API Documentation

RESTful API · JSON responses · Bearer token auth

Authentication

All API requests require a Bearer token in the Authorization header. Obtain tokens via the /api/auth/login endpoint. Access tokens expire after 15 minutes; use the refresh token to obtain new ones.

Authorization: Bearer <your_access_token>

Base URL

https://asset-node.com/api

Rate Limits

API requests are rate-limited to 60 requests per minute per authenticated user. Authentication endpoints have stricter limits (5–10 req/min). When exceeded, the API returns 429 Too Many Requests.

Key Endpoints

GET/api/hardwareList all hardware assets with filters, pagination, and search.
POST/api/hardwareRegister a new hardware asset.
GET/api/hardware/:idGet detailed information about a specific asset.
PATCH/api/hardware/:idUpdate fields on an existing hardware asset.
GET/api/employeesList employees with department and status filters.
POST/api/employeesCreate a new employee record.
POST/api/assignmentsCreate a new hardware assignment to an employee.
POST/api/assignments/:id/returnInitiate a return for an active assignment.
GET/api/licensesList software licenses with seat tracking.
GET/api/audit-logQuery the full audit trail with time-range filters.
POST/api/webhooksRegister webhook endpoints for asset events.
GET/api/reports/depreciationGenerate depreciation reports for tax and compliance.
GET/api/dashboardGet KPI overview: total assets, assignments, alerts.

Pagination

List endpoints support ?page=1&limit=50 query parameters. Responses include total, page, and pages fields for client-side pagination.

Webhooks

Subscribe to real-time events (asset created, assignment changed, maintenance due) by registering webhook URLs. Payloads are signed with HMAC-SHA256 for verification.

Example: List Hardware

curl -H "Authorization: Bearer $TOKEN" \ https://asset-node.com/api/hardware?page=1&limit=10&category=laptop

Response (200 OK):

{ "data": [{ "_id": "...", "model": "MacBook Pro 16\"", "category": "laptop", ... }], "total": 42, "page": 1, "pages": 5 }

Error Codes

400Bad Request — invalid parameters or missing required fields
401Unauthorized — missing or expired access token
403Forbidden — insufficient permissions for this resource
404Not Found — resource does not exist or belongs to another tenant
429Too Many Requests — rate limit exceeded, retry after header
500Internal Server Error — please try again later

SDKs & Tools

Official client libraries are coming soon. In the meantime, use any HTTP client — the API follows REST conventions with standard JSON request/response bodies.