any	—
page	query	No	any	—
pageSize	query	No	any	—
search	query	No	any	—
tenantId	query	No	any	—

Responses

200Role collection

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": "string",
      "usersCount": 1,
      "tenantId": null,
      "tenantName": null,
      "updatedAt": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://milton2.stectus.com/api/auth/roles?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/auth/roles

Auth requiredauth.roles.manage

Create role

Creates a new role for the current tenant or globally when `tenantId` is omitted. Requires features: auth.roles.manage

Request body (application/json)

{
  "name": "string"
}

Responses

201Role created

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000"
}

400Invalid payload

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/auth/roles" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"name\": \"string\"
}"

PUT/auth/roles

Auth requiredauth.roles.manage

Update role

Updates mutable fields on an existing role. Requires features: auth.roles.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Role updated

Content-Type: application/json

{
  "ok": true
}

400Invalid payload

Content-Type: application/json

{
  "error": "string"
}

404Role not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://milton2.stectus.com/api/auth/roles" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

DELETE/auth/roles

Auth requiredauth.roles.manage

Delete role

Deletes a role by identifier. Fails when users remain assigned. Requires features: auth.roles.manage

Parameters

Name	In	Required	Schema	Description
id	query	Yes	any	Role identifier

Responses

200Role deleted

Content-Type: application/json

{
  "ok": true
}

400Role cannot be deleted

Content-Type: application/json

{
  "error": "string"
}

404Role not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://milton2.stectus.com/api/auth/roles?id=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/auth/roles/acl

Auth requiredauth.acl.manage

Fetch role ACL

Returns the feature and organization assignments associated with a role within the current tenant. Requires features: auth.acl.manage

Parameters

Name	In	Required	Schema	Description
roleId	query	Yes	any	—
tenantId	query	No	any	—

Responses

200Role ACL entry

Content-Type: application/json

{
  "isSuperAdmin": true,
  "features": [
    "string"
  ],
  "organizations": null,
  "updatedAt": null
}

400Invalid role id

Content-Type: application/json

{
  "error": "string"
}

404Role not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/auth/roles/acl?roleId=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/auth/roles/acl

Auth requiredauth.acl.manage

Update role ACL

Replaces the feature list, super admin flag, and optional organization assignments for a role. Requires features: auth.acl.manage

Request body (application/json)

{
  "roleId": "00000000-0000-4000-8000-000000000000",
  "organizations": null
}

Responses

200Role ACL updated

Content-Type: application/json

{
  "ok": true,
  "sanitized": true
}

400Invalid payload

Content-Type: application/json

{
  "error": "string"
}

404Role not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://milton2.stectus.com/api/auth/roles/acl" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"roleId\": \"00000000-0000-4000-8000-000000000000\",
  \"organizations\": null
}"

GET/auth/session/refresh

Refresh auth cookie from session token (browser)

Exchanges an existing `session_token` cookie for a fresh JWT auth cookie and redirects the browser.

Parameters

Name	In	Required	Schema	Description
redirect	query	No	any	Absolute or relative URL to redirect after refresh

Responses

200Success response

Content-Type: application/json

"string"

302Redirect to target location when session is valid

Content-Type: text/html

string

Example

curl -X GET "https://milton2.stectus.com/api/auth/session/refresh" \
  -H "Accept: application/json"

POST/auth/session/refresh

Refresh access token (API/mobile)

Exchanges a refresh token for a new JWT access token. Pass the refresh token obtained from login in the request body.

Request body (application/json)

{
  "refreshToken": "string"
}

Responses

200New access token issued

Content-Type: application/json

{
  "ok": true,
  "accessToken": "string",
  "expiresIn": 1
}

400Missing refresh token

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

401Invalid or expired token

Content-Type: application/json

{
  "ok": false,
  "error": "string"
}

429Too many refresh attempts

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/auth/session/refresh" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{
  \"refreshToken\": \"string\"
}"

GET/auth/sidebar/preferences

Auth required

Get sidebar preferences

Returns sidebar customization for the current user (default) or the specified role (`?roleId=…`, requires `auth.sidebar.manage`).

Responses

200Current sidebar configuration

Content-Type: application/json

{
  "locale": "string",
  "settings": {
    "version": 1,
    "groupOrder": [
      "string"
    ],
    "groupLabels": {
      "key": "string"
    },
    "itemLabels": {
      "key": "string"
    },
    "hiddenItems": [
      "string"
    ],
    "itemOrder": {
      "key": [
        "string"
      ]
    }
  },
  "canApplyToRoles": true,
  "roles": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": "string",
      "hasPreference": true
    }
  ],
  "scope": {
    "type": "user"
  },
  "updatedAt": null
}

403Missing features for role-scope read

Content-Type: application/json

{
  "error": "string"
}

404Role not found in current tenant scope

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/auth/sidebar/preferences" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Directory (Tenants & Organizations)

Showing 2 of 2 endpoints

GET/directory/organizations/lookup

Public organization lookup by slug

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/directory/organizations/lookup" \
  -H "Accept: application/json"

GET/directory/tenants/lookup

Public tenant lookup

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/directory/tenants/lookup" \
  -H "Accept: application/json"

API Documentation

Showing 1 of 1 endpoints

GET/version

Deployed Open Mercato version

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/version" \
  -H "Accept: application/json"

Audit & Action Logs

Showing 5 of 5 endpoints

GET/audit_logs/audit-logs/access

Auth requiredaudit_logs.view_self

Retrieve access logs

Fetches paginated access audit logs scoped to the authenticated user. Tenant administrators can optionally expand the search to other actors or organizations. Requires features: audit_logs.view_self

Parameters

Name	In	Required	Schema	Description
organizationId	query	No	any	Limit results to a specific organization
actorUserId	query	No	any	Filter by actor user id (tenant administrators only)
resourceKind	query	No	any	Restrict to a resource kind such as `order` or `product`
accessType	query	No	any	Access type filter, e.g. `read` or `export`
page	query	No	any	Page number (default 1)
pageSize	query	No	any	Page size (default 50)
limit	query	No	any	Explicit maximum number of records when paginating manually
before	query	No	any	Return logs created before this ISO-8601 timestamp
after	query	No	any	Return logs created after this ISO-8601 timestamp

Responses

200Access logs returned successfully

Content-Type: application/json

{
  "items": [
    {
      "id": "string",
      "resourceKind": "string",
      "resourceId": "string",
      "accessType": "string",
      "actorUserId": null,
      "actorUserName": null,
      "tenantId": null,
      "tenantName": null,
      "organizationId": null,
      "organizationName": null,
      "fields": [
        "string"
      ],
      "context": null,
      "createdAt": "string"
    }
  ],
  "canViewTenant": true,
  "page": 1,
  "pageSize": 1,
  "total": 1,
  "totalPages": 1
}

400Invalid filters supplied

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/audit_logs/audit-logs/access" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/audit_logs/audit-logs/actions

Auth requiredaudit_logs.view_self

Fetch action logs

Returns recent action audit log entries. Tenant administrators can widen the scope to other actors or organizations, and callers can optionally restrict results to undoable actions. Requires features: audit_logs.view_self

Parameters

Name	In	Required	Schema	Description
organizationId	query	No	any	Limit results to a specific organization
actorUserId	query	No	any	Filter logs created by specific actor IDs (tenant administrators only). Accepts a single UUID or a comma-separated UUID list.
resourceKind	query	No	any	Filter by resource kind (e.g., "order", "product")
resourceId	query	No	any	Filter by resource ID (UUID of the specific record)
actionType	query	No	any	Filter by action type (`create`, `edit`, `delete`, `assign`). Accepts a single value or a comma-separated list.
fieldName	query	No	any	Filter to entries where the given field changed. Accepts a single field name or a comma-separated list.
includeRelated	query	No	any	When `true`, also returns changes to child entities linked via parentResourceKind/parentResourceId
includeTotal	query	No	any	When `true`, the response includes the filtered total count.
undoableOnly	query	No	any	When `true`, only undoable actions are returned
limit	query	No	any	Maximum number of records to return (default 50, max 1000)
offset	query	No	any	Zero-based record offset for pagination (legacy — prefer page/pageSize)
page	query	No	any	Page number (default 1)
pageSize	query	No	any	Page size (default 50, max 200)
sortField	query	No	any	Sort field: `createdAt`, `user`, `action`, `field`, or `source`.
sortDir	query	No	any	Sort direction: `asc` or `desc`.
before	query	No	any	Return actions created before this ISO-8601 timestamp
after	query	No	any	Return actions created after this ISO-8601 timestamp

Responses

200Action logs retrieved successfully

Content-Type: application/json

{
  "items": [
    {
      "id": "string",
      "commandId": "string",
      "actionLabel": null,
      "executionState": "done",
      "actorUserId": null,
      "actorUserName": null,
      "tenantId": null,
      "tenantName": null,
      "organizationId": null,
      "organizationName": null,
      "resourceKind": null,
      "resourceId": null,
      "parentResourceKind": null,
      "parentResourceId": null,
      "undoToken": null,
      "createdAt": "string",
      "updatedAt": "string",
      "snapshotBefore": null,
      "snapshotAfter": null,
      "changes": null,
      "context": null
    }
  ],
  "canViewTenant": true,
  "page": 1,
  "pageSize": 1,
  "total": 1,
  "totalPages": 1
}

400Invalid filter values

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/audit_logs/audit-logs/actions?includeRelated=false&includeTotal=false&undoableOnly=false" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/audit_logs/audit-logs/actions/export

Auth requiredaudit_logs.view_self

Export action logs as CSV

Returns a CSV attachment containing filtered action audit log entries. Tenant administrators can widen the scope to other actors or organizations. Requires features: audit_logs.view_self

Parameters

Name	In	Required	Schema	Description
organizationId	query	No	any	Limit results to a specific organization
actorUserId	query	No	any	Filter logs created by specific actor IDs (tenant administrators only). Accepts a single UUID or a comma-separated UUID list.
resourceKind	query	No	any	Filter by resource kind (e.g., "order", "product")
resourceId	query	No	any	Filter by resource ID (UUID of the specific record)
actionType	query	No	any	Filter by action type (`create`, `edit`, `delete`, `assign`). Accepts a single value or a comma-separated list.
fieldName	query	No	any	Filter to entries where the given field changed. Accepts a single field name or a comma-separated list.
includeRelated	query	No	any	When `true`, also returns changes to child entities linked via parentResourceKind/parentResourceId
undoableOnly	query	No	any	When `true`, only undoable actions are returned
limit	query	No	any	Maximum number of records to export (default 1000, capped at 1000)
sortField	query	No	any	Sort field: `createdAt`, `user`, `action`, `field`, or `source`.
sortDir	query	No	any	Sort direction: `asc` or `desc`.
before	query	No	any	Return actions created before this ISO-8601 timestamp
after	query	No	any	Return actions created after this ISO-8601 timestamp

Responses

200CSV export generated successfully

Content-Type: application/json

{
  "file": "csv"
}

400Invalid filter values

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/audit_logs/audit-logs/actions/export?includeRelated=false&undoableOnly=false" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/audit_logs/audit-logs/actions/redo

Auth requiredaudit_logs.redo_self

Redo by action log id

Redoes the latest undone command owned by the caller. Requires the action to still be eligible for redo within tenant and organization scope. Requires features: audit_logs.redo_self

Request body (application/json)

{
  "logId": "string"
}

Responses

200Redo executed successfully

Content-Type: application/json

{
  "ok": true,
  "logId": null,
  "undoToken": null
}

400Log not eligible for redo

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/audit_logs/audit-logs/actions/redo" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"logId\": \"string\"
}"

POST/audit_logs/audit-logs/actions/undo

Auth requiredaudit_logs.undo_self

Undo action by token

Replays the undo handler registered for a command. The provided undo token must match the latest undoable log entry accessible to the caller. Requires features: audit_logs.undo_self

Request body (application/json)

{
  "undoToken": "string"
}

Responses

200Undo applied successfully

Content-Type: application/json

{
  "ok": true,
  "logId": "string"
}

400Invalid or unavailable undo token

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/audit_logs/audit-logs/actions/undo" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"undoToken\": \"string\"
}"

Notifications

Showing 13 of 13 endpoints

GET/notifications

Auth required

List notifications

Returns a paginated collection of notifications.

Parameters

Name	In	Required	Schema	Description
status	query	No	any	—
type	query	No	any	—
severity	query	No	any	—
sourceEntityType	query	No	any	—
sourceEntityId	query	No	any	—
since	query	No	any	—
page	query	No	any	—
pageSize	query	No	any	—
ids	query	No	any	Comma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated notifications

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "type": "string",
      "title": "string",
      "body": null,
      "titleKey": null,
      "bodyKey": null,
      "titleVariables": null,
      "bodyVariables": null,
      "icon": null,
      "severity": "string",
      "status": "string",
      "actions": [
        {
          "id": "string",
          "label": "string"
        }
      ],
      "sourceModule": null,
      "sourceEntityType": null,
      "sourceEntityId": null,
      "linkHref": null,
      "createdAt": "string",
      "readAt": null,
      "actionTaken": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}

Example

curl -X GET "https://milton2.stectus.com/api/notifications?page=1&pageSize=20" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/notifications

Auth requirednotifications.create

Create notification

Creates a notification for a user. Requires features: notifications.create

Request body (application/json)

{
  "type": "string",
  "severity": "info",
  "recipientUserId": "00000000-0000-4000-8000-000000000000"
}

Responses

201Notification created

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Example

curl -X POST "https://milton2.stectus.com/api/notifications" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"type\": \"string\",
  \"severity\": \"info\",
  \"recipientUserId\": \"00000000-0000-4000-8000-000000000000\"
}"

POST/notifications/{id}/action

Auth required

POST /notifications/{id}/action

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://milton2.stectus.com/api/notifications/:id/action" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/notifications/{id}/dismiss

Auth required

PUT /notifications/{id}/dismiss

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PUT "https://milton2.stectus.com/api/notifications/:id/dismiss" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/notifications/{id}/read

Auth required

PUT /notifications/{id}/read

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PUT "https://milton2.stectus.com/api/notifications/:id/read" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/notifications/{id}/restore

Auth required

PUT /notifications/{id}/restore

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PUT "https://milton2.stectus.com/api/notifications/:id/restore" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/notifications/batch

Auth requirednotifications.create

POST /notifications/batch

Requires features: notifications.create

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://milton2.stectus.com/api/notifications/batch" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/notifications/feature

Auth requirednotifications.create

POST /notifications/feature

Requires features: notifications.create

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://milton2.stectus.com/api/notifications/feature" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/notifications/mark-all-read

Auth required

PUT /notifications/mark-all-read

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PUT "https://milton2.stectus.com/api/notifications/mark-all-read" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/notifications/role

Auth requirednotifications.create

POST /notifications/role

Requires features: notifications.create

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://milton2.stectus.com/api/notifications/role" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/notifications/settings

Auth requirednotifications.manage

GET /notifications/settings

Requires features: notifications.manage

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/notifications/settings" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/notifications/settings

Auth requirednotifications.manage

POST /notifications/settings

Requires features: notifications.manage

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://milton2.stectus.com/api/notifications/settings" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/notifications/unread-count

Auth required

GET /notifications/unread-count

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/notifications/unread-count" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Events

Showing 2 of 2 endpoints

GET/events

Auth required

List declared events

Returns every declared event. Filters: category, module, excludeTriggerExcluded (default true).

Responses

200Declared events

Content-Type: application/json

{
  "data": [
    {
      "id": "string",
      "label": "string"
    }
  ],
  "total": 1
}

Example

curl -X GET "https://milton2.stectus.com/api/events" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/events/stream

Auth required

GET /events/stream

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/events/stream" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Customer Relationship Management

Showing 2 of 2 endpoints

POST/customers/deals/bulk-update-owner

Auth requiredcustomers.deals.manage

Bulk reassign deal owner

Queues a background job that reassigns the listed deals to a new owner (or clears the owner when null). Requires features: customers.deals.manage

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://milton2.stectus.com/api/customers/deals/bulk-update-owner" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/customers/deals/bulk-update-stage

Auth requiredcustomers.deals.manage

Bulk update deal pipeline stage

Queues a background job that moves the listed deals to the same pipeline stage. Returns a progress job id to poll for completion. Requires features: customers.deals.manage

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://milton2.stectus.com/api/customers/deals/bulk-update-stage" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Feature Toggles

Showing 12 of 12 endpoints

GET/feature_toggles/check/boolean

Auth required

Check if feature is enabled

Checks if a feature toggle is enabled for the current context.

Parameters

Name	In	Required	Schema	Description
identifier	query	Yes	any	Feature toggle identifier

Responses

200Feature status

Content-Type: application/json

{
  "enabled": true,
  "source": "override",
  "toggleId": "string",
  "identifier": "string",
  "tenantId": "string"
}

400Bad Request

Content-Type: application/json

{
  "error": "string"
}

404Tenant not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/feature_toggles/check/boolean?identifier=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/check/json

Auth required

Get json config

Gets the json configuration for a feature toggle.

Parameters

Name	In	Required	Schema	Description
identifier	query	Yes	any	Feature toggle identifier

Responses

200Json config

Content-Type: application/json

{
  "valueType": "json",
  "source": "override",
  "toggleId": "string",
  "identifier": "string",
  "tenantId": "string"
}

400Bad Request

Content-Type: application/json

{
  "error": "string"
}

404Tenant not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/feature_toggles/check/json?identifier=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/check/number

Auth required

Get number config

Gets the number configuration for a feature toggle.

Parameters

Name	In	Required	Schema	Description
identifier	query	Yes	any	Feature toggle identifier

Responses

200Number config

Content-Type: application/json

{
  "valueType": "number",
  "value": 1,
  "source": "override",
  "toggleId": "string",
  "identifier": "string",
  "tenantId": "string"
}

400Bad Request

Content-Type: application/json

{
  "error": "string"
}

404Tenant not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/feature_toggles/check/number?identifier=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/check/string

Auth required

Get string config

Gets the string configuration for a feature toggle.

Parameters

Name	In	Required	Schema	Description
identifier	query	Yes	any	Feature toggle identifier

Responses

200String config

Content-Type: application/json

{
  "valueType": "string",
  "value": "string",
  "source": "override",
  "toggleId": "string",
  "identifier": "string",
  "tenantId": "string"
}

400Bad Request

Content-Type: application/json

{
  "error": "string"
}

404Tenant not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/feature_toggles/check/string?identifier=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/global

Auth requiredfeature_toggles.view

List global feature toggles

Returns all global feature toggles with filtering and pagination. Requires superadmin role. Requires features: feature_toggles.view

Parameters

Name	In	Required	Schema	Description
page	query	No	any	Page number for pagination
pageSize	query	No	any	Number of items per page (max 200)
search	query	No	any	Case-insensitive search across identifier, name, description, and category
type	query	No	any	Filter by toggle type (boolean, string, number, json)
category	query	No	any	Filter by category (case-insensitive partial match)
name	query	No	any	Filter by name (case-insensitive partial match)
identifier	query	No	any	Filter by identifier (case-insensitive partial match)
sortField	query	No	any	Field to sort by
sortDir	query	No	any	Sort direction (ascending or descending)

Responses

200Feature toggles collection

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "identifier": "string",
      "name": "string",
      "description": null,
      "category": null,
      "type": "boolean",
      "defaultValue": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}

400Invalid query parameters

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/feature_toggles/global?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/feature_toggles/global

Auth requiredfeature_toggles.global.manage

Create global feature toggle

Creates a new global feature toggle. Requires superadmin role. Requires features: feature_toggles.global.manage

Request body (application/json)

{
  "identifier": "string",
  "name": "string",
  "description": null,
  "category": null,
  "type": "boolean",
  "defaultValue": null
}

Responses

201Feature toggle created

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000"
}

400Invalid payload

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/feature_toggles/global" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"identifier\": \"string\",
  \"name\": \"string\",
  \"description\": null,
  \"category\": null,
  \"type\": \"boolean\",
  \"defaultValue\": null
}"

PUT/feature_toggles/global

Auth requiredfeature_toggles.global.manage

Update global feature toggle

Updates an existing global feature toggle. Requires superadmin role. Requires features: feature_toggles.global.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "description": null,
  "category": null,
  "defaultValue": null
}

Responses

200Feature toggle updated

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000"
}

400Invalid payload

Content-Type: application/json

{
  "error": "string"
}

404Feature toggle not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://milton2.stectus.com/api/feature_toggles/global" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"description\": null,
  \"category\": null,
  \"defaultValue\": null
}"

DELETE/feature_toggles/global

Auth requiredfeature_toggles.global.manage

Delete global feature toggle

Soft deletes a global feature toggle by ID. Requires superadmin role. Requires features: feature_toggles.global.manage

Parameters

Name	In	Required	Schema	Description
id	query	Yes	any	Feature toggle identifier

Responses

200Feature toggle deleted

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000"
}

400Invalid identifier

Content-Type: application/json

{
  "error": "string"
}

404Feature toggle not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://milton2.stectus.com/api/feature_toggles/global?id=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/global/{id}

Auth requiredfeature_toggles.view

Fetch feature toggle by ID

Returns complete details of a feature toggle. Requires features: feature_toggles.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Feature toggle detail

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "identifier": "string",
  "name": "string",
  "description": null,
  "category": null,
  "type": "boolean",
  "defaultValue": null
}

400Invalid identifier

Content-Type: application/json

{
  "error": "string"
}

404Feature toggle not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/feature_toggles/global/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/global/{id}/override

Auth requiredfeature_toggles.view

Fetch feature toggle override

Returns feature toggle override. Requires features: feature_toggles.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Feature toggle overrides

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "tenantName": "string",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "toggleType": "boolean",
  "updatedAt": null
}

400Invalid request

Content-Type: application/json

{
  "error": "string"
}

404Feature toggle not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/feature_toggles/global/:id/override" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/feature_toggles/overrides

Auth requiredfeature_toggles.view

List overrides

Returns list of feature toggle overrides. Requires features: feature_toggles.view

Parameters

Name	In	Required	Schema	Description
category	query	No	any	—
name	query	No	any	—
identifier	query	No	any	—
sortField	query	No	any	—
sortDir	query	No	any	—
page	query	No	any	—
pageSize	query	No	any	—

Responses

200List of overrides

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "toggleId": "00000000-0000-4000-8000-000000000000",
      "overrideState": "enabled",
      "identifier": "string",
      "name": "string",
      "category": null,
      "defaultState": true,
      "tenantName": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1,
  "isSuperAdmin": true
}

400Invalid query parameters

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/feature_toggles/overrides?page=1&pageSize=25" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/feature_toggles/overrides

Auth requiredfeature_toggles.manage

Change override state

Enable, disable or inherit a feature toggle for a specific tenant. Requires features: feature_toggles.manage

Request body (application/json)

{
  "toggleId": "00000000-0000-4000-8000-000000000000",
  "isOverride": true
}

Responses

200Override updated

Content-Type: application/json

{
  "ok": true,
  "overrideToggleId": null
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

404Not found

Content-Type: application/json

{
  "error": "string"
}

500Internal server error

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://milton2.stectus.com/api/feature_toggles/overrides" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"toggleId\": \"00000000-0000-4000-8000-000000000000\",
  \"isOverride\": true
}"

Magazyn

Showing 14 of 14 endpoints

GET/warehouse/analytics

Auth requiredmagazyn.analytics

GET /warehouse/analytics

Requires features: magazyn.analytics

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/warehouse/analytics" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/warehouse/bdo

Auth requiredmagazyn.bdo_report

GET /warehouse/bdo

Requires features: magazyn.bdo_report

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/warehouse/bdo" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/warehouse/customer-profiles

Auth requiredmagazyn.customer_profiles

GET /warehouse/customer-profiles

Requires features: magazyn.customer_profiles

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/warehouse/customer-profiles" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/warehouse/customer-profiles

Auth requiredmagazyn.customer_profiles

POST /warehouse/customer-profiles

Requires features: magazyn.customer_profiles

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://milton2.stectus.com/api/warehouse/customer-profiles" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/warehouse/customer-profiles

Auth requiredmagazyn.customer_profiles

PUT /warehouse/customer-profiles

Requires features: magazyn.customer_profiles

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PUT "https://milton2.stectus.com/api/warehouse/customer-profiles" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/warehouse/forecast

Auth requiredmagazyn.forecast

GET /warehouse/forecast

Requires features: magazyn.forecast

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/warehouse/forecast" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/warehouse/orders

Auth requiredmagazyn.orders

GET /warehouse/orders

Requires features: magazyn.orders

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/warehouse/orders" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/warehouse/orders

Auth requiredmagazyn.orders

POST /warehouse/orders

Requires features: magazyn.orders

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://milton2.stectus.com/api/warehouse/orders" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/warehouse/orders/{id}

Auth requiredmagazyn.orders.detail

GET /warehouse/orders/{id}

Requires features: magazyn.orders.detail

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/warehouse/orders/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PATCH/warehouse/orders/{id}/status

Auth requiredmagazyn.orders.detail

PATCH /warehouse/orders/{id}/status

Requires features: magazyn.orders.detail

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PATCH "https://milton2.stectus.com/api/warehouse/orders/:id/status" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/warehouse/packing

Auth requiredmagazyn.packing

GET /warehouse/packing

Requires features: magazyn.packing

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/warehouse/packing" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/warehouse/products

Auth requiredmagazyn.products

GET /warehouse/products

Requires features: magazyn.products

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/warehouse/products" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/warehouse/products

Auth requiredmagazyn.products

POST /warehouse/products

Requires features: magazyn.products

Responses

201Success response

Content-Type: application/json

"string"

Example

curl -X POST "https://milton2.stectus.com/api/warehouse/products" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/warehouse/products

Auth requiredmagazyn.products

PUT /warehouse/products

Requires features: magazyn.products

Responses

200Success response

Content-Type: application/json

"string"

Example

curl -X PUT "https://milton2.stectus.com/api/warehouse/products" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Auth

Showing 1 of 1 endpoints

GET/auth/users/consents

Auth requiredauth.users.edit

List user consents

Returns all consent records for a given user, with integrity verification status. Requires features: auth.users.edit

Parameters

Name	In	Required	Schema	Description
userId	query	Yes	any	—

Responses

200Consent list returned

Content-Type: application/json

"string"

Example

curl -X GET "https://milton2.stectus.com/api/auth/users/consents?userId=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Configs

Showing 6 of 6 endpoints

GET/configs/cache

Auth requiredconfigs.cache.view

Get cache statistics

Returns detailed cache statistics including total entries and breakdown by cache segments. Requires cache service to be available. Requires features: configs.cache.view

Responses

200Cache statistics

Content-Type: application/json

{
  "generatedAt": "string",
  "totalKeys": 1,
  "segments": [
    {
      "segment": "string",
      "resource": null,
      "method": null,
      "path": null,
      "keyCount": 1,
      "keys": [
        "string"
      ]
    }
  ]
}

500Failed to resolve cache stats

Content-Type: application/json

{
  "error": "string"
}

503Cache service unavailable

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/configs/cache" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/configs/cache

Auth requiredconfigs.cache.manage

Purge cache

Purges cache entries. Supports two actions: purgeAll (clears entire cache) or purgeSegment (clears specific segment). Returns updated cache statistics after purge. Requires features: configs.cache.manage

Request body (application/json)

{
  "action": "purgeAll"
}

Responses

200Cache segment cleared successfully

Content-Type: application/json

{
  "action": "purgeSegment",
  "segment": "string",
  "deleted": 1,
  "stats": {
    "generatedAt": "string",
    "totalKeys": 1,
    "segments": [
      {
        "segment": "string",
        "resource": null,
        "method": null,
        "path": null,
        "keyCount": 1,
        "keys": [
          "string"
        ]
      }
    ]
  }
}

400Invalid request - missing segment identifier for purgeSegment action

Content-Type: application/json

{
  "error": "string"
}

500Failed to purge cache

Content-Type: application/json

{
  "error": "string"
}

503Cache service unavailable

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/configs/cache" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"action\": \"purgeAll\"
}"

GET/configs/system-status

Auth requiredconfigs.system_status.view

Get system health status

Returns comprehensive system health information including environment details, version, resource usage, and service connectivity status. Requires features: configs.system_status.view

Responses

200System status snapshot

Content-Type: application/json

{
  "generatedAt": "string",
  "runtimeMode": "development",
  "categories": [
    {
      "key": "profiling",
      "labelKey": "string",
      "descriptionKey": null,
      "items": [
        {
          "key": "string",
          "category": "profiling",
          "kind": "boolean",
          "labelKey": "string",
          "descriptionKey": "string",
          "docUrl": null,
          "defaultValue": null,
          "state": "enabled",
          "value": null,
          "normalizedValue": null
        }
      ]
    }
  ]
}

500Failed to load system status

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/configs/system-status" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/configs/system-status

Auth requiredconfigs.manage

Clear system cache

Purges the entire cache for the current tenant. Useful for troubleshooting or forcing fresh data loading. Requires features: configs.manage

Responses

200Cache cleared successfully

Content-Type: application/json

{
  "cleared": true
}

500Failed to purge cache

Content-Type: application/json

{
  "error": "string"
}

503Cache service unavailable

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/configs/system-status" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/configs/upgrade-actions

Auth requiredconfigs.manage

List pending upgrade actions

Returns a list of pending upgrade actions for the current version. These are one-time setup tasks that need to be executed after upgrading to a new version. Requires organization and tenant context. Requires features: configs.manage

Responses

200List of pending upgrade actions

Content-Type: application/json

{
  "version": "string",
  "actions": [
    {
      "id": "string",
      "version": "string",
      "message": "string",
      "ctaLabel": "string",
      "successMessage": "string",
      "loadingLabel": "string"
    }
  ]
}

400Missing organization or tenant context

Content-Type: application/json

{
  "error": "string"
}

500Failed to load upgrade actions

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/configs/upgrade-actions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/configs/upgrade-actions

Auth requiredconfigs.manage

Execute upgrade action

Executes a specific upgrade action by ID. Typically used for one-time setup tasks like seeding example data after version upgrade. Returns execution status and localized success message. Requires features: configs.manage

Request body (application/json)

{
  "actionId": "string"
}

Responses

200Upgrade action executed successfully

Content-Type: application/json

{
  "status": "string",
  "message": "string",
  "version": "string"
}

400Invalid request body or missing context

Content-Type: application/json

{
  "error": "string"
}

500Failed to execute upgrade action

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/configs/upgrade-actions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"actionId\": \"string\"
}"

Customers

Showing 20 of 99 endpoints

GET/customers/activities

Auth requiredcustomers.activities.view

List activitys

Returns a paginated collection of activitys scoped to the authenticated organization. Requires features: customers.activities.view

Parameters

Name	In	Required	Schema	Description
page	query	No	any	—
pageSize	query	No	any	—
entityId	query	No	any	—
dealId	query	No	any	—
activityType	query	No	any	—
sortField	query	No	any	—
sortDir	query	No	any	—
ids	query	No	any	Comma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated activitys

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "activityType": "string",
      "subject": null,
      "body": null,
      "occurredAt": null,
      "createdAt": "string",
      "appearanceIcon": null,
      "appearanceColor": null,
      "entityId": null,
      "authorUserId": null,
      "authorName": null,
      "authorEmail": null,
      "dealId": null,
      "dealTitle": null,
      "customValues": null,
      "activityTypeLabel": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://milton2.stectus.com/api/customers/activities?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/customers/activities

Auth requiredcustomers.activities.manage

Create activity

DEPRECATED (sunset 2026-06-30): Creates a timeline activity. Use POST /api/customers/interactions instead. Requires features: customers.activities.manage

Request body (application/json)

{
  "entityId": "00000000-0000-4000-8000-000000000000",
  "activityType": "string",
  "phoneNumber": null,
  "appearanceIcon": null,
  "appearanceColor": null
}

Responses

201Activity created

Content-Type: application/json

{
  "id": null
}

Example

curl -X POST "https://milton2.stectus.com/api/customers/activities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"00000000-0000-4000-8000-000000000000\",
  \"activityType\": \"string\",
  \"phoneNumber\": null,
  \"appearanceIcon\": null,
  \"appearanceColor\": null
}"

PUT/customers/activities

Auth requiredcustomers.activities.manage

Update activity

DEPRECATED (sunset 2026-06-30): Updates an activity. Use PUT /api/customers/interactions instead. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "phoneNumber": null,
  "appearanceIcon": null,
  "appearanceColor": null
}

Responses

200Activity updated

Content-Type: application/json

{
  "ok": true
}

Example

curl -X PUT "https://milton2.stectus.com/api/customers/activities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"phoneNumber\": null,
  \"appearanceIcon\": null,
  \"appearanceColor\": null
}"

DELETE/customers/activities

Auth requiredcustomers.activities.manage

Delete activity

DEPRECATED (sunset 2026-06-30): Deletes an activity. Use DELETE /api/customers/interactions instead. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Activity deleted

Content-Type: application/json

{
  "ok": true
}

Example

curl -X DELETE "https://milton2.stectus.com/api/customers/activities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

GET/customers/addresses

Auth requiredcustomers.activities.view

List addresss

Returns a paginated collection of addresss scoped to the authenticated organization. Requires features: customers.activities.view

Parameters

Name	In	Required	Schema	Description
page	query	No	any	—
pageSize	query	No	any	—
entityId	query	No	any	—
id	query	No	any	—
sortField	query	No	any	—
sortDir	query	No	any	—
ids	query	No	any	Comma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated addresss

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "entity_id": "00000000-0000-4000-8000-000000000000",
      "name": null,
      "purpose": null,
      "company_name": null,
      "address_line1": null,
      "address_line2": null,
      "building_number": null,
      "flat_number": null,
      "city": null,
      "region": null,
      "postal_code": null,
      "country": null,
      "latitude": null,
      "longitude": null,
      "is_primary": null,
      "organization_id": null,
      "tenant_id": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://milton2.stectus.com/api/customers/addresses?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/customers/addresses

Auth requiredcustomers.activities.manage

Create address

Creates a customer address record and associates it with the referenced entity. Requires features: customers.activities.manage

Request body (application/json)

{
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "entityId": "00000000-0000-4000-8000-000000000000",
  "addressLine1": "string"
}

Responses

201Address created

Content-Type: application/json

{
  "id": null
}

Example

curl -X POST "https://milton2.stectus.com/api/customers/addresses" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"organizationId\": \"00000000-0000-4000-8000-000000000000\",
  \"tenantId\": \"00000000-0000-4000-8000-000000000000\",
  \"entityId\": \"00000000-0000-4000-8000-000000000000\",
  \"addressLine1\": \"string\"
}"

PUT/customers/addresses

Auth requiredcustomers.activities.manage

Update address

Updates fields on an existing customer address. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Address updated

Content-Type: application/json

{
  "ok": true
}

Example

curl -X PUT "https://milton2.stectus.com/api/customers/addresses" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

DELETE/customers/addresses

Auth requiredcustomers.activities.manage

Delete address

Deletes an address by id. The identifier may be included in the body or query. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Address deleted

Content-Type: application/json

{
  "ok": true
}

Example

curl -X DELETE "https://milton2.stectus.com/api/customers/addresses" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

GET/customers/assignable-staff

Auth requiredcustomers.roles.view

DEPRECATED: use GET /api/staff/team-members/assignable instead.

Deprecated. Returns 308 Permanent Redirect to /api/staff/team-members/assignable preserving the query string. Will be removed no earlier than the next major release. Requires features: customers.roles.view

Parameters

Name	In	Required	Schema	Description
page	query	No	any	—
pageSize	query	No	any	—
search	query	No	any	—

Responses

200Assignable staff members (only reachable by following the redirect).

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "teamMemberId": "00000000-0000-4000-8000-000000000000",
      "userId": "00000000-0000-4000-8000-000000000000",
      "displayName": "string",
      "email": null,
      "teamName": null,
      "user": null,
      "team": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

308Permanent redirect to /api/staff/team-members/assignable.

Content-Type: application/json

{
  "error": "string"
}

400Invalid request

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/customers/assignable-staff?page=1&pageSize=24" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/customers/comments

Auth requiredcustomers.activities.view

List comments

Returns a paginated collection of comments scoped to the authenticated organization. Requires features: customers.activities.view

Parameters

Name	In	Required	Schema	Description
page	query	No	any	—
pageSize	query	No	any	—
entityId	query	No	any	—
dealId	query	No	any	—
sortField	query	No	any	—
sortDir	query	No	any	—
ids	query	No	any	Comma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated comments

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "entity_id": null,
      "deal_id": null,
      "body": null,
      "author_user_id": null,
      "appearance_icon": null,
      "appearance_color": null,
      "organization_id": null,
      "tenant_id": null,
      "created_at": null,
      "updated_at": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://milton2.stectus.com/api/customers/comments?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/customers/comments

Auth requiredcustomers.activities.manage

Create comment

Adds a comment to a customer timeline. Requires features: customers.activities.manage

Request body (application/json)

{
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "entityId": "00000000-0000-4000-8000-000000000000",
  "body": "string",
  "appearanceIcon": null,
  "appearanceColor": null
}

Responses

201Comment created

Content-Type: application/json

{
  "id": null,
  "authorUserId": null
}

Example

curl -X POST "https://milton2.stectus.com/api/customers/comments" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"organizationId\": \"00000000-0000-4000-8000-000000000000\",
  \"tenantId\": \"00000000-0000-4000-8000-000000000000\",
  \"entityId\": \"00000000-0000-4000-8000-000000000000\",
  \"body\": \"string\",
  \"appearanceIcon\": null,
  \"appearanceColor\": null
}"

PUT/customers/comments

Auth requiredcustomers.activities.manage

Update comment

Updates an existing timeline comment. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "appearanceIcon": null,
  "appearanceColor": null
}

Responses

200Comment updated

Content-Type: application/json

{
  "ok": true
}

Example

curl -X PUT "https://milton2.stectus.com/api/customers/comments" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"appearanceIcon\": null,
  \"appearanceColor\": null
}"

DELETE/customers/comments

Auth requiredcustomers.activities.manage

Delete comment

Deletes a comment identified by `id` supplied via body or query string. Requires features: customers.activities.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Comment deleted

Content-Type: application/json

{
  "ok": true
}

Example

curl -X DELETE "https://milton2.stectus.com/api/customers/comments" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

GET/customers/companies

Auth requiredcustomers.companies.view

List companies

Returns a paginated collection of companies scoped to the authenticated organization. Requires features: customers.companies.view

Parameters

Name	In	Required	Schema	Description
page	query	No	any	—
pageSize	query	No	any	—
search	query	No	any	—
email	query	No	any	—
emailStartsWith	query	No	any	—
emailContains	query	No	any	—
sortField	query	No	any	—
sortDir	query	No	any	—
status	query	No	any	—
lifecycleStage	query	No	any	—
source	query	No	any	—
hasEmail	query	No	any	—
hasPhone	query	No	any	—
hasNextInteraction	query	No	any	—
createdFrom	query	No	any	—
createdTo	query	No	any	—
id	query	No	any	—
tagIds	query	No	any	—
tagIdsEmpty	query	No	any	—
excludeIds	query	No	any	—
excludeLinkedPersonId	query	No	any	—
excludeLinkedCompanyId	query	No	any	—
excludeLinkedDealId	query	No	any	—
ids	query	No	any	Comma-separated list of record UUIDs to filter by (max 200).

Responses

200Paginated companies

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "description": null,
      "owner_user_id": null,
      "primary_email": null,
      "primary_phone": null,
      "status": null,
      "lifecycle_stage": null,
      "source": null,
      "next_interaction_at": null,
      "next_interaction_name": null,
      "next_interaction_ref_id": null,
      "next_interaction_icon": null,
      "next_interaction_color": null,
      "organization_id": null,
      "tenant_id": null,
      "created_at": null
    }
  ],
  "total": 1,
  "totalPages": 1
}

Example

curl -X GET "https://milton2.stectus.com/api/customers/companies?page=1&pageSize=50" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/customers/companies

Auth requiredcustomers.companies.manage

Create company

Creates a company record and associated profile data. Requires features: customers.companies.manage

Request body (application/json)

{
  "organizationId": "00000000-0000-4000-8000-000000000000",
  "tenantId": "00000000-0000-4000-8000-000000000000",
  "displayName": "string",
  "primaryEmail": null,
  "primaryPhone": null,
  "nextInteraction": null,
  "domain": null,
  "websiteUrl": null
}

Responses

201Company created

Content-Type: application/json

{
  "id": null,
  "companyId": null
}

Example

curl -X POST "https://milton2.stectus.com/api/customers/companies" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"organizationId\": \"00000000-0000-4000-8000-000000000000\",
  \"tenantId\": \"00000000-0000-4000-8000-000000000000\",
  \"displayName\": \"string\",
  \"primaryEmail\": null,
  \"primaryPhone\": null,
  \"nextInteraction\": null,
  \"domain\": null,
  \"websiteUrl\": null
}"

PUT/customers/companies

Auth requiredcustomers.companies.manage

Update company

Updates company profile fields, tags, or custom attributes. Requires features: customers.companies.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000",
  "primaryEmail": null,
  "primaryPhone": null,
  "nextInteraction": null,
  "domain": null,
  "websiteUrl": null
}

Responses

200Company updated

Content-Type: application/json

{
  "ok": true
}

Example

curl -X PUT "https://milton2.stectus.com/api/customers/companies" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\",
  \"primaryEmail\": null,
  \"primaryPhone\": null,
  \"nextInteraction\": null,
  \"domain\": null,
  \"websiteUrl\": null
}"

DELETE/customers/companies

Auth requiredcustomers.companies.manage

Delete company

Deletes a company by id. The identifier can be provided via body or query. Requires features: customers.companies.manage

Request body (application/json)

{
  "id": "00000000-0000-4000-8000-000000000000"
}

Responses

200Company deleted

Content-Type: application/json

{
  "ok": true
}

422Company has dependent records (people, deals, or direct staff); unlink or reassign before delete.

Content-Type: application/json

{
  "error": "string",
  "code": "COMPANY_HAS_DEPENDENTS"
}

Example

curl -X DELETE "https://milton2.stectus.com/api/customers/companies" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"id\": \"00000000-0000-4000-8000-000000000000\"
}"

GET/customers/companies/{id}

Auth requiredcustomers.companies.view

Fetch company with related data

Returns a company customer record with optional related resources such as addresses, comments, activities, interactions, deals, todos, and linked people. Requires features: customers.companies.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—
include	query	No	any	Comma-separated list of relations to include (addresses, comments, activities, interactions, deals, todos, people).

Responses

200Company detail payload

Content-Type: application/json

{
  "interactionMode": "canonical",
  "company": {
    "id": "00000000-0000-4000-8000-000000000000",
    "displayName": null,
    "description": null,
    "ownerUserId": null,
    "primaryEmail": null,
    "primaryPhone": null,
    "status": null,
    "lifecycleStage": null,
    "source": null,
    "nextInteractionAt": null,
    "nextInteractionName": null,
    "nextInteractionRefId": null,
    "nextInteractionIcon": null,
    "nextInteractionColor": null,
    "organizationId": null,
    "tenantId": null,
    "temperature": null,
    "renewalQuarter": null,
    "createdAt": "string",
    "updatedAt": "string"
  },
  "profile": null,
  "customFields": {},
  "tags": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "label": "string",
      "color": null
    }
  ],
  "addresses": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "name": null,
      "purpose": null,
      "addressLine1": null,
      "addressLine2": null,
      "buildingNumber": null,
      "flatNumber": null,
      "city": null,
      "region": null,
      "postalCode": null,
      "country": null,
      "latitude": null,
      "longitude": null,
      "isPrimary": null,
      "createdAt": "string"
    }
  ],
  "comments": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "body": null,
      "authorUserId": null,
      "authorName": null,
      "authorEmail": null,
      "dealId": null,
      "createdAt": "string",
      "appearanceIcon": null,
      "appearanceColor": null
    }
  ],
  "activities": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "activityType": "string",
      "subject": null,
      "body": null,
      "occurredAt": null,
      "dealId": null,
      "authorUserId": null,
      "authorName": null,
      "authorEmail": null,
      "createdAt": "string",
      "appearanceIcon": null,
      "appearanceColor": null
    }
  ],
  "interactions": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "entityId": null,
      "interactionType": "string",
      "title": null,
      "body": null,
      "status": "string",
      "scheduledAt": null,
      "occurredAt": null,
      "priority": null,
      "authorUserId": null,
      "ownerUserId": null,
      "dealId": null,
      "organizationId": null,
      "tenantId": null,
      "authorName": null,
      "authorEmail": null,
      "dealTitle": null,
      "customValues": null,
      "appearanceIcon": null,
      "appearanceColor": null,
      "source": null,
      "createdAt": "string",
      "updatedAt": "string"
    }
  ],
  "deals": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "title": null,
      "status": null,
      "pipelineStage": null,
      "valueAmount": null,
      "valueCurrency": null,
      "probability": null,
      "expectedCloseAt": null,
      "ownerUserId": null,
      "source": null,
      "createdAt": "string",
      "updatedAt": "string"
    }
  ],
  "todos": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "todoId": "00000000-0000-4000-8000-000000000000",
      "todoSource": "string",
      "createdAt": "string",
      "createdByUserId": null,
      "title": null,
      "isDone": null,
      "priority": null,
      "severity": null,
      "description": null,
      "dueAt": null,
      "todoOrganizationId": null,
      "customValues": null
    }
  ],
  "people": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "displayName": null,
      "primaryEmail": null,
      "primaryPhone": null,
      "status": null,
      "lifecycleStage": null,
      "jobTitle": null,
      "department": null,
      "createdAt": "string",
      "organizationId": null,
      "source": null,
      "temperature": null,
      "linkedAt": null
    }
  ],
  "viewer": {
    "userId": null,
    "name": null,
    "email": null
  }
}

400Invalid identifier

Content-Type: application/json

{
  "error": "string"
}

404Company not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/customers/companies/:id" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/customers/companies/{id}/people

Auth requiredcustomers.companies.view

List linked people for a company

Requires features: customers.companies.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—
page	query	No	any	—
pageSize	query	No	any	—
search	query	No	any	—
sort	query	No	any	—

Responses

200Paginated linked people

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "displayName": "string",
      "primaryEmail": null,
      "primaryPhone": null,
      "status": null,
      "lifecycleStage": null,
      "jobTitle": null,
      "department": null,
      "createdAt": "string",
      "organizationId": null,
      "temperature": null,
      "source": null,
      "linkedAt": null
    }
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}

Example

curl -X GET "https://milton2.stectus.com/api/customers/companies/:id/people?page=1&pageSize=20&sort=name-asc" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/customers/companies/{id}/roles

Auth requiredcustomers.roles.view

List roles for a company

Requires features: customers.roles.view

Parameters

Name	In	Required	Schema	Description
id	path	Yes	any	—

Responses

200Role assignments

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "entityType": "company",
      "entityId": "00000000-0000-4000-8000-000000000000",
      "userId": "00000000-0000-4000-8000-000000000000",
      "userName": null,
      "userEmail": null,
      "userPhone": null,
      "roleType": "string",
      "createdAt": "string",
      "updatedAt": "string"
    }
  ]
}

400Invalid request

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/customers/companies/00000000-0000-4000-8000-000000000000/roles" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Dashboards

Showing 10 of 10 endpoints

GET/dashboards/layout

Auth requireddashboards.view

Load the current dashboard layout

Returns the saved widget layout together with the widgets the current user is allowed to place. Requires features: dashboards.view

Responses

200Current dashboard layout and available widgets.

Content-Type: application/json

{
  "layout": {
    "items": [
      {
        "id": "00000000-0000-4000-8000-000000000000",
        "widgetId": "string",
        "order": 1
      }
    ]
  },
  "allowedWidgetIds": [
    "string"
  ],
  "canConfigure": true,
  "context": {
    "userId": "00000000-0000-4000-8000-000000000000",
    "tenantId": null,
    "organizationId": null,
    "userName": null,
    "userEmail": null,
    "userLabel": "string"
  },
  "widgets": [
    {
      "id": "string",
      "title": "string",
      "description": null,
      "defaultSize": "sm",
      "defaultEnabled": true,
      "defaultSettings": null,
      "features": [
        "string"
      ],
      "moduleId": "string",
      "icon": null,
      "loaderKey": "string",
      "supportsRefresh": true
    }
  ]
}

Example

curl -X GET "https://milton2.stectus.com/api/dashboards/layout" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/dashboards/layout

Auth requireddashboards.configure

Persist dashboard layout changes

Saves the provided widget ordering, sizes, and settings for the current user. Requires features: dashboards.configure

Request body (application/json)

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "widgetId": "string",
      "order": 1
    }
  ]
}

Responses

200Layout updated successfully.

Content-Type: application/json

{
  "ok": true
}

400Invalid layout payload

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://milton2.stectus.com/api/dashboards/layout" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"items\": [
    {
      \"id\": \"00000000-0000-4000-8000-000000000000\",
      \"widgetId\": \"string\",
      \"order\": 1
    }
  ]
}"

PATCH/dashboards/layout/{itemId}

Auth requireddashboards.configure

Update a dashboard layout item

Adjusts the size or settings for a single widget within the dashboard layout. Requires features: dashboards.configure

Parameters

Name	In	Required	Schema	Description
itemId	path	Yes	any	—

Request body (application/json)

{}

Responses

200Layout item updated.

Content-Type: application/json

{
  "ok": true
}

400Invalid payload or missing item id

Content-Type: application/json

{
  "error": "string"
}

404Item not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PATCH "https://milton2.stectus.com/api/dashboards/layout/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{}"

GET/dashboards/roles/widgets

Auth requireddashboards.admin.assign-widgets

Fetch widget assignments for a role

Returns the widgets explicitly assigned to the given role together with the evaluation scope. Requires features: dashboards.admin.assign-widgets

Parameters

Name	In	Required	Schema	Description
roleId	query	Yes	any	—
tenantId	query	No	any	—
organizationId	query	No	any	—

Responses

200Current widget configuration for the role.

Content-Type: application/json

{
  "widgetIds": [
    "string"
  ],
  "hasCustom": true,
  "scope": {
    "tenantId": null,
    "organizationId": null
  }
}

400Missing role identifier

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/dashboards/roles/widgets?roleId=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/dashboards/roles/widgets

Auth requireddashboards.admin.assign-widgets

Update widgets assigned to a role

Persists the widget list for a role within the provided tenant and organization scope. Requires features: dashboards.admin.assign-widgets

Request body (application/json)

{
  "roleId": "00000000-0000-4000-8000-000000000000",
  "widgetIds": [
    "string"
  ]
}

Responses

200Widgets updated successfully.

Content-Type: application/json

{
  "ok": true,
  "widgetIds": [
    "string"
  ]
}

400Invalid payload or unknown widgets

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://milton2.stectus.com/api/dashboards/roles/widgets" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"roleId\": \"00000000-0000-4000-8000-000000000000\",
  \"widgetIds\": [
    \"string\"
  ]
}"

GET/dashboards/users/widgets

Auth requireddashboards.admin.assign-widgets

Read widget overrides for a user

Returns the widgets inherited and explicitly configured for the requested user within the current scope. Requires features: dashboards.admin.assign-widgets

Parameters

Name	In	Required	Schema	Description
userId	query	Yes	any	—
tenantId	query	No	any	—
organizationId	query	No	any	—

Responses

200Widget settings for the user.

Content-Type: application/json

{
  "mode": "inherit",
  "widgetIds": [
    "string"
  ],
  "hasCustom": true,
  "effectiveWidgetIds": [
    "string"
  ],
  "scope": {
    "tenantId": null,
    "organizationId": null
  }
}

400Missing user identifier

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/dashboards/users/widgets?userId=00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PUT/dashboards/users/widgets

Auth requireddashboards.admin.assign-widgets

Update user-specific dashboard widgets

Sets the widget override mode and allowed widgets for a user. Passing `mode: inherit` clears overrides. Requires features: dashboards.admin.assign-widgets

Request body (application/json)

{
  "userId": "00000000-0000-4000-8000-000000000000",
  "mode": "inherit",
  "widgetIds": [
    "string"
  ]
}

Responses

200Overrides saved.

Content-Type: application/json

{
  "ok": true,
  "mode": "inherit",
  "widgetIds": [
    "string"
  ]
}

400Invalid payload or unknown widgets

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://milton2.stectus.com/api/dashboards/users/widgets" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"userId\": \"00000000-0000-4000-8000-000000000000\",
  \"mode\": \"inherit\",
  \"widgetIds\": [
    \"string\"
  ]
}"

GET/dashboards/widgets/catalog

Auth requireddashboards.admin.assign-widgets

List available dashboard widgets

Returns the catalog of widgets that modules expose, including defaults and feature requirements. Requires features: dashboards.admin.assign-widgets

Responses

200Widgets available for assignment.

Content-Type: application/json

{
  "items": [
    {
      "id": "string",
      "title": "string",
      "description": null,
      "defaultSize": "sm",
      "defaultEnabled": true,
      "defaultSettings": null,
      "features": [
        "string"
      ],
      "moduleId": "string",
      "icon": null,
      "loaderKey": "string",
      "supportsRefresh": true
    }
  ]
}

Example

curl -X GET "https://milton2.stectus.com/api/dashboards/widgets/catalog" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/dashboards/widgets/data

Auth requiredanalytics.view

Fetch aggregated data for dashboard widgets

Executes an aggregation query against the specified entity type and returns the result. Supports date range filtering, grouping, and period-over-period comparison. Requires features: analytics.view

Request body (application/json)

{
  "entityType": "string",
  "metric": {
    "field": "string",
    "aggregate": "count"
  }
}

Responses

200Aggregated data for the widget.

Content-Type: application/json

{
  "value": null,
  "data": [
    {
      "value": null
    }
  ],
  "metadata": {
    "fetchedAt": "string",
    "recordCount": 1
  }
}

400Invalid request payload

Content-Type: application/json

{
  "error": "string"
}

500Internal server error

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/dashboards/widgets/data" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityType\": \"string\",
  \"metric\": {
    \"field\": \"string\",
    \"aggregate\": \"count\"
  }
}"

POST/dashboards/widgets/data/batch

Auth requiredanalytics.view

Fetch aggregated data for multiple dashboard widgets in one request

Resolves a batch of widget data requests with a single authentication, RBAC, organization-scope, and database-context setup. Each request is keyed by an opaque widget id and resolved independently, so a failure in one widget does not fail the batch. Requires features: analytics.view

Request body (application/json)

{
  "requests": [
    {
      "id": "string",
      "request": {
        "entityType": "string",
        "metric": {
          "field": "string",
          "aggregate": "count"
        }
      }
    }
  ]
}

Responses

200Per-widget aggregation results keyed by request id.

Content-Type: application/json

{
  "results": [
    {
      "id": "string",
      "ok": true,
      "data": {
        "value": null,
        "data": [
          {
            "value": null
          }
        ],
        "metadata": {
          "fetchedAt": "string",
          "recordCount": 1
        }
      }
    }
  ]
}

400Invalid request payload

Content-Type: application/json

{
  "error": "string"
}

500Internal server error

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/dashboards/widgets/data/batch" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"requests\": [
    {
      \"id\": \"string\",
      \"request\": {
        \"entityType\": \"string\",
        \"metric\": {
          \"field\": \"string\",
          \"aggregate\": \"count\"
        }
      }
    }
  ]
}"

Dictionaries

Showing 11 of 11 endpoints

GET/dictionaries

Auth requireddictionaries.view

List dictionaries

Returns dictionaries accessible to the current organization, optionally including inactive records. Requires features: dictionaries.view

Parameters

Name	In	Required	Schema	Description
includeInactive	query	No	any	—

Responses

200Dictionary collection.

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "key": "string",
      "name": "string",
      "description": null,
      "isSystem": true,
      "isActive": true,
      "managerVisibility": null,
      "organizationId": null,
      "createdAt": "string",
      "updatedAt": null
    }
  ]
}

500Failed to load dictionaries

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/dictionaries" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/dictionaries

Auth requireddictionaries.manage

Create dictionary

Registers a dictionary scoped to the current organization. Requires features: dictionaries.manage

Request body (application/json)

{
  "key": "string",
  "name": "string"
}

Responses

201Dictionary created.

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "key": "string",
  "name": "string",
  "description": null,
  "isSystem": true,
  "isActive": true,
  "managerVisibility": null,
  "organizationId": null,
  "createdAt": "string",
  "updatedAt": null
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

409Dictionary key already exists

Content-Type: application/json

{
  "error": "string"
}

500Failed to create dictionary

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/dictionaries" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"key\": \"string\",
  \"name\": \"string\"
}"

GET/dictionaries/{dictionaryId}

Auth requireddictionaries.view

Get dictionary

Returns details for the specified dictionary, including inheritance flags. Requires features: dictionaries.view

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Responses

200Dictionary details.

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "key": "string",
  "name": "string",
  "description": null,
  "isSystem": true,
  "isActive": true,
  "managerVisibility": null,
  "organizationId": null,
  "createdAt": "string",
  "updatedAt": null
}

400Invalid parameters

Content-Type: application/json

{
  "error": "string"
}

404Dictionary not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to load dictionary

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/dictionaries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

PATCH/dictionaries/{dictionaryId}

Auth requireddictionaries.manage

Update dictionary

Updates mutable attributes of the dictionary. Currency dictionaries are protected from modification. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Request body (application/json)

{}

Responses

200Dictionary updated.

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "key": "string",
  "name": "string",
  "description": null,
  "isSystem": true,
  "isActive": true,
  "managerVisibility": null,
  "organizationId": null,
  "createdAt": "string",
  "updatedAt": null
}

400Validation failed or protected dictionary

Content-Type: application/json

{
  "error": "string"
}

404Dictionary not found

Content-Type: application/json

{
  "error": "string"
}

409Dictionary key already exists

Content-Type: application/json

{
  "error": "string"
}

500Failed to update dictionary

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PATCH "https://milton2.stectus.com/api/dictionaries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{}"

DELETE/dictionaries/{dictionaryId}

Auth requireddictionaries.manage

Delete dictionary

Soft deletes the dictionary unless it is the protected currency dictionary. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Responses

200Dictionary archived.

Content-Type: application/json

{
  "ok": true
}

400Protected dictionary cannot be deleted

Content-Type: application/json

{
  "error": "string"
}

404Dictionary not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to delete dictionary

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://milton2.stectus.com/api/dictionaries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/dictionaries/{dictionaryId}/entries

Auth requireddictionaries.view

List dictionary entries

Returns entries for the specified dictionary ordered by its configured entry sort mode. Requires features: dictionaries.view

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Responses

200Dictionary entries.

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "value": "string",
      "label": "string",
      "color": null,
      "icon": null,
      "position": 1,
      "isDefault": true,
      "createdAt": "string",
      "updatedAt": null
    }
  ]
}

400Invalid parameters

Content-Type: application/json

{
  "error": "string"
}

404Dictionary not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to load dictionary entries

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/dictionaries/00000000-0000-4000-8000-000000000000/entries" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/dictionaries/{dictionaryId}/entries

Auth requireddictionaries.manage

Create dictionary entry

Creates a new entry in the specified dictionary. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Request body (application/json)

{
  "value": "string",
  "color": null,
  "icon": null
}

Responses

201Dictionary entry created.

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "value": "string",
  "label": "string",
  "color": null,
  "icon": null,
  "position": 1,
  "isDefault": true,
  "createdAt": "string",
  "updatedAt": null
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

404Dictionary not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to create dictionary entry

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/dictionaries/00000000-0000-4000-8000-000000000000/entries" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"value\": \"string\",
  \"color\": null,
  \"icon\": null
}"

PATCH/dictionaries/{dictionaryId}/entries/{entryId}

Auth requireddictionaries.manage

Update dictionary entry

Updates the specified dictionary entry using the command bus pipeline. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—
entryId	path	Yes	any	—

Request body (application/json)

{
  "color": null,
  "icon": null
}

Responses

200Dictionary entry updated.

Content-Type: application/json

{
  "id": "00000000-0000-4000-8000-000000000000",
  "value": "string",
  "label": "string",
  "color": null,
  "icon": null,
  "position": 1,
  "isDefault": true,
  "createdAt": "string",
  "updatedAt": null
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

404Dictionary or entry not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to update entry

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PATCH "https://milton2.stectus.com/api/dictionaries/00000000-0000-4000-8000-000000000000/entries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"color\": null,
  \"icon\": null
}"

DELETE/dictionaries/{dictionaryId}/entries/{entryId}

Auth requireddictionaries.manage

Delete dictionary entry

Deletes the specified dictionary entry via the command bus. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—
entryId	path	Yes	any	—

Responses

200Entry deleted.

Content-Type: application/json

{
  "ok": true
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

404Dictionary or entry not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to delete entry

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://milton2.stectus.com/api/dictionaries/00000000-0000-4000-8000-000000000000/entries/00000000-0000-4000-8000-000000000000" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/dictionaries/{dictionaryId}/entries/reorder

Auth requireddictionaries.manage

Reorder dictionary entries

Updates the position of dictionary entries for drag-and-drop reordering. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Request body (application/json)

{
  "entries": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "position": 1
    }
  ]
}

Responses

200Entries reordered.

Content-Type: application/json

{
  "ok": true
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

404Dictionary not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to reorder entries

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/dictionaries/00000000-0000-4000-8000-000000000000/entries/reorder" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entries\": [
    {
      \"id\": \"00000000-0000-4000-8000-000000000000\",
      \"position\": 1
    }
  ]
}"

POST/dictionaries/{dictionaryId}/entries/set-default

Auth requireddictionaries.manage

Set default dictionary entry

Marks the specified entry as the default for this dictionary, clearing any previous default. Requires features: dictionaries.manage

Parameters

Name	In	Required	Schema	Description
dictionaryId	path	Yes	any	—

Request body (application/json)

{
  "entryId": "00000000-0000-4000-8000-000000000000"
}

Responses

200Default entry set.

Content-Type: application/json

{
  "ok": true
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

404Dictionary or entry not found

Content-Type: application/json

{
  "error": "string"
}

500Failed to set default entry

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/dictionaries/00000000-0000-4000-8000-000000000000/entries/set-default" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entryId\": \"00000000-0000-4000-8000-000000000000\"
}"

Entities

Showing 17 of 17 endpoints

GET/entities/definitions

Auth required

List active custom field definitions

Returns active custom field definitions for the supplied entity ids, respecting tenant scope and tombstones.

Parameters

Name	In	Required	Schema	Description
entityId	query	No	any	—
entityIds	query	No	any	—
fieldset	query	No	any	—

Responses

200Definition list

Content-Type: application/json

{
  "items": [
    {
      "key": "string",
      "kind": "string",
      "label": "string",
      "entityId": "string"
    }
  ]
}

400Missing entity id

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/entities/definitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/entities/definitions

Auth requiredentities.definitions.manage

Upsert custom field definition

Creates or updates a custom field definition for the current tenant/org scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "key": "string",
  "kind": "text"
}

Responses

200Definition saved

Content-Type: application/json

{
  "ok": true,
  "item": {
    "id": "00000000-0000-4000-8000-000000000000",
    "key": "string",
    "kind": "string",
    "configJson": {}
  }
}

400Validation failed

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/entities/definitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"key\": \"string\",
  \"kind\": \"text\"
}"

DELETE/entities/definitions

Auth requiredentities.definitions.manage

Soft delete custom field definition

Marks the specified definition inactive and tombstones it for the current scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "key": "string"
}

Responses

200Definition deleted

Content-Type: application/json

{
  "ok": true
}

400Missing entity id or key

Content-Type: application/json

{
  "error": "string"
}

404Definition not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://milton2.stectus.com/api/entities/definitions" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"key\": \"string\"
}"

POST/entities/definitions.batch

Auth requiredentities.definitions.manage

Save multiple custom field definitions

Creates or updates multiple definitions for a single entity in one transaction. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "definitions": [
    {
      "key": "string",
      "kind": "text"
    }
  ]
}

Responses

200Definitions saved

Content-Type: application/json

{
  "ok": true
}

400Validation error

Content-Type: application/json

{
  "error": "string"
}

500Unexpected failure

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/entities/definitions.batch" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"definitions\": [
    {
      \"key\": \"string\",
      \"kind\": \"text\"
    }
  ]
}"

GET/entities/definitions.manage

Auth requiredentities.definitions.manage

Get management snapshot

Returns scoped custom field definitions (including inactive tombstones) for administration interfaces. Requires features: entities.definitions.manage

Parameters

Name	In	Required	Schema	Description
entityId	query	Yes	any	—

Responses

200Scoped definitions and deleted keys

Content-Type: application/json

{
  "items": [
    {
      "id": "00000000-0000-4000-8000-000000000000",
      "key": "string",
      "kind": "string",
      "configJson": null,
      "organizationId": null,
      "tenantId": null
    }
  ],
  "deletedKeys": [
    "string"
  ]
}

400Missing entity id

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/entities/definitions.manage?entityId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/entities/definitions.restore

Auth requiredentities.definitions.manage

Restore definition

Reactivates a previously soft-deleted definition within the current tenant/org scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "key": "string"
}

Responses

200Definition restored

Content-Type: application/json

{
  "ok": true
}

400Missing entity id or key

Content-Type: application/json

{
  "error": "string"
}

404Definition not found

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/entities/definitions.restore" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"key\": \"string\"
}"

GET/entities/encryption

Auth requiredentities.definitions.manage

Fetch encryption map

Returns the encrypted field map for the current tenant/organization scope. Requires features: entities.definitions.manage

Parameters

Name	In	Required	Schema	Description
entityId	query	Yes	any	—

Responses

200Map

Content-Type: application/json

{
  "entityId": "string",
  "fields": [
    {
      "field": "string",
      "hashField": null
    }
  ]
}

Example

curl -X GET "https://milton2.stectus.com/api/entities/encryption?entityId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/entities/encryption

Auth requiredentities.definitions.manage

Upsert encryption map

Creates or updates the encryption map for the current tenant/organization scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "tenantId": null,
  "organizationId": null,
  "fields": [
    {
      "field": "string",
      "hashField": null
    }
  ]
}

Responses

200Saved

Content-Type: application/json

{
  "ok": true
}

Example

curl -X POST "https://milton2.stectus.com/api/entities/encryption" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"tenantId\": null,
  \"organizationId\": null,
  \"fields\": [
    {
      \"field\": \"string\",
      \"hashField\": null
    }
  ]
}"

GET/entities/entities

Auth required

List available entities

Returns generated and custom entities scoped to the caller with field counts per entity.

Responses

200List of entities

Content-Type: application/json

{
  "items": [
    {
      "entityId": "string",
      "source": "code",
      "label": "string",
      "count": 1
    }
  ]
}

Example

curl -X GET "https://milton2.stectus.com/api/entities/entities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/entities/entities

Auth requiredentities.definitions.manage

Upsert custom entity

Creates or updates a tenant/org scoped custom entity definition. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string",
  "label": "string",
  "description": null,
  "showInSidebar": false
}

Responses

200Entity saved

Content-Type: application/json

{
  "ok": true,
  "item": {
    "id": "00000000-0000-4000-8000-000000000000",
    "entityId": "string",
    "label": "string"
  }
}

400Validation error

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/entities/entities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"label\": \"string\",
  \"description\": null,
  \"showInSidebar\": false
}"

DELETE/entities/entities

Auth requiredentities.definitions.manage

Soft delete custom entity

Marks the specified custom entity inactive within the current scope. Requires features: entities.definitions.manage

Request body (application/json)

{
  "entityId": "string"
}

Responses

200Entity deleted

Content-Type: application/json

{
  "ok": true
}

400Missing entity id

Content-Type: application/json

{
  "error": "string"
}

404Entity not found in scope

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://milton2.stectus.com/api/entities/entities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\"
}"

GET/entities/records

Auth requiredentities.records.view

List records

Returns paginated records for the supplied entity. Supports custom field filters, exports, and soft-delete toggles. Requires features: entities.records.view

Parameters

Name	In	Required	Schema	Description
entityId	query	Yes	any	—
page	query	No	any	—
pageSize	query	No	any	—
sortField	query	No	any	—
sortDir	query	No	any	—
withDeleted	query	No	any	—
format	query	No	any	—
exportScope	query	No	any	—
export_scope	query	No	any	—
all	query	No	any	—
full	query	No	any	—

Responses

200Paginated records

Content-Type: application/json

{
  "items": [
    {}
  ],
  "total": 1,
  "page": 1,
  "pageSize": 1,
  "totalPages": 1
}

400Missing entity id

Content-Type: application/json

{
  "error": "string"
}

500Unexpected failure

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/entities/records?entityId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

POST/entities/records

Auth requiredentities.records.manage

Create record

Creates a record for the given entity. When `recordId` is omitted or not a UUID the data engine will generate one automatically. Requires features: entities.records.manage

Request body (application/json)

{
  "entityId": "string",
  "values": {}
}

Responses

200Record created

Content-Type: application/json

{
  "ok": true
}

400Validation failure

Content-Type: application/json

{
  "error": "string"
}

500Unexpected failure

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/entities/records" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"values\": {}
}"

PUT/entities/records

Auth requiredentities.records.manage

Update record

Updates an existing record. If the provided recordId is not a UUID the record will be created instead to support optimistic flows. Requires features: entities.records.manage

Request body (application/json)

{
  "entityId": "string",
  "recordId": "string",
  "values": {}
}

Responses

200Record updated

Content-Type: application/json

{
  "ok": true
}

400Validation failure

Content-Type: application/json

{
  "error": "string"
}

500Unexpected failure

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X PUT "https://milton2.stectus.com/api/entities/records" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"recordId\": \"string\",
  \"values\": {}
}"

DELETE/entities/records

Auth requiredentities.records.manage

Delete record

Soft deletes the specified record within the current tenant/org scope. Requires features: entities.records.manage

Request body (application/json)

{
  "entityId": "string",
  "recordId": "string"
}

Responses

200Record deleted

Content-Type: application/json

{
  "ok": true
}

400Missing entity id or record id

Content-Type: application/json

{
  "error": "string"
}

404Record not found

Content-Type: application/json

{
  "error": "string"
}

500Unexpected failure

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X DELETE "https://milton2.stectus.com/api/entities/records" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityId\": \"string\",
  \"recordId\": \"string\"
}"

GET/entities/relations/options

Auth requiredentities.definitions.view

List relation options

Returns up to 200 option entries for populating relation dropdowns, automatically resolving label fields when omitted. Requires features: entities.definitions.view

Parameters

Name	In	Required	Schema	Description
entityId	query	Yes	any	—
labelField	query	No	any	—
q	query	No	any	—
ids	query	No	any	—
routeContextFields	query	No	any	—

Responses

200Option list

Content-Type: application/json

{
  "items": [
    {
      "value": "string",
      "label": "string"
    }
  ]
}

Example

curl -X GET "https://milton2.stectus.com/api/entities/relations/options?entityId=string" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

GET/entities/sidebar-entities

Auth required

Get sidebar entities

Returns custom entities flagged with `showInSidebar` for the current tenant/org scope.

Responses

200Sidebar entities for navigation

Content-Type: application/json

{
  "items": [
    {
      "entityId": "string",
      "label": "string",
      "href": "string"
    }
  ]
}

Example

curl -X GET "https://milton2.stectus.com/api/entities/sidebar-entities" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"

Query Index

Showing 3 of 3 endpoints

POST/query_index/purge

Auth requiredquery_index.purge

Purge query index records

Queues a purge job to remove indexed records for an entity type within the active scope. Requires features: query_index.purge

Request body (application/json)

{
  "entityType": "string"
}

Responses

200Purge job accepted.

Content-Type: application/json

{
  "ok": true
}

400Missing entity type

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/query_index/purge" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityType\": \"string\"
}"

POST/query_index/reindex

Auth requiredquery_index.reindex

Trigger query index rebuild

Queues a reindex job for the specified entity type within the current tenant scope. Requires features: query_index.reindex

Request body (application/json)

{
  "entityType": "string"
}

Responses

200Reindex job accepted.

Content-Type: application/json

{
  "ok": true
}

400Missing entity type

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X POST "https://milton2.stectus.com/api/query_index/reindex" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d "{
  \"entityType\": \"string\"
}"

GET/query_index/status

Auth requiredquery_index.status.view

Inspect query index coverage

Returns entity counts comparing base tables with the query index along with the latest job status. Requires features: query_index.status.view

Responses

200Current query index status.

Content-Type: application/json

{
  "items": [
    {
      "entityId": "string",
      "label": "string",
      "baseCount": null,
      "indexCount": null,
      "vectorCount": null,
      "ok": true,
      "job": {
        "status": "idle",
        "startedAt": null,
        "finishedAt": null,
        "heartbeatAt": null,
        "processedCount": null,
        "totalCount": null,
        "scope": null
      }
    }
  ],
  "errors": [
    {
      "id": "string",
      "source": "string",
      "handler": "string",
      "entityType": null,
      "recordId": null,
      "tenantId": null,
      "organizationId": null,
      "message": "string",
      "stack": null,
      "payload": null,
      "occurredAt": "string"
    }
  ],
  "logs": [
    {
      "id": "string",
      "source": "string",
      "handler": "string",
      "level": "info",
      "entityType": null,
      "recordId": null,
      "tenantId": null,
      "organizationId": null,
      "message": "string",
      "details": null,
      "occurredAt": "string"
    }
  ]
}

400Tenant or organization context required

Content-Type: application/json

{
  "error": "string"
}

Example

curl -X GET "https://milton2.stectus.com/api/query_index/status" \
  -H "Accept: application/json" \
  -H "authorization: Bearer <token>"