LOOP API Documentation

LOOP by LIGHTMGROUP

Docs updated 2026-06-22.4 ยท internal key enabled

Developer reference for the multi-tenant LOOP ecosystem by LIGHTMGROUP. Use this page to understand authentication, tenant headers, core resources, product APIs, and action endpoints while building web, mobile, or external integrations.

Base URL

Production API:

https://loopbackend.duckdns.org/api/v1/

Future custom domain target:

https://loopbackend.duckdns.org/api/v1/

OpenAPI

/api/docs/ opens Swagger UI.

/api/redoc/ opens ReDoc.

/api/schema/ returns the OpenAPI schema when drf-spectacular is installed.

Authentication

Protected endpoints use JWT bearer tokens.

Authorization: Bearer <access_token>

Internal developer/server integrations can use:

X-LOOP-API-KEY: <internal_key>

Tenant-aware requests can include:

X-Company-ID: 001

Frontend/app identity can include:

X-LOOP-APP-ID: loop-booking-web

Tenant Rules

Every important product record belongs to a company and can optionally belong to a workspace. Company codes are strings such as 001, 002, and 003. Non-superusers only see data for companies where they have an active membership and product subscription. Internal keys must also be allowed for the selected company.

Quick Test

Create a user, log in, then call an authenticated endpoint.

curl -X POST https://loopbackend.duckdns.org/api/v1/auth/register/ \
  -H "Content-Type: application/json" \
  -d '{"email":"dev@example.com","username":"dev","password":"strongpass123","company_name":"Demo Company"}'

curl -X POST https://loopbackend.duckdns.org/api/v1/auth/login/ \
  -H "Content-Type: application/json" \
  -d '{"email":"dev@example.com","password":"strongpass123"}'

curl https://loopbackend.duckdns.org/api/v1/companies/ \
  -H "Authorization: Bearer <access_token>" \
  -H "X-Company-ID: 001" \
  -H "X-LOOP-APP-ID: loop-admin"

Internal UI Key

Set LOOP_INTERNAL_API_KEY and LOOP_INTERNAL_API_USER_EMAIL in Vercel for server-side UI integrations that need to call protected LOOP APIs, or create hashed InternalAPIKey records in admin. The configured email must already exist as an active LOOP user with the right company memberships and product access. Send the key as X-LOOP-API-KEY. Do not expose this key in public browser JavaScript, React, Vue, or mobile app code.

curl https://loopbackend.duckdns.org/api/v1/companies/ \
  -H "X-LOOP-API-KEY: <internal_key>" \
  -H "X-Company-ID: 001" \
  -H "X-LOOP-APP-ID: loop-booking-web"

Auth Endpoints

MethodProductPathDescription
POST/api/v1/auth/register/Create a user account and optional company.
POST/api/v1/auth/login/Get JWT access and refresh tokens.
POST/api/v1/auth/logout/Blacklist a refresh token.
POST/api/v1/auth/refresh/Refresh an access token.
GET/api/v1/auth/me/View current user, profile, and company access.
POST/api/v1/auth/password-reset/Password reset placeholder.
POST/api/v1/auth/invite-user/Invite a user into a company.
POST/api/v1/auth/accept-invitation/Accept a company/workspace invitation.

Core Ecosystem Endpoints

MethodProductPathDescription
GET/POST/api/v1/companies/Companies visible to the current user.
GET/POST/api/v1/branches/Tenant branches.
GET/POST/api/v1/workspaces/Company workspaces.
GET/POST/api/v1/products/LOOP product catalog. Super admin write access.
GET/POST/api/v1/subscription-plans/Product subscription plans.
GET/POST/api/v1/company-subscriptions/Company product subscriptions.
GET/POST/api/v1/roles/Company roles.
GET/POST/api/v1/permissions/Shared permission catalog.
GET/POST/api/v1/memberships/User-company memberships.
GET/POST/api/v1/developer-profiles/Developer identities for Frederic, Gustave, and future builders.
GET/POST/api/v1/api-client-apps/Frontend or backend app identities such as loop-booking-web.
GET/POST/api/v1/internal-api-keys/Hashed server-side API keys. Never expose these in public clients.
GET/POST/api/v1/product-access/Per-user product access under a company membership.
GET/api/v1/audit-logs/Tenant-filtered audit logs.

Product APIs

Most product resources support GET, POST, detail GET, PUT/PATCH, and soft-delete DELETE through DRF ViewSets.

ai

  • GET/POST /api/v1/ai/usage-logs/ UsageLog
  • GET/POST /api/v1/ai/prompt-templates/ PromptTemplate
  • GET/POST /api/v1/ai/insights/ Insight

attendance

  • GET/POST /api/v1/attendance/sessions/ Session
  • GET/POST /api/v1/attendance/records/ Record

autism-support

  • GET/POST /api/v1/autism-support/intake-forms/ IntakeForm
  • GET/POST /api/v1/autism-support/family-surveys/ FamilySurvey
  • GET/POST /api/v1/autism-support/community-referrals/ CommunityReferral
  • GET/POST /api/v1/autism-support/support-cases/ SupportCase
  • GET/POST /api/v1/autism-support/reports/ Report

booking

  • GET/POST /api/v1/booking/services/ Service
  • GET/POST /api/v1/booking/staff/ Staff
  • GET/POST /api/v1/booking/customers/ Customer
  • GET/POST /api/v1/booking/appointments/ Appointment

care

  • GET/POST /api/v1/care/patients/ Patient
  • GET/POST /api/v1/care/residents/ Resident
  • GET/POST /api/v1/care/appointments/ Appointment
  • GET/POST /api/v1/care/care-notes/ CareNote
  • GET/POST /api/v1/care/medication-records/ MedicationRecord
  • GET/POST /api/v1/care/staff-schedules/ StaffSchedule

chat

  • GET/POST /api/v1/chat/workspaces/ ChatWorkspace
  • GET/POST /api/v1/chat/channels/ Channel
  • GET/POST /api/v1/chat/conversations/ Conversation
  • GET/POST /api/v1/chat/messages/ Message
  • GET/POST /api/v1/chat/attachments/ Attachment
  • GET/POST /api/v1/chat/participants/ Participant
  • GET/POST /api/v1/chat/live-widget/ LiveWidget

church

  • GET/POST /api/v1/church/members/ Member
  • GET/POST /api/v1/church/departments/ Department
  • GET/POST /api/v1/church/ministries/ Ministry
  • GET/POST /api/v1/church/events/ Event
  • GET/POST /api/v1/church/donations/ Donation
  • GET/POST /api/v1/church/sermons/ Sermon

cms

  • GET/POST /api/v1/cms/pages/ Page
  • GET/POST /api/v1/cms/posts/ Post
  • GET/POST /api/v1/cms/news/ News
  • GET/POST /api/v1/cms/media/ Media
  • GET/POST /api/v1/cms/testimonials/ Testimonial
  • GET/POST /api/v1/cms/team-members/ TeamMember
  • GET/POST /api/v1/cms/services/ Service
  • GET/POST /api/v1/cms/faqs/ FAQ
  • GET/POST /api/v1/cms/menus/ Menu
  • GET/POST /api/v1/cms/content-blocks/ ContentBlock
  • GET/POST /api/v1/cms/seo-settings/ SEOSetting
  • GET/POST /api/v1/cms/translations/ Translation
  • GET/POST /api/v1/cms/templates/ Template

commerce

  • GET/POST /api/v1/commerce/products/ Product
  • GET/POST /api/v1/commerce/categories/ Category
  • GET/POST /api/v1/commerce/orders/ Order
  • GET/POST /api/v1/commerce/carts/ Cart
  • GET/POST /api/v1/commerce/customers/ Customer

community

  • GET/POST /api/v1/community/groups/ Group
  • GET/POST /api/v1/community/members/ Member
  • GET/POST /api/v1/community/referrals/ Referral
  • GET/POST /api/v1/community/announcements/ Announcement

crm

  • GET/POST /api/v1/crm/customers/ Customer
  • GET/POST /api/v1/crm/leads/ Lead
  • GET/POST /api/v1/crm/deals/ Deal
  • GET/POST /api/v1/crm/followups/ FollowUp
  • GET/POST /api/v1/crm/notes/ Note

cybertrust

  • GET/POST /api/v1/cybertrust/organizations/ Organization
  • GET/POST /api/v1/cybertrust/digital-assets/ DigitalAsset
  • GET/POST /api/v1/cybertrust/authorized-assets/ AuthorizedAsset
  • GET/POST /api/v1/cybertrust/client-connectors/ ClientConnector
  • GET/POST /api/v1/cybertrust/findings/ Finding
  • GET/POST /api/v1/cybertrust/compliance-reports/ ComplianceReport

desk

  • GET/POST /api/v1/desk/tickets/ Ticket
  • GET/POST /api/v1/desk/ticket-comments/ TicketComment
  • GET/POST /api/v1/desk/complaints/ Complaint
  • GET/POST /api/v1/desk/knowledge-base/ KnowledgeBase

dev

  • GET/POST /api/v1/dev/projects/ Project
  • GET/POST /api/v1/dev/repositories/ Repository
  • GET/POST /api/v1/dev/deployments/ Deployment
  • GET/POST /api/v1/dev/integrations/github/ GitHubIntegration
  • GET/POST /api/v1/dev/integrations/vercel/ VercelIntegration

docs

  • GET/POST /api/v1/docs/templates/ Template
  • GET/POST /api/v1/docs/documents/ Document

donations

  • GET/POST /api/v1/donations/campaigns/ Campaign
  • GET/POST /api/v1/donations/donors/ Donor
  • GET/POST /api/v1/donations/donations/ Donation
  • GET/POST /api/v1/donations/receipts/ Receipt

events

  • GET/POST /api/v1/events/events/ Event
  • GET/POST /api/v1/events/tickets/ Ticket
  • GET/POST /api/v1/events/registrations/ Registration

fashion

  • GET/POST /api/v1/fashion/products/ Product
  • GET/POST /api/v1/fashion/collections/ Collection
  • GET/POST /api/v1/fashion/orders/ Order
  • GET/POST /api/v1/fashion/inventory/ Inventory

files

  • GET/POST /api/v1/files/assets/ FileAsset

fleet

  • GET/POST /api/v1/fleet/vehicles/ Vehicle
  • GET/POST /api/v1/fleet/drivers/ Driver
  • GET/POST /api/v1/fleet/trips/ Trip
  • GET/POST /api/v1/fleet/maintenance/ Maintenance
  • GET/POST /api/v1/fleet/fuel-records/ FuelRecord

forms

  • GET/POST /api/v1/forms/forms/ Form
  • GET/POST /api/v1/forms/questions/ Question
  • GET/POST /api/v1/forms/responses/ Response
  • GET/POST /api/v1/forms/approvals/ Approval

furniture

  • GET/POST /api/v1/furniture/products/ Product
  • GET/POST /api/v1/furniture/showrooms/ Showroom
  • GET/POST /api/v1/furniture/orders/ Order
  • GET/POST /api/v1/furniture/deliveries/ Delivery

government

  • GET/POST /api/v1/government/services/ Service
  • GET/POST /api/v1/government/citizen-reports/ CitizenReport
  • GET/POST /api/v1/government/feedback/ Feedback
  • GET/POST /api/v1/government/institution-dashboards/ InstitutionDashboard

health

  • GET/POST /api/v1/health/patients/ Patient
  • GET/POST /api/v1/health/appointments/ Appointment
  • GET/POST /api/v1/health/referrals/ Referral
  • GET/POST /api/v1/health/reports/ Report

hospitality

  • GET/POST /api/v1/hospitality/rooms/ Room
  • GET/POST /api/v1/hospitality/reservations/ Reservation
  • GET/POST /api/v1/hospitality/menus/ Menu
  • GET/POST /api/v1/hospitality/orders/ Order
  • GET/POST /api/v1/hospitality/tables/ Table

inventory

  • GET/POST /api/v1/inventory/items/ Item
  • GET/POST /api/v1/inventory/warehouses/ Warehouse
  • GET/POST /api/v1/inventory/stock-movements/ StockMovement
  • GET/POST /api/v1/inventory/suppliers/ Supplier

jobs

  • GET/POST /api/v1/jobs/posts/ Post
  • GET/POST /api/v1/jobs/applications/ Application
  • GET/POST /api/v1/jobs/candidates/ Candidate
  • GET/POST /api/v1/jobs/interviews/ Interview

logistics

  • GET/POST /api/v1/logistics/shipments/ Shipment
  • GET/POST /api/v1/logistics/deliveries/ Delivery
  • GET/POST /api/v1/logistics/drivers/ Driver
  • GET/POST /api/v1/logistics/dispatch/ Dispatch

media

  • GET/POST /api/v1/media/articles/ Article
  • GET/POST /api/v1/media/videos/ Video
  • GET/POST /api/v1/media/categories/ Category
  • GET/POST /api/v1/media/publications/ Publication

mining

  • GET/POST /api/v1/mining/sites/ Site
  • GET/POST /api/v1/mining/assets/ Asset
  • GET/POST /api/v1/mining/production-records/ ProductionRecord
  • GET/POST /api/v1/mining/compliance-documents/ ComplianceDocument
  • GET/POST /api/v1/mining/community-programs/ CommunityProgram

ngo

  • GET/POST /api/v1/ngo/beneficiaries/ Beneficiary
  • GET/POST /api/v1/ngo/programs/ Program
  • GET/POST /api/v1/ngo/donors/ Donor
  • GET/POST /api/v1/ngo/field-reports/ FieldReport
  • GET/POST /api/v1/ngo/impact-reports/ ImpactReport

notifications

  • GET/POST /api/v1/notifications/ Notification
  • GET/POST /api/v1/notifications/templates/ NotificationTemplate

payments

  • GET/POST /api/v1/payments/invoices/ Invoice
  • GET/POST /api/v1/payments/invoice-items/ InvoiceItem
  • GET/POST /api/v1/payments/transactions/ Transaction
  • GET/POST /api/v1/payments/receipts/ Receipt
  • GET/POST /api/v1/payments/payment-links/ PaymentLink

portfolio

  • GET/POST /api/v1/portfolio/projects/ Project
  • GET/POST /api/v1/portfolio/case-studies/ CaseStudy
  • GET/POST /api/v1/portfolio/client-feedback/ ClientFeedback

pos

  • GET/POST /api/v1/pos/sales/ Sale
  • GET/POST /api/v1/pos/registers/ Register
  • GET/POST /api/v1/pos/receipts/ Receipt

property

  • GET/POST /api/v1/property/properties/ Property
  • GET/POST /api/v1/property/tenants/ Tenant
  • GET/POST /api/v1/property/rentals/ Rental
  • GET/POST /api/v1/property/maintenance/ Maintenance

protector

  • GET/POST /api/v1/protector/items/ Item
  • GET/POST /api/v1/protector/categories/ Category
  • GET/POST /api/v1/protector/serials/ Serial
  • GET/POST /api/v1/protector/ownership-records/ OwnershipRecord
  • GET/POST /api/v1/protector/recovery-cases/ RecoveryCase
  • GET/POST /api/v1/protector/verification-requests/ VerificationRequest

reports

  • GET/POST /api/v1/reports/reports/ Report
  • GET/POST /api/v1/reports/exports/ ReportExport

review

  • GET/POST /api/v1/review/review-links/ ReviewLink
  • GET/POST /api/v1/review/testimonials/ Testimonial
  • GET/POST /api/v1/review/ratings/ Rating
  • GET/POST /api/v1/review/approvals/ Approval

school

  • GET/POST /api/v1/school/students/ Student
  • GET/POST /api/v1/school/teachers/ Teacher
  • GET/POST /api/v1/school/attendance/ Attendance
  • GET/POST /api/v1/school/fees/ Fee
  • GET/POST /api/v1/school/exams/ Exam
  • GET/POST /api/v1/school/parents/ Parent

security

  • GET/POST /api/v1/security/organizations/ Organization
  • GET/POST /api/v1/security/assets/ Asset
  • GET/POST /api/v1/security/findings/ Finding
  • GET/POST /api/v1/security/risk-reports/ RiskReport

sponsorships

  • GET/POST /api/v1/sponsorships/sponsors/ Sponsor
  • GET/POST /api/v1/sponsorships/beneficiaries/ Beneficiary
  • GET/POST /api/v1/sponsorships/sponsorships/ Sponsorship
  • GET/POST /api/v1/sponsorships/reports/ Report

status

  • GET/POST /api/v1/status/services/ ServiceStatus
  • GET/POST /api/v1/status/incidents/ Incident
  • GET/POST /api/v1/status/maintenance/ MaintenanceWindow

support

  • GET/POST /api/v1/support/articles/ Article
  • GET/POST /api/v1/support/tutorials/ Tutorial
  • GET/POST /api/v1/support/requests/ SupportRequest

tasks

  • GET/POST /api/v1/tasks/projects/ Project
  • GET/POST /api/v1/tasks/tasks/ Task
  • GET/POST /api/v1/tasks/comments/ Comment
  • GET/POST /api/v1/tasks/approvals/ Approval
  • GET/POST /api/v1/tasks/integrations/ TaskIntegration

youth

  • GET/POST /api/v1/youth/programs/ Program
  • GET/POST /api/v1/youth/trainees/ Trainee
  • GET/POST /api/v1/youth/mentors/ Mentor
  • GET/POST /api/v1/youth/training-progress/ TrainingProgress

Action and Connection Endpoints

These endpoints represent workflow actions or product-to-product connection points, such as booking-to-invoice, chat summaries, CMS publishing, and Protector recovery updates.

MethodProductPathName
ACTION/api/v1/booking/calendar/booking-calendar
ACTION/api/v1/booking/appointments/<int:pk>/create-invoice/booking-create-invoice
ACTION/api/v1/payments/reports/payments-reports
ACTION/api/v1/pos/daily-summary/pos-daily-summary
ACTION/api/v1/attendance/qr-check-in/attendance-qr-check-in
ACTION/api/v1/attendance/reports/attendance-reports
ACTION/api/v1/events/check-in/events-check-in
ACTION/api/v1/docs/generate-pdf/docs-generate-pdf
ACTION/api/v1/docs/export-excel/docs-export-excel
ACTION/api/v1/notifications/send-email/notifications-send-email
ACTION/api/v1/notifications/send-sms/notifications-send-sms
ACTION/api/v1/ai/chat/ai-chat
ACTION/api/v1/ai/generate-report/ai-generate-report
ACTION/api/v1/ai/business-advice/ai-business-advice
ACTION/api/v1/ai/summarize/ai-summarize
ACTION/api/v1/ai/document/ai-document
ACTION/api/v1/chat/messages/<int:pk>/react/chat-message-react
ACTION/api/v1/chat/conversations/<int:pk>/summarize/chat-conversation-summarize
ACTION/api/v1/chat/ai-reply/chat-ai-reply
ACTION/api/v1/chat/search/chat-search
ACTION/api/v1/protector/items/<int:pk>/report-lost/protector-report-lost
ACTION/api/v1/protector/items/<int:pk>/report-stolen/protector-report-stolen
ACTION/api/v1/protector/items/<int:pk>/mark-found/protector-mark-found
ACTION/api/v1/protector/items/<int:pk>/mark-recovered/protector-mark-recovered
ACTION/api/v1/protector/items/<int:pk>/transfer-ownership/protector-transfer-ownership
ACTION/api/v1/protector/public-verify/<str:protector_id>/protector-public-verify
ACTION/api/v1/protector/search/protector-search
ACTION/api/v1/protector/reports/protector-reports
ACTION/api/v1/cms/pages/<int:pk>/publish/cms-page-publish
ACTION/api/v1/cms/pages/<int:pk>/archive/cms-page-archive
ACTION/api/v1/cms/public/pages/cms-public-pages
ACTION/api/v1/cms/public/posts/cms-public-posts
ACTION/api/v1/cms/public/news/cms-public-news

Brand Assets

Use these shared assets across LOOP apps, API docs, admin tools, public pages, and mobile clients.

/assets/brand/loop-logo.png

/assets/brand/loop-logo-transparent.png

/assets/brand/loop-wordmark-transparent.png

/assets/brand/loop-favicon-mark.png

/favicon.ico redirects to /assets/icons/favicon.ico

/apple-touch-icon.png redirects to /assets/icons/apple-touch-icon.png

/api/assets/ returns the full asset manifest with absolute URLs.