Endpoint Reference — Index
The complete API surface for store-builders. Every endpoint here is verified against production as of 10 May 2026 unless explicitly marked otherwise. If you’re new here, read Authentication first — every request needs a per-call signature.
Quick links by resource
| Resource | Page | Endpoints | What it’s for |
|---|---|---|---|
| 🏷️ Strains | strains.md | 2 | Product catalogue, country-filtered |
| 👤 Clients | clients.md | 12 | Customer records, KYC, addresses |
| 🛒 Carts | carts.md | 3 | Per-client active carts |
| 📦 Orders | orders.md | 7 | Order lifecycle from placement to delivery |
| 🤝 Sales | sales.md | 4 | Pre-order pipeline (LEADS / ONGOING / CLOSED) |
| 💰 Commissions | commissions.md | 4 | Holder earnings, USD + ETH |
| 📊 Dashboard | dashboard.md | 2 | Counters + analytics chart data |
| 📈 Revenue | revenue.md | 3 | Per-strain sales totals |
| 🔑 NFTs | nfts.md | 2 (limited) | NFT scope context — most JWT-only |
| 🔐 Auth | auth.md | 5 | Holder wallet sign-in (informational) |
| 🗝️ Keys | keys.md | 4 | API key lifecycle (informational) |
Cross-resource conventions
Read these once — they apply everywhere.Response envelope
Every response (success or error) wraps in:Pagination wrapper
Paginated endpoints return{ <resourceName>: [...], pageMetaDto: {...} }. The pageMetaDto shape is consistent:
Authentication
Every authenticated request needs:x-auth-apikey: <Base64 PEM SPKI public key>x-auth-signature: <Base64 ECDSA-SHA256 sig over canonical payload>
| Method | Canonical |
|---|---|
POST, PATCH, PUT | JSON.stringify(body) (compact, no whitespace) |
GET, DELETE with query | urlencode(query) |
GET, DELETE with no query | "{}" ← not "" |
Status enums
Documented in each resource page; the platform-wide patterns:| Field | Values |
|---|---|
adminApproval (clients, orders) | PENDING, VERIFIED, REJECTED |
orderStatus | PENDING, PROCESSING, SHIPPED, DELIVERED, CANCELLED |
paymentStatus | PENDING, PROCESSING, COMPLETED, FAILED, REFUNDED |
commissionStatus | PENDING, PAID |
salesStatus | LEADS, ONGOING, CLOSED |
strainType | INDICA, SATIVA, HYBRID |
Full endpoint table (alphabetical by path)
| Method | Path | Auth | Resource page |
|---|---|---|---|
POST | /auth/dapp/signIn | None | auth |
POST | /auth/nonce | None | auth |
GET | /auth/resendEmail | None | auth |
POST | /auth/signIn | None (admin only) | auth |
GET | /auth/verifyEmail | None | auth |
POST | /dapp/carts | API-key + sig | carts |
GET | /dapp/carts | API-key + sig | carts |
DELETE | /dapp/carts/{cartId} | API-key + sig | carts |
GET | /dapp/client/{clientId}/orders | API-key + sig | clients |
GET | /dapp/client/{clientId}/transactions | API-key + sig | clients |
POST | /dapp/clients | API-key + sig | clients |
GET | /dapp/clients | API-key + sig | clients |
GET | /dapp/clients/chart-data | API-key + sig | clients |
GET | /dapp/clients/export | API-key + sig | clients |
GET | /dapp/clients/list | API-key + sig | clients |
GET | /dapp/clients/status-breakdown | API-key + sig | clients |
GET | /dapp/clients/summary | API-key + sig | clients |
GET | /dapp/clients/{clientId} | API-key + sig | clients |
PATCH | /dapp/clients/{clientId} | API-key + sig | clients |
GET | /dapp/clients/{clientId}/orders/{orderId} | API-key + sig | clients |
GET | /dapp/commissions | API-key + sig | commissions |
GET | /dapp/commissions/managers | API-key + sig | commissions |
GET | /dapp/commissions/managers/summary | API-key + sig | commissions |
GET | /dapp/commissions/summary | API-key + sig | commissions |
GET | /dapp/dashboard/analytics | API-key + sig | dashboard |
GET | /dapp/dashboard/summary | API-key + sig | dashboard |
POST | /dapp/orders | API-key + sig | orders |
GET | /dapp/orders | API-key + sig | orders |
GET | /dapp/orders/chart-data | API-key + sig | orders |
GET | /dapp/orders/recent | API-key + sig | orders |
GET | /dapp/orders/status-breakdown | API-key + sig | orders |
GET | /dapp/orders/summary | API-key + sig | orders |
GET | /dapp/orders/{orderId} | API-key + sig | orders |
GET | /dapp/revenue | API-key + sig | revenue |
GET | /dapp/revenue/chart-data | API-key + sig | revenue |
GET | /dapp/revenue/summary | API-key + sig | revenue |
POST | /dapp/sales | API-key + sig | sales |
GET | /dapp/sales | API-key + sig | sales |
PATCH | /dapp/sales | API-key + sig | sales |
GET | /dapp/sales/summary | API-key + sig | sales |
GET | /dapp/strains | API-key + sig | strains |
GET | /dapp/strains/{strainId} | API-key + sig | strains |
PATCH | /dapp/users/primary-nft | JWT (presumed) | nfts |
GET | /dapp/users/nfts | JWT only ❌ | nfts |
POST | /keys | JWT | keys |
GET | /keys | JWT | keys |
PATCH | /keys/delete | JWT | keys |
PATCH | /keys/{id} | JWT | keys |
GET | /public/healthStatus | None | 03-environment |
GET | /user/me | JWT only ❌ | auth / nfts |
What’s not on this list
The Dr Green backend has 147 paths total; this index covers the ~50 that are relevant to a store-builder integration. The rest fall into:- Marketplace endpoints (
/marketplace/*) — for the public NFT marketplace UI, not store integrations - Admin endpoints (
/clients,/orders,/users,/strainswithout the/dapp/prefix) — for Dr Green internal staff only; not accessible to holders - Inbound webhook endpoints (
/kyc/webhook,/payments/webhook, etc.) — receive POSTs from third-party processors (FirstAML, CoinRemitter, Payinn, PGPay), not called by stores. See 06-webhooks.md - S3 upload endpoints — used by the DAPP UI for image uploads; not relevant to backend integrations
Verification status legend
Throughout the resource pages, you’ll see these markers:| Marker | Meaning |
|---|---|
| ✅ Verified | Tested live against production on 10 May 2026 — request and response shapes confirmed |
| ⚠️ Partial | Endpoint reachable but full shape not yet captured (e.g. write endpoints not invoked, empty test data) |
| 🔒 Pending | Documented from spec or backend code only — not yet hit live |
| 🪲 Wart | A backend inconsistency that store builders need to know about |
Where to next
- First-time integration? Start with 01-quickstart.md for an end-to-end walkthrough (coming in Phase C).
- Errors during integration? See 04-errors.md § Common failure modes.
- Need to detect status changes? See 06-webhooks.md § The polling pattern — there’s no outbound webhook system yet.
- Building in a specific language? Code samples in
/examples/{nodejs,python,curl,php}/.