Skip to content

Endpoint Reference

Consolidated route tables grouped by router file, followed by the serverless endpoints and example payloads. Format: route | method | controller.function | middleware.

Validation legend: ✅ verified against source route file · ❔ representative, verify · (none) = no auth middleware at the edge ⚠

/crm_api and /crm_api/v2 list representative endpoints only — routes/crm.js has 100+ routes. See each module doc for feature-complete lists.

/injestion (root) — routes/injestion.js ✅

Route Method Controller.fn Middleware
/injestion/uengage POST injestionController.crmQueue (none)
/injestion/petpooja POST injestionController.petPooja (none)
/injestion/rista POST injestionController.rista crm_offer_middleware
/injestion/posist POST injestionController.posist (none)
/injestion/salon/order POST injestionController.salonOrder (none)
/injestion/instant/order POST injestionController.instantProcessing (none)
/update/business/status POST dashboardController.businessStatus (none)
/injestion/createCustomer POST appCustomer.createCustomer (none)
/injestion/fcms POST appCustomer.createFcm (none)
/injestion/checkin POST checkInController.addCheckIn (none)
/injestion/ls_center POST injestionController.ls_center injestion_middleware
/sync/crm/token POST dashboardController.syncCRMToken injestion_middleware
/track/whatsapp/link/:token GET dashboardController.whatsappTrack (none)
/api/ingestion/orderPush POST injestionController.commonIngestion crm_offer_middleware
/api/checkLoyaltyRewards POST rewardsController.checkLoyaltyRewards crm_offer_middleware
/api/redeemLoyalty POST rewardsController.redeemLoyalityRewards crm_offer_middleware
/api/generateOTP POST rewardsController.generateOtp crm_offer_middleware
/api/revokeLoyalty POST rewardsController.revokeLoyaltyRewards crm_offer_middleware
/insert/merchant/data POST injestionController.insertMerchants (none)

/integration/v1routes/prismIntegration.js ✅

All routes use crm_offer_middleware (controllers/prismIntegration).

Route Method Controller.fn Middleware
/create_user POST integrationController.create_user crm_offer_middleware
/get_user_profile POST integrationController.get_user_profile crm_offer_middleware
/update_user_profile POST integrationController.update_profile crm_offer_middleware
/fcm_token_ingestion POST integrationController.fcm_token_ingestion crm_offer_middleware
/get_user_loyalty POST integrationController.getLoyalty crm_offer_middleware
/get_wallet_ledger POST integrationController.getWalletLedger crm_offer_middleware
/deduct_wallet_points POST integrationController.purchaseLoyaltyCards crm_offer_middleware
/configure_points POST integrationController.configureLoyaltyPoints crm_offer_middleware
/redeem_points POST integrationController.redeemLoyaltyPoints crm_offer_middleware
/get_rewards POST integrationController.get_rewards crm_offer_middleware
/purchase_rewards POST integrationController.purchaseRewards crm_offer_middleware
/redeem_rewards POST integrationController.redeemRewards crm_offer_middleware
/revoke_reward POST integrationController.revokeReward crm_offer_middleware

/posist/v1routes/posistLoyaltyIntegration.js ✅

All routes are open (no middleware) ⚠.

Route Method Controller.fn Middleware
/get_loyalty_details POST integrationController.getLoyaltyDetails (none)
/authenticate_points_redemption POST integrationController.authenticatePointsRedemption (none)
/redeem_loyalty_points POST integrationController.redeemLoyaltyPoints (none)
/revoke_loyalty_points POST integrationController.revokeLoyaltyPoints (none)
/get_coupon_details POST integrationController.getCouponDetails (none)
/redeem_coupon_details POST integrationController.redeemCoupon (none)
/update_pos_customer_details POST integrationController.createPosCustomer (none)

/statsroutes/stats.js ✅

All routes use authMiddleware (controllers/metricsController). Common body: { parent_business_id, business_id, start, end, date }.

Route Method Controller.fn Middleware
/dashboard/summary POST metricsController.getDashboardSummary authMiddleware
/metrics/orders POST metricsController.getOrders authMiddleware
/metrics/fulfillment POST metricsController.getFulfillment authMiddleware
/metrics/outlets POST metricsController.getOutlets authMiddleware
/metrics/hour-heatmap POST metricsController.getHourHeatmap authMiddleware
/metrics/meal-breakdown POST metricsController.getMealBreakdown authMiddleware
/metrics/items POST metricsController.getItems authMiddleware
/metrics/campaigns POST metricsController.getCampaigns authMiddleware
/metrics/geo POST metricsController.getGeo authMiddleware
/metrics/top-items POST metricsController.getTopItems authMiddleware
/metrics/special-days POST metricsController.getSpecialDays authMiddleware
/metrics/underperforming POST metricsController.getUnderperforming authMiddleware

/crm_api/v2routes/crmv2.js ✅

Route Method Controller.fn Middleware
/dashboarData POST businessController.dashboardData (none)
/gupshup/generatePartnerToken POST businessController.generatePartnerToken (none)
/gupshup/getPartnerProfile POST businessController.getProfileDetails (none)

/crm_api (legacy) — routes/crm.js (representative) ❔

Route Method Controller.fn Middleware
/injestion/uengage POST injestionController.crmQueue (none)
/injestion/petpooja POST injestionController.petPooja (none)
/get/customer/details POST customerController.getCustomerDetails (none) ⚠
/update/customer/details POST customerController.updateCustomerDetails (none)
/add_b_config POST campaignController.add_config authMiddleware
/add_b_config/php POST campaignController.add_config (none)
/create/bulk/campaign POST campaignController.createBulkCampaigns (file upload / multer)

prism_routes/ sub-features (mounted via crm.js) ✅

campaign_tag_routes.js

Route Method Controller.fn Middleware
/create/campaign_tag POST campaignTagController.createCampaignTag authMiddleware
/get/campaign_tags POST campaignTagController.getCampaignTags authMiddleware

loyalty_rewards_routes.js

Route Method Controller.fn Middleware
/add_edit_rules POST loyaltyRewardsController.addEditRules authMiddleware
/add_edit_milestone POST loyaltyRewardsController.addEditMilestones authMiddleware
/fetch_loyalty_details POST loyaltyRewardsController.fetchRulesMilestones authMiddleware
/day/wise/data POST loyaltyRewardsController.dayWiseLoyaltyData authMiddleware
/loyalty/ledger POST loyaltyRewardsController.loyaltyLedger authMiddleware
/get/referal/rules POST loyaltyRewardsController.getReferalRules authMiddleware
/get/customer/loyalty/details POST loyaltyRewardsController.getCustomerLoyaltyDetails appMiddleware
/view/all/rewards POST loyaltyRewardsController.viewAllRewards appMiddleware
/view/expired/redeemed/rewards POST loyaltyRewardsController.viewExpRedeemedRewards appMiddleware
/redeem_points POST loyaltyRewardsController.redeemLoyaltyPoints authMiddleware
/get/loyalty/rules/details POST loyaltyRewardsController.getWalletDetails crm_offer_middleware

digital_bill_routes.js — all authMiddleware

Route Method Controller.fn Middleware
/links/getWidgetList POST digitalBillController.listing_widgets authMiddleware
/links/addBusinessConfig POST digitalBillController.addBusinessConfig authMiddleware
/update/bill/status POST digitalBillController.updateBillStatus authMiddleware
/links/getBusinessConfig POST digitalBillController.getBusinessConfig authMiddleware
/links/addWidget POST digitalBillController.addWidget authMiddleware
/links/editWidget POST digitalBillController.editWidget authMiddleware

whatsapp_login_routes.js

Route Method Controller.fn Middleware
/check/whatsapp/login POST whatsappLoginController.check_login jwtWhatsappMiddleware
/uen_rider/whatsapp/login POST whatsappLoginController.sendThroughUengage (none)

Remaining prism_routes files (fraud_rules_routes.js, order_360_routes.js, qr_code_routes.js) follow the same staff pattern (authMiddleware) — see their module docs.


Serverless (prism-services) endpoints

Separate repo (prism-services), deployed as AWS Lambda + API Gateway HTTP APIs (ap-south-1). These write to the same MongoDB uengage database as the monolith (see map-05).

Route Method Handler Notes
/crm_api/injestion/{pos} POST src/orders/handlers/api/orders.handler Also /crm_api/api/injestion/{pos}. {pos} ∈ uengage, petpooja, ls_center, orderPush, rista, posist. Produces to Kafka prism-ingest-orders; orders-consumer writes crm_queue.
/whatsapp/send POST src/whatsapp/handlers/api/send.handler Produces to Kafka whatsapp-messages. Consumer is a stub (logs only) ⚠.
/whatsapp/receipts POST src/whatsapp/handlers/api/receipts.handler Produces to Kafka whatsapp-receipts. Consumer is a stub (logs only) ⚠.

POS source-id mapping (orders-consumer): 1=uengage, 2=petpooja, 3=ls_center, 4=orderPush, 6=rista, 7=posist.


Example payloads

Payloads below are grounded in real controller/handler names and the crm_queue shape from map-05. Fields not confirmed in source are marked representative — verify.

1. Order ingestion — POST /injestion/uengage (injestionController.crmQueue)

Fire-and-forget: enqueues into crm_queue (status:0), cron processes later.

Request (representative — verify):

{
  "parentBusinessId": "1234",
  "businessId": "5678",
  "orderId": "UE-20260703-0091",
  "customer": { "name": "Asha R", "phone": "9876543210" },
  "items": [{ "name": "Paneer Tikka", "qty": 1, "price": 320 }],
  "amount": 320,
  "orderTime": "2026-07-03 15:30:45"
}
Response (representative — verify):
{ "status": 1 }
Resulting crm_queue document (verified shape, map-05):
{
  "data": { "...": "original POS payload" },
  "source": 1,
  "insertedAt": "2026-07-03 15:30:45",
  "status": 0,
  "apiSource": "lambda"
}

2. Get customer details — POST /crm_api/get/customer/details (customerController.getCustomerDetails)

Synchronous read. No edge auth ⚠.

Request (representative — verify):

{ "business_id": "5678", "parent_business_id": "1234", "customer_number": "9876543210" }
Response (representative — verify):
{
  "status": 1,
  "customer": {
    "customer_number": "9876543210",
    "name": "Asha R",
    "total_orders": 14,
    "last_order": "2026-06-28",
    "loyalty_points": 240,
    "segment": "At Risk"
  }
}

3. Loyalty redeem — POST /integration/v1/redeem_points (integrationController.redeemLoyaltyPoints)

Synchronous. Requires Authorization header validated against MongoDB authorization_token; req.parent_business_id is derived from it.

Headers:

Authorization: <integration-token>
Content-Type: application/json
Request (representative — verify):
{ "customer_number": "9876543210", "points": 100, "order_id": "POS-88123", "outlet_id": "5678" }
Success (representative — verify):
{ "status": 1, "redeemed": 100, "wallet_balance": 140, "txn_id": "RDM-4471" }
Auth failure (verified — crm_offer_middleware):
{ "status": 0, "error_code": "uE_101", "error_message": "Authentication Failed" }

4. Campaign create (bulk) — POST /crm_api/create/bulk/campaign (campaignController.createBulkCampaigns)

Multipart file upload (multer) — a recipient file plus campaign metadata; enqueues per-channel messages.

Request (multipart form; representative — verify):

file: recipients.xlsx
business_id: 5678
parent_business_id: 1234
campaign_name: "Weekend Winback"
channel: whatsapp
template_id: 90211
Response (representative — verify):
{ "status": 1, "campaign_id": 4471, "queued_recipients": 1820 }
Delivery is asynchronous — messages land in the WhatsApp/SMS/push queue and are sent by sendWhatsappMessageCron / smsQueueCron / pushQueueCron. See Campaigns and Request Lifecycle §3.