Staff API

Endpoints for managing user accounts, staff roles and permissions, and staff scheduling.

Users

Get current user data

GET /user

Returns user data including locations, permissions, and settings

Responses

Code	Description
`200`	User data retrieved successfully
`401`	Unauthorized
`500`	Internal server error

Create a new user

POST /user

Creates a new user via Auth0 and stores the record in DynamoDB

Request body

Field	Type	Required
`email`	string	Yes
`customerId`	string	Yes
`name`	string	Yes
`role`	string	No
`permissions`	array	No
`locations`	array	No
`userSkills`	array	No

Responses

Code	Description
`201`	User created successfully
`400`	Missing required fields
`500`	Internal server error

Update current user

PATCH /user

Updates the authenticated user's record in DynamoDB

Request body

Field	Type	Required
`profileName`	string	No
`locations`	array	No
`userPermissions`	array	No
`userSkills`	array	No

Responses

Code	Description
`200`	User updated successfully
`401`	Unauthorized
`500`	Internal server error

Delete a user

DELETE /user

Deletes the user from Auth0 and DynamoDB

Request body

Field	Type	Required	Description
`id`	string	Yes	The user ID to delete

Responses

Code	Description
`200`	User deleted successfully
`400`	User ID is required
`500`	Internal server error

Accept terms and conditions

POST /user/accept-terms

Records the user's acceptance of terms of service, provider terms, and privacy policy

Responses

Code	Description
`200`	Terms accepted successfully
`401`	Unauthorized
`500`	Internal server error

Check if user needs to accept terms

GET /user/terms-status

Returns whether the user has accepted the current version of terms

Responses

Code	Description
`200`	Terms status retrieved
`401`	Unauthorized

Download user's personal data as PDF

GET /user/export/my-data

Exports all personal data associated with the authenticated user as a formatted PDF (GDPR/privacy compliance)

Responses

Code	Description
`200`	User data exported successfully as PDF
`401`	Unauthorized
`500`	Internal server error

Get audit logs for a specific user

GET /user/{userId}/audit-logs

Returns activity logs for a user (requires admin permissions)

Parameters

Name	In	Type	Required
`userId`	path	string	Yes
`limit`	query	integer	No
`offset`	query	integer	No

Responses

Code	Description
`200`	Audit logs retrieved successfully
`401`	Unauthorized
`403`	Forbidden - insufficient permissions
`500`	Internal server error

Register an Expo push token

POST /user/push-token

Stores an Expo push token for the authenticated user to enable push notifications

Request body

Field	Type	Required	Description
`token`	string	Yes	The Expo push token (e.g. ExponentPushToken[xxx])

Responses

Code	Description
`200`	Push token registered successfully
`400`	Token is required
`401`	Unauthorized
`500`	Internal server error

Remove an Expo push token

DELETE /user/push-token

Removes an Expo push token for the authenticated user

Request body

Field	Type	Required	Description
`token`	string	Yes	The Expo push token to remove

Responses

Code	Description
`200`	Push token removed successfully
`400`	Token is required
`401`	Unauthorized
`500`	Internal server error

User Management

Get users by customer ID

GET /userManagement

Retrieves all users associated with a customer ID. If no customerId is provided, uses the authenticated user's customerId.

Parameters

Name	In	Type	Required	Description
`customerId`	query	string	No	Customer ID to query users for

Responses

Code	Description
`200`	Users retrieved successfully
`400`	Customer ID not found for the authenticated user
`401`	Unauthorized
`404`	User not found
`500`	Internal server error

Create a new user

POST /userManagement

Creates a new user via Auth0 and stores the record in DynamoDB

Request body

Field	Type	Required
`email`	string	Yes
`customerId`	string	Yes
`name`	string	Yes
`userRole`	string	No
`permissions`	array	No
`locations`	array	No
`userSkills`	array	No
`isSetup`	boolean	No

Responses

Code	Description
`201`	User created successfully
`400`	Missing required fields
`409`	User already exists
`500`	Internal server error

Update a user

PATCH /userManagement

Updates the user record in DynamoDB

Request body

Field	Type	Required	Description
`id`	string	Yes	User ID to update

Responses

Code	Description
`200`	User updated successfully
`400`	User ID is required
`500`	Internal server error

Delete a user

DELETE /userManagement

Deletes the user from Auth0 and DynamoDB

Request body

Field	Type	Required	Description
`id`	string	Yes	User ID to delete

Responses

Code	Description
`200`	User deleted successfully
`400`	User ID is required
`500`	Internal server error

Find available phone numbers

POST /userManagement/find-phone-numbers

Searches for available phone numbers by country and area code

Request body

Field	Type	Required	Description
`country`	string	Yes	Country code
`areaCode`	string	Yes	Area code to search

Responses

Code	Description
`200`	Available numbers retrieved successfully
`400`	Country and area code are required
`500`	Internal server error

Purchase a phone number

POST /userManagement/purchase-phone-number

Purchases a phone number and assigns it to a location with default IVR configuration

Request body

Field	Type	Required	Description
`phoneNumber`	string	Yes	Phone number to purchase
`locationId`	string	Yes	Location ID to assign the number to

Responses

Code	Description
`200`	Phone number purchased successfully
`400`	Phone number and locationId are required
`500`	Internal server error

Resend staff invitation email

POST /userManagement/{id}/resend-invitation

Sends a password change email to the staff member so they can set their password

Parameters

Name	In	Type	Required	Description
`id`	path	string	Yes	User ID

Responses

Code	Description
`200`	Invitation email sent successfully
`404`	User not found
`500`	Internal server error

Staff Schedule

Create a new staff schedule

POST /staffSchedule

Creates a new schedule entry for a staff member at a location

Request body

Field	Type	Required	Description
`customerId`	string	Yes
`locationId`	string	Yes
`staffId`	string	Yes
`startTime`	string	Yes
`endTime`	string	Yes
`recurring`	boolean	No
`recurrencePattern`	object	No	Pattern for recurring schedules
`templateId`	string	No

Responses

Code	Description
`201`	Schedule created successfully
`400`	Missing required fields
`500`	Server error

Get staff schedules

GET /staffSchedule

Retrieves schedules by locationId or customerId

Parameters

Name	In	Type	Required	Description
`locationId`	query	string	No	The location ID (either locationId or customerId required)
`customerId`	query	string	No	The customer ID (either locationId or customerId required)

Responses

Code	Description
`200`	Successfully retrieved schedules
`400`	At least one query parameter required
`500`	Server error

Update a staff schedule

PUT /staffSchedule/{id}

Updates details of an existing staff schedule

Parameters

Name	In	Type	Required	Description
`id`	path	string	Yes	The schedule ID

Request body

Field	Type	Required
`startTime`	string	No
`endTime`	string	No
`recurring`	boolean	No
`recurrencePattern`	object	No

Responses

Code	Description
`200`	Schedule updated successfully
`400`	No fields to update
`500`	Server error

Delete a staff schedule

DELETE /staffSchedule/{id}

Removes a staff schedule. Only the owner (matching customerId) can delete.

Parameters

Name	In	Type	Required	Description
`id`	path	string	Yes	The schedule ID

Responses

Code	Description
`200`	Schedule deleted successfully
`403`	Forbidden - no permission to delete
`404`	Schedule not found
`500`	Server error

Users .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Get current user data .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Create a new user .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Update current user .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Delete a user .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Accept terms and conditions .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Check if user needs to accept terms .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Download user's personal data as PDF .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Get audit logs for a specific user .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Register an Expo push token .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Remove an Expo push token .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

User Management .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Get users by customer ID .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Create a new user .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Update a user .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Delete a user .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Find available phone numbers .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Purchase a phone number .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Resend staff invitation email .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Staff Schedule .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Create a new staff schedule .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Get staff schedules .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Update a staff schedule .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Delete a staff schedule .docs-heading:hover .heading-anchor { opacity: 1; } .heading-anchor:focus { opacity: 1; }

Users

Get current user data

Create a new user

Update current user

Delete a user

Accept terms and conditions

Check if user needs to accept terms

Download user's personal data as PDF

Get audit logs for a specific user

Register an Expo push token

Remove an Expo push token

User Management

Get users by customer ID

Create a new user

Update a user

Delete a user

Find available phone numbers

Purchase a phone number

Resend staff invitation email

Staff Schedule

Create a new staff schedule

Get staff schedules

Update a staff schedule

Delete a staff schedule