================================================================================ LOYALTY & REWARDS — API DOCUMENTATION Business Owner API + Supplier API Base URL : https://yourdomain.com/api Version : v1 Updated : 2026-04-24 ================================================================================ GENERAL CONVENTIONS ─────────────────── • All requests : Content-Type: application/json (multipart/form-data for file-upload endpoints) • Authentication : Bearer token in Authorization header Authorization: Bearer {token} • Date format : YYYY-MM-DD • Time format : HH:mm (24-hour) • Currency : KWD (Kuwaiti Dinar) • Pagination : ?page={n}&per_page={n} (default per_page = 10) STANDARD SUCCESS ENVELOPE ────────────────────────── { "status" : true, "message" : "...", "data" : { ... } | [ ... ] } STANDARD ERROR ENVELOPE ───────────────────────── { "status" : false, "message" : "...", "errors" : { "field": ["error message"] } // validation errors only } COMMON HTTP STATUS CODES ────────────────────────── 200 OK 201 Created 401 Unauthenticated 403 Forbidden / account suspended 404 Not found 422 Validation error 429 Too many requests (rate limit) 500 Internal server error ================================================================================ PART 1 — BUSINESS OWNER API Prefix : /api/business-owner ================================================================================ ──────────────────────────────────────────────────────────────────────────────── MODULE 1 : AUTHENTICATION ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 1.1 REGISTER ────────────────────────────────────────── POST /api/business-owner/register Auth : None Request Body (JSON) mobile_number string required Exactly 8 digits country_code string required Max 5 chars (e.g. "+965") Success Response 200 { "status" : true, "message" : "OTP sent successfully.", "data" : { "mobile_number" : "12345678", "otp_length" : 6 } } Error Responses 422 Validation failed { "errors": { "mobile_number": ["The mobile number has already been taken."] } } ────────────────────────────────────────── 1.2 LOGIN ────────────────────────────────────────── POST /api/business-owner/login Auth : None Request Body (JSON) mobile_number string required Exactly 8 digits country_code string required Max 5 chars Success Response 200 { "status" : true, "message" : "OTP sent successfully.", "data" : { "mobile_number": "12345678", "otp_length": 6 } } Error Responses 404 { "status": false, "message": "Account not found." } 422 Validation failed ────────────────────────────────────────── 1.3 VERIFY OTP ────────────────────────────────────────── POST /api/business-owner/verify-otp Auth : None Request Body (JSON) mobile_number string required Exactly 8 digits otp string required 6 digits Success Response 200 { "status" : true, "message" : "OTP verified successfully.", "data" : { "token" : "1|aBcDeFgHiJkLmNoPqRsT...", "user_type" : "business_owner", "profile_status" : "pending", // pending | active | suspended "has_profile" : false } } Error Responses 401 { "status": false, "message": "Invalid or expired OTP." } 422 Validation failed ────────────────────────────────────────── 1.4 RESEND OTP ────────────────────────────────────────── POST /api/business-owner/resend-otp Auth : None Rate : 5 requests / minute per IP Request Body (JSON) mobile_number string required Exactly 8 digits country_code string nullable Max 5 chars Success Response 200 { "status" : true, "message" : "OTP resent successfully." } Error Responses 404 { "status": false, "message": "Account not found." } 429 Too many requests ────────────────────────────────────────── 1.5 LOGOUT ────────────────────────────────────────── POST /api/business-owner/logout Auth : Bearer token required Success Response 200 { "status" : true, "message" : "Logged out successfully." } Error Responses 401 { "status": false, "message": "Unauthenticated." } ──────────────────────────────────────────────────────────────────────────────── MODULE 2 : PROFILE ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 2.1 PROFILE SETUP (first-time) ────────────────────────────────────────── POST /api/business-owner/profile-setup Auth : Bearer token required Content-Type : multipart/form-data Request Fields [Personal] full_name string required Max 255 email string required Valid email nationality integer required exists:countries date_of_birth date required Format Y-m-d, must be 18+ years old gender string required male | female | other contact_number string required [Business] number_of_businesses_owned integer required Min 1 business_name string required Max 255 business_category_id integer required exists:categories owner_name string required Max 255 business_phone string required Max 20 business_email string required Valid email, max 255 city string required Max 100 latitude numeric required -90 to 90 longitude numeric required -180 to 180 number_of_branches integer required Min 1 business_description string required address_line_1 string required Max 255 address_line_2 string nullable Max 255 [Files] business_logo file required jpg/jpeg/png, max 2 MB cover_photo file required jpg/jpeg/png, max 4 MB national_id_front file required jpg/jpeg/png/pdf, max 5 MB national_id_back file required jpg/jpeg/png/pdf, max 5 MB cr_certificate_file file required jpg/jpeg/png/pdf, max 5 MB cr_certificate_number string required Max 255 Success Response 200 { "status" : true, "message" : "Profile setup completed successfully.", "data" : { "profile_status": "pending" } } Error Responses 401 Unauthenticated 422 Validation failed (field-level errors returned) ────────────────────────────────────────── 2.2 EDIT PROFILE ────────────────────────────────────────── POST /api/business-owner/edit-profile Auth : Bearer token required Request Body (JSON) owner_name string required Max 255 email string required Valid email, unique (ignores own record) Success Response 200 { "status" : true, "message" : "Profile updated successfully." } Error Responses 401 Unauthenticated 422 { "errors": { "email": ["The email has already been taken."] } } ──────────────────────────────────────────────────────────────────────────────── MODULE 3 : HOME DASHBOARD ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 3.1 HOME ────────────────────────────────────────── GET /api/business-owner/home Auth : Optional (resolved internally) Success Response 200 { "status" : true, "data" : { "total_followers" : 120, "total_offers" : 15, "total_announcements": 8, "active_promotions" : 2, "recent_activities" : [ { "type" : "offer_created", "title" : "Summer Deal", "created_at" : "2026-04-24 10:30:00" } ] } } ──────────────────────────────────────────────────────────────────────────────── MODULE 4 : BUSINESS MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 4.1 CREATE BUSINESS ────────────────────────────────────────── POST /api/business-owner/create-business Auth : Bearer token required Content-Type : multipart/form-data Request Fields (same fields as Profile Setup → Business section) number_of_businesses_owned integer required business_name string required business_category_id integer required exists:categories owner_name string required business_phone string required Max 20 business_email string required Valid email city string required latitude numeric required longitude numeric required number_of_branches integer required business_description string required address_line_1 string required address_line_2 string nullable business_logo file required jpg/jpeg/png, max 2 MB cover_photo file required jpg/jpeg/png, max 4 MB national_id_front file required jpg/jpeg/png/pdf, max 5 MB national_id_back file required jpg/jpeg/png/pdf, max 5 MB cr_certificate_file file required jpg/jpeg/png/pdf, max 5 MB cr_certificate_number string required Success Response 200 { "status" : true, "message" : "Business created successfully.", "data" : { "business_id": 12 } } ────────────────────────────────────────── 4.2 UPDATE BUSINESS ────────────────────────────────────────── POST /api/business-owner/update-business Auth : Bearer token required Content-Type : multipart/form-data Request Fields business_id integer required exists:businesses [All fields same as Create Business — files nullable for update] status string nullable active | inactive Success Response 200 { "status" : true, "message" : "Business updated successfully." } ────────────────────────────────────────── 4.3 BUSINESS LIST ────────────────────────────────────────── GET /api/business-owner/business-list Auth : Bearer token required Query Params page integer optional Default 1 per_page integer optional Default 10, max 100 search string optional Search by business name status string optional active | inactive Success Response 200 { "status" : true, "data" : { "current_page" : 1, "per_page" : 10, "total" : 3, "last_page" : 1, "data" : [ { "id" : 1, "business_name" : "Cafe Luxe", "business_email" : "info@cafeluxe.com", "business_phone" : "22334455", "city" : "Kuwait City", "status" : "active", "business_logo_url" : "https://...", "cover_photo_url" : "https://...", "created_at" : "2026-04-01" } ] } } ────────────────────────────────────────── 4.4 SWITCH BUSINESS ────────────────────────────────────────── POST /api/business-owner/switch-business Auth : Bearer token required Request Body (JSON) business_id integer required exists:businesses Success Response 200 { "status" : true, "message" : "Switched to business successfully.", "data" : { "active_business_id": 2 } } Error Responses 404 { "status": false, "message": "Business not found or unauthorized." } ──────────────────────────────────────────────────────────────────────────────── MODULE 5 : BRANCH MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 5.1 ADD BRANCH ────────────────────────────────────────── POST /api/business-owner/add-branch Auth : Bearer token required Request Body (JSON) business_id integer required exists:businesses branch_name string required Max 255 address_line_1 string required Max 500 city_id integer required exists:city state_id integer required exists:states contact_number string required Max 15 map_location string nullable Max 500 latitude numeric nullable -90 to 90 longitude numeric nullable -180 to 180 working_hours string required Max 500 (e.g. "Mon–Fri 9am–10pm") status string required active | inactive schedule array optional Weekly schedule schedule[*].day_of_week string required Mon|Tue|Wed|Thu|Fri|Sat|Sun schedule[*].is_closed boolean required schedule[*].open_time string required HH:mm schedule[*].close_time string required HH:mm Success Response 200 { "status" : true, "message" : "Branch added successfully.", "data" : { "branch_id": 5 } } ────────────────────────────────────────── 5.2 EDIT BRANCH ────────────────────────────────────────── POST /api/business-owner/edit-branch Auth : Bearer token required Request Body (JSON) branch_id integer required exists:business_branches branch_name string required address_line_1 string required city_id integer required state_id integer required contact_number string required latitude numeric required longitude numeric required status boolean required 1 = active | 0 = inactive working_hours array required Full schedule replacement [*].day_of_week string required [*].is_closed boolean required [*].open_time string required HH:mm [*].close_time string required HH:mm Success Response 200 { "status" : true, "message" : "Branch updated successfully." } ────────────────────────────────────────── 5.3 DELETE BRANCH ────────────────────────────────────────── POST /api/business-owner/delete-branch Auth : Bearer token required Request Body (JSON) branch_id integer required exists:business_branches Success Response 200 { "status" : true, "message" : "Branch deleted successfully." } Error Responses 404 { "status": false, "message": "Branch not found." } ────────────────────────────────────────── 5.4 BRANCH DETAIL ────────────────────────────────────────── GET /api/business-owner/branch-detail/{id} Auth : Bearer token required Path Param id integer required Branch ID Success Response 200 { "status" : true, "data" : { "id" : 5, "branch_name" : "Main Branch", "address_line_1" : "Block 5, Street 10, Kuwait City", "city" : "Kuwait City", "state" : "Capital", "contact_number" : "22334455", "latitude" : 29.3759, "longitude" : 47.9774, "working_hours" : "Mon–Fri 9am–10pm", "status" : "active", "qr_code_url" : "https://...", "schedule" : [ { "day_of_week" : "Mon", "is_closed" : false, "open_time" : "09:00", "close_time" : "22:00" } ] } } Error Responses 404 { "status": false, "message": "Branch not found." } ────────────────────────────────────────── 5.5 BRANCH LIST ────────────────────────────────────────── GET /api/business-owner/branches Auth : Bearer token required Query Params page integer optional per_page integer optional Default 10 search string optional status string optional active | inactive business_id integer optional Success Response 200 { "status" : true, "data" : { "current_page" : 1, "per_page" : 10, "total" : 4, "last_page" : 1, "data" : [ { "id" : 5, "branch_name" : "Main Branch", "address_line_1" : "Block 5, Street 10", "status" : "active", "contact_number" : "22334455" } ] } } ──────────────────────────────────────────────────────────────────────────────── MODULE 6 : SUBSCRIPTION MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 6.1 GET PLAN TYPES ────────────────────────────────────────── GET /api/business-owner/subscription-plan-types Auth : Bearer token required Query Params language_id integer optional 1 = English (default) | 2 = Arabic Success Response 200 { "status" : true, "data" : [ { "id": 1, "name": "Monthly" }, { "id": 2, "name": "Yearly" } ] } ────────────────────────────────────────── 6.2 GET SUBSCRIPTIONS BY TYPE ────────────────────────────────────────── GET /api/business-owner/subscriptions Auth : Bearer token required Query Params plan_type_id integer required exists:subscription_plan_types language_id integer optional 1 | 2 Success Response 200 { "status" : true, "data" : [ { "id" : 3, "name" : "Gold Plan", "price" : 29.99, "duration" : 30, "features" : ["Unlimited offers", "Priority support"] } ] } ────────────────────────────────────────── 6.3 PURCHASE SUBSCRIPTION ────────────────────────────────────────── POST /api/business-owner/purchase-subscription Auth : Bearer token required Request Body (JSON) subscription_id integer required exists:subscription_plan payment_id string required Max 255 (gateway transaction ID) payment_status string required "success" activates plan; other values record as failed transaction_amount numeric required Min 0 payment_method string nullable Max 100 (e.g. "knet", "credit_card") transaction_reference string nullable Max 255 Success Response 200 { "status" : true, "message" : "Subscription purchased successfully.", "data" : { "subscription_id" : 3, "activated_at" : "2026-04-24", "expires_at" : "2026-05-24" } } ────────────────────────────────────────── 6.4 PURCHASE HISTORY ────────────────────────────────────────── GET /api/business-owner/purchase-history Auth : Bearer token required Success Response 200 { "status" : true, "data" : [ { "id" : 10, "plan_name" : "Gold Plan", "amount" : 29.99, "payment_method" : "knet", "payment_status" : "success", "transaction_reference": "TXN20260424001", "purchased_at" : "2026-04-24 10:30:00" } ] } ──────────────────────────────────────────────────────────────────────────────── MODULE 7 : OFFER MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── OFFER TYPES 2 = General Discount 3 = Time-Based Offer 4 = Limited Coupon ────────────────────────────────────────── 7.1 GET OFFER TYPES ────────────────────────────────────────── GET /api/business-owner/offer-types Auth : Bearer token required Success Response 200 { "status" : true, "data" : [ { "id": 2, "name": "General Discount" }, { "id": 3, "name": "Time-Based Offer" }, { "id": 4, "name": "Limited Coupon" } ] } ────────────────────────────────────────── 7.2 CREATE OFFER ────────────────────────────────────────── POST /api/business-owner/create-offer Auth : Bearer token required Content-Type : multipart/form-data (only if uploading image, else application/json) Common Fields business_id integer required exists:businesses offer_type_id integer required exists:offer_types (2, 3, or 4) title string required Max 255 description string required start_date date required YYYY-MM-DD end_date date required YYYY-MM-DD, >= start_date purchase_quantity integer required Min 1 branch_ids array required Min 1 item — IDs from business_branches user_type array required Min 1 item — adults | students | senior_citizens customer_eligibility array required Min 1 item — all | new | vip | app_users limited_stock integer nullable Min 1 time_restriction string nullable Max 255 (display text) image file optional jpg/jpeg/png, max 2 MB Type 2 — General Discount (required when offer_type_id = 2) discount_percentage numeric required 1 – 100 minimum_bill_amount numeric required Min 0 (KWD) Type 3 — Time-Based Offer (required when offer_type_id = 3) from_time string required HH:mm to_time string required HH:mm, must be after from_time applicable_days array required Min 1 (e.g. ["Mon","Tue","Fri"]) discount_value numeric required Min 1 discount_type string required percentage | flat Type 4 — Limited Coupon (required when offer_type_id = 4) total_coupons integer required Min 1 product_name string required Max 255 regular_price numeric required Min 0 (KWD) coupon_price numeric required Min 0, must be < regular_price (KWD) Success Response 200 { "status" : true, "message" : "Offer created successfully.", "data" : { "offer_id" : 23, "image_url" : "https://..." } } Error Responses 401 Unauthenticated 404 { "status": false, "message": "Business not found or unauthorized." } 422 Validation failed { "errors": { "discount_percentage": ["Discount percentage is required for General Discount offers."], "to_time" : ["End time must be later than start time."], "coupon_price" : ["Coupon price must be less than the regular price."] } } ────────────────────────────────────────── 7.3 EDIT OFFER ────────────────────────────────────────── POST /api/business-owner/edit-offer Auth : Bearer token required Content-Type : multipart/form-data (if replacing image) Request Fields offer_id integer required exists:business_offers offer_type_id integer optional Resolved from DB if omitted business_id integer optional [All common and type-specific fields same as Create Offer] Notes • Omitting offer_type_id keeps the original type. • Changing offer_type_id nulls all columns belonging to the old type. • branch_ids, products, free_products are fully replaced (not merged). • A new image replaces the old one; no image field = keep existing image. Success Response 200 { "status" : true, "message" : "Offer updated successfully." } Error Responses 401 Unauthenticated 404 { "status": false, "message": "Offer not found or unauthorized." } 422 Validation failed ────────────────────────────────────────── 7.4 OFFER LIST ────────────────────────────────────────── GET /api/business-owner/offers Auth : Bearer token required Query Params page integer optional Default 1 per_page integer optional Default 10, max 100 offer_type_id integer optional Filter by type (2, 3, 4) search string optional Search by title Success Response 200 { "status" : true, "data" : { "current_page" : 1, "per_page" : 10, "total" : 5, "last_page" : 1, "data" : [ { "id" : 23, "title" : "Summer Sale", "description" : "Flat 20% off all items", "offer_type_id" : 2, "offer_type" : "General Discount", "start_date" : "2026-05-01", "end_date" : "2026-05-31", "branch_ids" : ["1","2"], "branch_count" : 2, "branch_names" : ["Main Branch","City Center"], "user_type" : ["adults","students"], "customer_eligibility" : ["all"], "limited_stock" : 100, "discount_percentage" : "20.00", "minimum_bill_amount" : "10.00", "from_time" : null, "to_time" : null, "applicable_days" : [], "discount_value" : null, "discount_type" : null, "total_coupons" : null, "product_name" : null, "regular_price" : null, "coupon_price" : null, "status" : 1, "admin_status" : 0, "is_promoted" : false, "image" : "https://..." } ] } } ────────────────────────────────────────── 7.5 OFFER DETAIL ────────────────────────────────────────── GET /api/business-owner/offer-detail/{id} Auth : Bearer token required Path Param id integer required Success Response 200 { "status" : true, "data" : { "id" : 23, "business_id" : 1, "offer_type_id" : 2, "offer_type" : "General Discount", "title" : "Summer Sale", "description" : "Flat 20% off all items", "start_date" : "2026-05-01", "end_date" : "2026-05-31", "purchase_quantity" : 1, "time_restriction" : null, "limited_stock" : 100, "usage_count" : 0, "branch_ids" : ["1","2"], "branches" : [ { "id": 1, "branch_name": "Main Branch", "address": "Block 5, Street 10" } ], "user_type" : ["adults","students"], "customer_eligibility" : ["all"], "image" : "https://...", "status" : 1, "admin_status" : 0, "is_promoted" : false, "discount_percentage" : "20.00", "minimum_bill_amount" : "10.00", "from_time" : null, "to_time" : null, "applicable_days" : [], "discount_value" : null, "discount_type" : null, "total_coupons" : null, "product_name" : null, "regular_price" : null, "coupon_price" : null, "product_ids" : [], "free_product_ids" : [], "buy_quantity" : null, "category_id" : null, "created_at" : "2026-04-24 10:00:00", "updated_at" : "2026-04-24 10:00:00" } } Error Responses 404 { "status": false, "message": "Offer not found or unauthorized." } ────────────────────────────────────────── 7.6 DELETE OFFER ────────────────────────────────────────── POST /api/business-owner/delete-offer Auth : Bearer token required Request Body (JSON) offer_id integer required exists:business_offers Success Response 200 { "status" : true, "message" : "Offer deleted successfully." } Error Responses 404 { "status": false, "message": "Offer not found or unauthorized." } ──────────────────────────────────────────────────────────────────────────────── MODULE 8 : ANNOUNCEMENT MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 8.1 CREATE ANNOUNCEMENT ────────────────────────────────────────── POST /api/business-owner/create-announcement Auth : Bearer token required Content-Type : multipart/form-data Request Fields announcement_type string required standard | targeted business_id integer required exists:businesses branch_id integer required exists:business_branches title string required Max 255 description string required image file optional jpeg/png/jpg/gif, max 5 MB status string required draft | published [Only when announcement_type = targeted] audience_target_type string required user_type | followers | gender | region user_type array required if audience_target_type=user_type gender string required if audience_target_type=gender male | female | all region_id integer required if audience_target_type=region exists:area Success Response 200 { "status" : true, "message" : "Announcement created successfully.", "data" : { "announcement_id": 7 } } ────────────────────────────────────────── 8.2 EDIT ANNOUNCEMENT ────────────────────────────────────────── POST /api/business-owner/edit-announcement Auth : Bearer token required Content-Type : multipart/form-data Request Fields announcement_id integer required exists:announcements [All fields same as Create Announcement] Success Response 200 { "status" : true, "message" : "Announcement updated successfully." } ────────────────────────────────────────── 8.3 ANNOUNCEMENT LIST ────────────────────────────────────────── GET /api/business-owner/announcements Auth : Bearer token required Query Params status string optional draft | published (returns all if omitted) page integer optional per_page integer optional Success Response 200 { "status" : true, "data" : { "current_page" : 1, "total" : 3, "data" : [ { "id" : 7, "title" : "Grand Opening Sale", "description" : "Join us for our grand opening.", "status" : "published", "image_url" : "https://...", "created_at" : "2026-04-24" } ] } } ────────────────────────────────────────── 8.4 ANNOUNCEMENT DETAIL ────────────────────────────────────────── GET /api/business-owner/announcement-detail/{id} Auth : Bearer token required Success Response 200 { "status" : true, "data" : { "id" : 7, "title" : "Grand Opening Sale", "description" : "Join us for our grand opening.", "announcement_type" : "targeted", "audience_target_type": "gender", "gender" : "female", "status" : "published", "image_url" : "https://...", "branch" : { "id": 1, "branch_name": "Main Branch" }, "created_at" : "2026-04-24" } } ──────────────────────────────────────────────────────────────────────────────── MODULE 9 : FOLLOWERS ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 9.1 FOLLOWER LIST ────────────────────────────────────────── GET /api/business-owner/followers Auth : Bearer token required Query Params page integer optional per_page integer optional date_from date optional YYYY-MM-DD date_to date optional YYYY-MM-DD Success Response 200 { "status" : true, "data" : { "total" : 120, "current_page" : 1, "data" : [ { "id" : 55, "name" : "Ahmed Ali", "mobile" : "98765432", "followed_at" : "2026-04-20 14:00:00" } ] } } ──────────────────────────────────────────────────────────────────────────────── MODULE 10 : POST MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 10.1 CREATE POST ────────────────────────────────────────── POST /api/business-owner/create-post Auth : Bearer token required Content-Type : multipart/form-data Request Fields title string required Max 255 description string required caption string optional images array required Min 1 image images[*] file required jpg/jpeg/png, max 2 MB each Success Response 200 { "status" : true, "message" : "Post created successfully.", "data" : { "post_id": 11 } } ────────────────────────────────────────── 10.2 UPDATE POST ────────────────────────────────────────── POST /api/business-owner/update-post Auth : Bearer token required Content-Type : multipart/form-data Request Fields post_id integer required exists:business_posts title string optional Max 255 description string optional images array optional New images to add images[*] file optional jpg/jpeg/png, max 2 MB remove_image_ids array optional IDs of images to delete (exists:business_posts_image) Success Response 200 { "status" : true, "message" : "Post updated successfully." } ────────────────────────────────────────── 10.3 POST LIST ────────────────────────────────────────── GET /api/business-owner/posts Auth : Bearer token required Query Params page integer optional per_page integer optional Success Response 200 { "status" : true, "data" : { "current_page" : 1, "total" : 8, "data" : [ { "id" : 11, "title" : "New Menu Launch", "description" : "Check out our new seasonal menu.", "images" : ["https://...", "https://..."], "created_at" : "2026-04-24" } ] } } ────────────────────────────────────────── 10.4 POST DETAIL ────────────────────────────────────────── GET /api/business-owner/post-detail/{id} Auth : Bearer token required Success Response 200 { "status" : true, "data" : { "id" : 11, "title" : "New Menu Launch", "description" : "Check out our new seasonal menu.", "images" : [ { "id": 31, "url": "https://..." }, { "id": 32, "url": "https://..." } ], "created_at" : "2026-04-24 09:00:00" } } ────────────────────────────────────────── 10.5 DELETE POST ────────────────────────────────────────── DELETE /api/business-owner/delete-post/{id} Auth : Bearer token required Success Response 200 { "status" : true, "message" : "Post deleted successfully." } ──────────────────────────────────────────────────────────────────────────────── MODULE 11 : CATALOG MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 11.1 CREATE CATALOG ITEM ────────────────────────────────────────── POST /api/business-owner/create-catalog Auth : Bearer token required Content-Type : multipart/form-data Request Fields item_name string required Max 255 price numeric required Min 0 (KWD) category_id integer required exists:categories description string optional item_image file optional jpg/jpeg/png, max 2 MB Success Response 200 { "status" : true, "message" : "Catalog item created successfully.", "data" : { "catalog_id": 9 } } ────────────────────────────────────────── 11.2 UPDATE CATALOG ITEM ────────────────────────────────────────── POST /api/business-owner/update-catalog Auth : Bearer token required Content-Type : multipart/form-data Request Fields catalog_id integer required exists:catalogs item_name string optional price numeric optional category_id integer optional description string optional status string optional active | inactive item_image file optional jpg/jpeg/png, max 2 MB Success Response 200 { "status" : true, "message" : "Catalog item updated successfully." } ────────────────────────────────────────── 11.3 CATALOG LIST ────────────────────────────────────────── GET /api/business-owner/catalogs Auth : Bearer token required Query Params page integer optional per_page integer optional Success Response 200 { "status" : true, "data" : { "current_page" : 1, "total" : 12, "data" : [ { "id" : 9, "item_name" : "Margherita Pizza", "price" : 3.500, "category" : "Food", "status" : "active", "image_url" : "https://...", "created_at" : "2026-04-10" } ] } } ────────────────────────────────────────── 11.4 CATALOG ITEM DETAIL ────────────────────────────────────────── GET /api/business-owner/catalog-detail/{id} Auth : Bearer token required Success Response 200 { "status" : true, "data" : { "id" : 9, "item_name" : "Margherita Pizza", "price" : 3.500, "category_id" : 2, "category" : "Food", "description" : "Classic tomato and mozzarella.", "status" : "active", "image_url" : "https://..." } } ────────────────────────────────────────── 11.5 DELETE CATALOG ITEM ────────────────────────────────────────── DELETE /api/business-owner/delete-catalog/{id} Auth : Bearer token required Success Response 200 { "status" : true, "message" : "Catalog item deleted successfully." } ──────────────────────────────────────────────────────────────────────────────── MODULE 12 : GALLERY MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 12.1 UPLOAD IMAGE ────────────────────────────────────────── POST /api/business-owner/gallery/upload Auth : Bearer token required Content-Type : multipart/form-data Request Fields image file required jpg/jpeg/png, max 2 MB Success Response 200 { "status" : true, "message" : "Image uploaded successfully.", "data" : { "gallery_id": 44, "image_url": "https://..." } } ────────────────────────────────────────── 12.2 GALLERY LIST ────────────────────────────────────────── GET /api/business-owner/gallery Auth : Bearer token required Query Params tab string optional approved | pending | rejected (default: all) page integer optional per_page integer optional Success Response 200 { "status" : true, "data" : { "current_page" : 1, "total" : 20, "data" : [ { "id" : 44, "image_url" : "https://...", "status" : "approved", "uploaded_at": "2026-04-24" } ] } } ────────────────────────────────────────── 12.3 GALLERY SUMMARY ────────────────────────────────────────── GET /api/business-owner/gallery/summary Auth : Bearer token required Success Response 200 { "status" : true, "data" : { "approved" : 14, "pending" : 3, "rejected" : 3, "total" : 20 } } ────────────────────────────────────────── 12.4 DELETE IMAGE ────────────────────────────────────────── DELETE /api/business-owner/gallery/{id} Auth : Bearer token required Success Response 200 { "status" : true, "message" : "Image deleted successfully." } ──────────────────────────────────────────────────────────────────────────────── MODULE 13 : PROMOTIONS MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 13.1 GET PROMOTION TYPES ────────────────────────────────────────── GET /api/business-owner/promotions/types Auth : Bearer token required Success Response 200 { "status" : true, "data" : [ { "id": 1, "name": "Banner Promotion", "price": 50.000 }, { "id": 2, "name": "Featured Listing", "price": 30.000 } ] } ────────────────────────────────────────── 13.2 CREATE PROMOTION ────────────────────────────────────────── POST /api/business-owner/promotions/create Auth : Bearer token required Request Body (JSON) promotion_type_id integer required exists:promotions start_date date required >= today end_date date required >= start_date city_id integer required exists:city state_id integer required exists:states notes string optional Max 1000 amount numeric optional Min 0 (KWD) Success Response 200 { "status" : true, "message" : "Promotion created successfully.", "data" : { "promotion_id": 6 } } ────────────────────────────────────────── 13.3 UPDATE PROMOTION ────────────────────────────────────────── POST /api/business-owner/promotions/update Auth : Bearer token required Request Body (JSON) promotion_id integer required exists:business_promotions promotion_type_id integer optional start_date date optional end_date date optional >= start_date city_id integer optional state_id integer optional notes string optional amount numeric optional Success Response 200 { "status" : true, "message" : "Promotion updated successfully." } Notes • Only promotions in "pending" status can be updated. ────────────────────────────────────────── 13.4 PROMOTION LIST ────────────────────────────────────────── GET /api/business-owner/promotions Auth : Bearer token required Query Params status integer optional 1=All | 2=Pending | 3=Active | 4=Expired page integer optional per_page integer optional Success Response 200 { "status" : true, "data" : { "current_page" : 1, "total" : 4, "data" : [ { "id" : 6, "promotion_type" : "Banner Promotion", "start_date" : "2026-05-01", "end_date" : "2026-05-31", "city" : "Kuwait City", "status" : "pending", "amount" : 50.000 } ] } } ────────────────────────────────────────── 13.5 PROMOTION DETAIL ────────────────────────────────────────── GET /api/business-owner/promotions/{id} Auth : Bearer token required Success Response 200 { "status" : true, "data" : { "id" : 6, "promotion_type" : "Banner Promotion", "start_date" : "2026-05-01", "end_date" : "2026-05-31", "city" : "Kuwait City", "state" : "Capital", "notes" : "Spring campaign", "amount" : 50.000, "status" : "pending", "created_at" : "2026-04-24" } } ────────────────────────────────────────── 13.6 DELETE PROMOTION ────────────────────────────────────────── DELETE /api/business-owner/promotions/{id} Auth : Bearer token required Success Response 200 { "status" : true, "message" : "Promotion deleted successfully." } ──────────────────────────────────────────────────────────────────────────────── MODULE 14 : STAFF MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── ROLE TYPES : 1 = Manager | 2 = Cashier | 3 = Custom PERMISSIONS : 1 = View | 2 = Edit | 3 = Delete ────────────────────────────────────────── 14.1 CREATE STAFF ────────────────────────────────────────── POST /api/business-owner/staff/create Auth : Bearer token required Request Body (JSON) name string required Max 255 mobile string required 8–15 digits country_code string required Max 10 (e.g. "+965") role_type integer required 1 | 2 | 3 branch_id integer required exists:business_branches permissions array required Values: [1, 2, 3] status integer required 0 = Inactive | 1 = Active Success Response 200 { "status" : true, "message" : "Staff created successfully.", "data" : { "staff_id": 18 } } ────────────────────────────────────────── 14.2 UPDATE STAFF ────────────────────────────────────────── POST /api/business-owner/staff/update Auth : Bearer token required Request Body (JSON) staff_id integer required exists:business_staff name string optional mobile string optional country_code string optional role_type integer optional 1 | 2 | 3 branch_id integer optional permissions array optional status integer optional 0 | 1 Success Response 200 { "status" : true, "message" : "Staff updated successfully." } ────────────────────────────────────────── 14.3 STAFF LIST ────────────────────────────────────────── GET /api/business-owner/staff Auth : Bearer token required Query Params page integer optional per_page integer optional Max 100 search string optional Search by name role_type integer optional 1 | 2 | 3 branch_id integer optional status integer optional 0 | 1 sort_by string optional id | staff_name | created_at sort_dir string optional asc | desc Success Response 200 { "status" : true, "data" : { "current_page" : 1, "total" : 6, "data" : [ { "id" : 18, "name" : "Khaled Omar", "mobile" : "97654321", "role_type" : 1, "role_name" : "Manager", "branch_id" : 2, "branch_name" : "City Center", "permissions" : [1, 2], "status" : 1 } ] } } ────────────────────────────────────────── 14.4 STAFF DETAIL ────────────────────────────────────────── GET /api/business-owner/staff/{id} Auth : Bearer token required Success Response 200 { "status" : true, "data" : { "id" : 18, "name" : "Khaled Omar", "mobile" : "97654321", "country_code": "+965", "role_type" : 1, "role_name" : "Manager", "branch_id" : 2, "branch_name" : "City Center", "permissions" : [1, 2], "status" : 1, "created_at" : "2026-04-10 09:00:00" } } ────────────────────────────────────────── 14.5 DELETE STAFF ────────────────────────────────────────── DELETE /api/business-owner/staff/{id} Auth : Bearer token required Success Response 200 { "status" : true, "message" : "Staff deleted successfully." } ──────────────────────────────────────────────────────────────────────────────── MODULE 15 : ORDER MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 15.1 ORDER LIST ────────────────────────────────────────── GET /api/business-owner/orders Auth : Bearer token required Query Params tab integer optional 1 = Pending | 2 = Completed | 3 = Cancelled page integer optional per_page integer optional Success Response 200 { "status" : true, "data" : { "current_page" : 1, "total" : 12, "data" : [ { "id" : 101, "order_number" : "ORD-20260424-101", "customer_name": "Sara Ahmed", "total_amount" : 25.500, "status" : "pending", "created_at" : "2026-04-24 08:30:00" } ] } } ────────────────────────────────────────── 15.2 ORDER DETAIL ────────────────────────────────────────── GET /api/business-owner/orders/{id} Auth : Bearer token required Success Response 200 { "status" : true, "data" : { "id" : 101, "order_number" : "ORD-20260424-101", "customer_name" : "Sara Ahmed", "customer_mobile": "99887766", "items" : [ { "product_name": "Margherita Pizza", "qty": 2, "unit_price": 3.500, "total": 7.000 } ], "subtotal" : 7.000, "delivery_fee" : 1.500, "total_amount" : 8.500, "status" : "pending", "timeline" : [ { "status": "placed", "timestamp": "2026-04-24 08:30:00" }, { "status": "pending", "timestamp": "2026-04-24 08:31:00" } ], "created_at" : "2026-04-24 08:30:00" } } ──────────────────────────────────────────────────────────────────────────────── MODULE 16 : CHAT MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── 16.1 CHAT LIST ────────────────────────────────────────── GET /api/business-owner/chats Auth : Bearer token required Success Response 200 { "status" : true, "data" : [ { "chat_id" : 5, "participant" : "Ahmed Ali", "last_message" : "Is the offer still valid?", "unread_count" : 2, "updated_at" : "2026-04-24 11:00:00" } ] } ────────────────────────────────────────── 16.2 CHAT MESSAGES ────────────────────────────────────────── GET /api/business-owner/chats/{chat_id} Auth : Bearer token required Success Response 200 { "status" : true, "data" : { "chat_id" : 5, "messages" : [ { "id" : 301, "sender" : "Ahmed Ali", "message" : "Is the offer still valid?", "type" : "text", "file_url" : null, "sent_at" : "2026-04-24 10:55:00" }, { "id" : 302, "sender" : "Cafe Luxe", "message" : "Yes, until end of May!", "type" : "text", "file_url" : null, "sent_at" : "2026-04-24 11:00:00" } ] } } ────────────────────────────────────────── 16.3 SEND MESSAGE ────────────────────────────────────────── POST /api/business-owner/chats/send Auth : Bearer token required Content-Type : multipart/form-data Request Fields chat_id integer required message string optional (required if no file) file file optional Image or document (required if no message) type string required text | image | file Success Response 200 { "status" : true, "message" : "Message sent.", "data" : { "message_id" : 303, "sent_at" : "2026-04-24 11:05:00" } } ================================================================================ PART 2 — SUPPLIER API Prefix : /api/supplier ================================================================================ ──────────────────────────────────────────────────────────────────────────────── MODULE 1 : AUTHENTICATION ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── S1.1 REGISTER ────────────────────────────────────────── POST /api/supplier/register Auth : None Request Body (JSON) name string required Max 255 mobile string required 8–15 digits, unique country_code string required Max 5 (e.g. "+965") email string required Valid email, unique Success Response 200 { "status" : true, "message" : "Registered successfully. OTP sent.", "data" : { "mobile": "12345678", "otp_length": 6 } } Error Responses 422 { "errors": { "mobile": ["The mobile has already been taken."] } } ────────────────────────────────────────── S1.2 LOGIN ────────────────────────────────────────── POST /api/supplier/login Auth : None Request Body (JSON) mobile string required 8–15 digits country_code string required Max 5 Success Response 200 { "status" : true, "message" : "OTP sent successfully.", "data" : { "mobile": "12345678", "otp_length": 6 } } ────────────────────────────────────────── S1.3 VERIFY OTP ────────────────────────────────────────── POST /api/supplier/verify-otp Auth : None Request Body (JSON) mobile string required otp string required 6 digits Success Response 200 { "status" : true, "message" : "OTP verified successfully.", "data" : { "token" : "2|xYzAbCdEfGhIjKl...", "user_type" : "supplier", "account_status" : "pending", // pending | approved | suspended "has_profile" : false } } Error Responses 401 { "status": false, "message": "Invalid or expired OTP." } ────────────────────────────────────────── S1.4 RESEND OTP ────────────────────────────────────────── POST /api/supplier/resend-otp Auth : None Request Body (JSON) mobile string required Success Response 200 { "status" : true, "message" : "OTP resent successfully." } ────────────────────────────────────────── S1.5 LOGOUT ────────────────────────────────────────── POST /api/supplier/logout Auth : Bearer token required Success Response 200 { "status" : true, "message" : "Logged out successfully." } ────────────────────────────────────────── S1.6 DELETE ACCOUNT ────────────────────────────────────────── POST /api/supplier/delete-account Auth : Bearer token required Success Response 200 { "status" : true, "message" : "Account deleted successfully." } ──────────────────────────────────────────────────────────────────────────────── MODULE 2 : PROFILE ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── S2.1 PROFILE SETUP (first-time) ────────────────────────────────────────── POST /api/supplier/profile Auth : Bearer token required (OTP verified, status = pending | approved) Request Body (JSON) company_name string required Max 255 contact_person string required Max 255 business_description string required mobile string required 8–15 digits country_code string required email string required Valid email, max 255 Success Response 200 { "status" : true, "message" : "Profile setup completed. Awaiting approval.", "data" : { "account_status": "pending" } } ────────────────────────────────────────── S2.2 VIEW PROFILE ────────────────────────────────────────── GET /api/supplier/profile Auth : Bearer token required (OTP verified) Success Response 200 { "status" : true, "data" : { "id" : 7, "name" : "Ahmed Al-Farsi", "mobile" : "12345678", "country_code" : "+965", "email" : "ahmed@supplier.com", "company_name" : "Gulf Supplies Co.", "contact_person" : "Ahmed Al-Farsi", "business_description": "Premium food supplies and logistics.", "account_status" : "approved", "created_at" : "2026-03-01" } } ────────────────────────────────────────── S2.3 UPDATE PROFILE ────────────────────────────────────────── POST /api/supplier/profile/update Auth : Bearer token required (approved + active) Request Body (JSON) company_name string required Max 255 contact_person string required Max 255 business_description string required mobile string required 8–15 digits, unique (ignores own record) country_code string required Max 5 email string required Valid email, unique (ignores own record) Note : Profile update resets account status to "pending" (requires re-approval). Success Response 200 { "status" : true, "message" : "Profile updated. Awaiting re-approval.", "data" : { "account_status": "pending" } } ──────────────────────────────────────────────────────────────────────────────── MODULE 3 : HOME DASHBOARD ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── S3.1 HOME ────────────────────────────────────────── GET /api/supplier/home Auth : Bearer token required (approved + active) Success Response 200 { "status" : true, "data" : { "summary" : { "total_orders" : 48, "pending_orders" : 5, "total_revenue" : 1250.750, "total_products" : 12 }, "recent_orders" : [ { "id" : 88, "order_number" : "ORD-20260424-088", "buyer_name" : "Cafe Luxe", "total_amount" : 75.000, "status" : "pending", "created_at" : "2026-04-24 08:00:00" } ], "top_products" : [ { "id" : 3, "product_name" : "Fresh Tomatoes (5kg)", "total_sold" : 120, "revenue" : 360.000 } ] } } ──────────────────────────────────────────────────────────────────────────────── MODULE 4 : PRODUCT MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── ────────────────────────────────────────── S4.1 ADD PRODUCT ────────────────────────────────────────── POST /api/supplier/products Auth : Bearer token required Content-Type : multipart/form-data Request Fields product_name string required Max 255 category_id integer required exists:categories description string required price numeric required Min 0 (KWD) min_order_qty integer required Min 1 offer_valid_until date optional >= today (YYYY-MM-DD) delivery_option string required pickup | third_party | both is_published integer required 0 = Draft | 1 = Published product_images array required Min 1, max 5 images product_images[*] file required jpg/jpeg/png, max 2 MB each Success Response 200 { "status" : true, "message" : "Product added successfully.", "data" : { "product_id": 15 } } Error Responses 422 { "errors": { "product_images": ["At least one product image is required."], "delivery_option": ["The selected delivery option is invalid."] } } ────────────────────────────────────────── S4.2 UPDATE PRODUCT ────────────────────────────────────────── POST /api/supplier/products/update Auth : Bearer token required Content-Type : multipart/form-data Request Fields product_id integer required exists:supplier_products product_name string required category_id integer required description string required price numeric required min_order_qty integer required offer_valid_until date optional delivery_option string required is_published integer required product_images array optional Max 5 — replaces existing images if provided product_images[*] file optional jpg/jpeg/png, max 2 MB Success Response 200 { "status" : true, "message" : "Product updated successfully." } ────────────────────────────────────────── S4.3 PRODUCT LIST ────────────────────────────────────────── GET /api/supplier/products Auth : Bearer token required Query Params tab integer optional 1 = All | 2 = Active | 3 = Inactive page integer optional per_page integer optional Success Response 200 { "status" : true, "data" : { "current_page" : 1, "total" : 12, "data" : [ { "id" : 15, "product_name" : "Fresh Tomatoes (5kg)", "category" : "Vegetables", "price" : 3.000, "min_order_qty" : 10, "delivery_option" : "both", "is_published" : 1, "images" : ["https://...", "https://..."], "created_at" : "2026-04-20" } ] } } ────────────────────────────────────────── S4.4 PRODUCT DETAIL ────────────────────────────────────────── GET /api/supplier/products/{id} Auth : Bearer token required Success Response 200 { "status" : true, "data" : { "id" : 15, "product_name" : "Fresh Tomatoes (5kg)", "category_id" : 4, "category" : "Vegetables", "description" : "Locally grown, farm-fresh tomatoes.", "price" : 3.000, "min_order_qty" : 10, "offer_valid_until": "2026-06-30", "delivery_option" : "both", "is_published" : 1, "images" : [ { "id": 61, "url": "https://..." }, { "id": 62, "url": "https://..." } ], "created_at" : "2026-04-20 08:00:00" } } Error Responses 404 { "status": false, "message": "Product not found." } ────────────────────────────────────────── S4.5 DELETE PRODUCT ────────────────────────────────────────── DELETE /api/supplier/products/{id} Auth : Bearer token required Success Response 200 { "status" : true, "message" : "Product deleted successfully." } Error Responses 404 { "status": false, "message": "Product not found." } ──────────────────────────────────────────────────────────────────────────────── MODULE 5 : ORDER MANAGEMENT ──────────────────────────────────────────────────────────────────────────────── ORDER STATUS FLOW placed → pending → confirmed → dispatched → delivered (PIN required) → completed Any stage → cancelled ────────────────────────────────────────── S5.1 ORDER LIST ────────────────────────────────────────── GET /api/supplier/orders Auth : Bearer token required Query Params tab integer optional 0 = All | 1 = Pending | 2 = Active | 3 = Done | 4 = Cancelled page integer optional per_page integer optional Success Response 200 { "status" : true, "data" : { "current_page" : 1, "total" : 48, "data" : [ { "id" : 88, "order_number" : "ORD-20260424-088", "buyer_name" : "Cafe Luxe", "total_amount" : 75.000, "status" : "pending", "created_at" : "2026-04-24 08:00:00" } ] } } ────────────────────────────────────────── S5.2 ORDER DETAIL ────────────────────────────────────────── GET /api/supplier/orders/{id} Auth : Bearer token required Success Response 200 { "status" : true, "data" : { "id" : 88, "order_number" : "ORD-20260424-088", "buyer" : { "name" : "Cafe Luxe", "mobile" : "22334455", "email" : "info@cafeluxe.com" }, "delivery" : { "option" : "third_party", "address" : "Block 5, Street 10, Kuwait City", "notes" : "Leave at reception" }, "items" : [ { "product_name" : "Fresh Tomatoes (5kg)", "qty" : 5, "unit_price" : 3.000, "total" : 15.000 } ], "subtotal" : 15.000, "delivery_fee" : 2.500, "total_amount" : 17.500, "status" : "dispatched", "transactions" : [ { "type": "payment", "amount": 17.500, "method": "knet", "status": "success" } ], "timeline" : [ { "status": "placed", "timestamp": "2026-04-24 08:00:00" }, { "status": "confirmed", "timestamp": "2026-04-24 08:30:00" }, { "status": "dispatched", "timestamp": "2026-04-24 10:00:00" } ], "created_at" : "2026-04-24 08:00:00" } } Error Responses 404 { "status": false, "message": "Order not found." } ────────────────────────────────────────── S5.3 UPDATE ORDER STATUS ────────────────────────────────────────── POST /api/supplier/order/status-update Auth : Bearer token required Request Body (JSON) order_id integer required exists:business_orders status string required confirmed | dispatched | delivered | completed | cancelled delivery_pin string required if status = delivered cancel_reason string required if status = cancelled Max 500 Success Response 200 { "status" : true, "message" : "Order status updated to dispatched.", "data" : { "order_id" : 88, "new_status" : "dispatched", "updated_at" : "2026-04-24 10:00:00" } } Error Responses 422 { "errors": { "delivery_pin" : ["The delivery pin field is required when status is delivered."], "cancel_reason": ["The cancel reason field is required when status is cancelled."] } } 404 { "status": false, "message": "Order not found." } 403 { "status": false, "message": "Invalid status transition." } ================================================================================ APPENDIX A — VALIDATION ERROR REFERENCE ================================================================================ Field Error Key Message ─────────────────────── ────────────────────── ────────────────────────────── mobile_number digits Must be exactly 8 digits. email unique The email has already been taken. otp digits Must be exactly 6 digits. end_date after_or_equal Must be on or after start_date. to_time after End time must be after from_time. coupon_price lt Must be less than regular_price. discount_percentage max Cannot exceed 100. national_id_front mimes Must be jpg, jpeg, png, or pdf. business_logo max File size must not exceed 2 MB. date_of_birth (custom) Must be at least 18 years old. delivery_pin required_if Required when status = delivered. cancel_reason required_if Required when status = cancelled. ================================================================================ APPENDIX B — ENUM REFERENCE ================================================================================ Field Values ───────────────────── ────────────────────────────────────────────────────── gender male | female | other status (business) active | inactive status (offer) 1 = Active | 2 = Deleted admin_offer_status 0 = Pending Review | 1 = Approved | 2 = Rejected user_type adults | students | senior_citizens customer_eligibility all | new | vip | app_users discount_type percentage | flat delivery_option pickup | third_party | both announcement_type standard | targeted audience_target_type user_type | followers | gender | region offer_type_id 2 = General Discount | 3 = Time-Based | 4 = Limited Coupon staff_role_type 1 = Manager | 2 = Cashier | 3 = Custom staff_permission 1 = View | 2 = Edit | 3 = Delete supplier status pending | approved | suspended order status placed | pending | confirmed | dispatched | delivered | completed | cancelled promotion status 1 = All | 2 = Pending | 3 = Active | 4 = Expired language_id 1 = English | 2 = Arabic gallery tab approved | pending | rejected product tab 1 = All | 2 = Active | 3 = Inactive ================================================================================ APPENDIX C — AUTHENTICATION FLOW SUMMARY ================================================================================ BUSINESS OWNER ────────────── 1. POST /api/business-owner/register → OTP sent 2. POST /api/business-owner/verify-otp → Bearer token returned 3. POST /api/business-owner/profile-setup → profile_status = "pending" 4. Admin approves → profile_status = "active" 5. Use token in all protected requests: Authorization: Bearer {token} SUPPLIER ──────── 1. POST /api/supplier/register → OTP sent 2. POST /api/supplier/verify-otp → Bearer token returned 3. POST /api/supplier/profile → account_status = "pending" 4. Admin approves → account_status = "approved" 5. Full access granted after approval. Note: POST /api/supplier/profile/update resets account_status to "pending". ================================================================================ END OF DOCUMENT ================================================================================