Advanced Multi-Tenant Business Incubation Management Platform
https://api-incubator.pretix.co.za/api/v1
All protected routes require a Bearer JWT token in the Authorization header:
Authorization: Bearer <your_access_token>
{
"status": "success" | "error",
"message": "Human readable message",
"data": { ... } | [ ... ],
"pagination": { // present on list endpoints
"total": 100,
"per_page": 20,
"current_page": 1,
"last_page": 5
}
}
| Param | Description | Default |
|---|---|---|
page | Page number | 1 |
per_page | Items per page (max 100) | 20 |
sort | Column to sort by | created_at |
order | ASC or DESC | DESC |
POST /api/v1/auth/register-tenant
Content-Type: application/json
{
"tenant_name": "My Incubator",
"tenant_email": "admin@myincubator.co.za",
"first_name": "John",
"last_name": "Doe",
"email": "john@myincubator.co.za",
"password": "SecurePassword123!"
}
POST /api/v1/auth/login
Content-Type: application/json
{
"email": "john@myincubator.co.za",
"password": "SecurePassword123!"
}
Each incubator is a tenant. Full isolation of all data per tenant.
Multi-role RBAC with granular per-module permissions. Assign custom roles.
Create and manage incubation programmes. Track start/end dates, status and businesses.
Full business profiles, owner/assignee tracking, milestones and progress.
Track sponsors, link them to cohorts or individual businesses with funding amounts.
Custom resource types (laptops, grants, interns, loans). Assign and return with full history.
Create budgets with line items, approve them, track planned vs actual spend.
Send structured requests to business owners/assignees. Track status, add comments.
Dashboard, cohort reports, business reports, resource utilisation, budget variance.
Every create/update/delete is logged with old/new values, user, IP and timestamp.
| Method | Endpoint | Description | Auth |
|---|---|---|---|
| POST | /auth/register-tenant | Register a new incubator + admin user | โ |
| POST | /auth/login | Login with email, password and tenant_id | โ |
| POST | /auth/refresh | Refresh access token | โ |
| POST | /auth/forgot-password | Request password reset | โ |
| POST | /auth/reset-password | Reset password with token | โ |
| GET | /auth/me | Get current user + permissions | โ |
| PUT | /auth/me | Update own profile | โ |
| PUT | /auth/change-password | Change own password | โ |
| POST | /auth/logout | Logout (revokes refresh token) | โ |
| Method | Endpoint | Description | Permission |
|---|---|---|---|
| GET | /tenants | List all tenants | tenants.view |
| POST | /tenants | Create tenant | tenants.create |
| GET | /tenants/{id} | Get tenant + stats | tenants.view |
| PUT | /tenants/{id} | Update tenant | tenants.update |
| DELETE | /tenants/{id} | Delete tenant (soft) | tenants.delete |
| Method | Endpoint | Description | Permission |
|---|---|---|---|
| GET | /users | List users | users.view |
| POST | /users | Create user | users.create |
| GET | /users/{id} | Get user + roles | users.view |
| PUT | /users/{id} | Update user | users.update |
| DELETE | /users/{id} | Delete user | users.delete |
| POST | /users/{id}/roles | Assign role | users.manage_roles |
| DELETE | /users/{id}/roles/{roleId} | Remove role | users.manage_roles |
| POST | /users/{id}/reset-password | Admin reset password | users.update |
| GET | /permissions | List all permissions grouped by module | roles.view |
| GET | /roles | List roles | roles.view |
| POST | /roles | Create role with permissions | roles.create |
| GET | /roles/{id} | Get role + permissions | roles.view |
| PUT | /roles/{id} | Update role + sync permissions | roles.update |
| DELETE | /roles/{id} | Delete custom role | roles.delete |
super_admin tenant_admin manager mentor business_owner assignee
| Method | Endpoint | Description | Permission |
|---|---|---|---|
| GET | /cohorts | List cohorts (filter: status) | cohorts.view |
| POST | /cohorts | Create cohort | cohorts.create |
| GET | /cohorts/{id} | Get cohort + business count | cohorts.view |
| PUT | /cohorts/{id} | Update cohort | cohorts.update |
| DELETE | /cohorts/{id} | Delete cohort | cohorts.delete |
| GET | /cohorts/{id}/businesses | Businesses in cohort | cohorts.view |
| GET | /cohorts/{id}/sponsors | Sponsors linked to cohort | cohorts.view |
| Method | Endpoint | Description | Permission |
|---|---|---|---|
| GET | /businesses | List businesses (filter: cohort_id, status, sector) | businesses.view |
| POST | /businesses | Create business | businesses.create |
| GET | /businesses/{id} | Get business + owner + assignees + resource count | businesses.view |
| PUT | /businesses/{id} | Update business | businesses.update |
| DELETE | /businesses/{id} | Delete business | businesses.delete |
| GET | /businesses/{id}/assignees | List assignees | businesses.view |
| POST | /businesses/{id}/assignees | Add assignee | businesses.manage_assignees |
| DELETE | /businesses/{id}/assignees/{userId} | Remove assignee | businesses.manage_assignees |
| GET | /businesses/{id}/milestones | List milestones | milestones.view |
| POST | /businesses/{id}/milestones | Create milestone | milestones.manage |
| PUT | /businesses/{id}/milestones/{milestoneId} | Update milestone / progress | milestones.manage |
| Method | Endpoint | Description | Permission |
|---|---|---|---|
| GET | /sponsors | List sponsors | sponsors.view |
| POST | /sponsors | Create sponsor/funder | sponsors.create |
| GET | /sponsors/{id} | Get sponsor + linked cohorts/businesses | sponsors.view |
| PUT | /sponsors/{id} | Update sponsor | sponsors.update |
| DELETE | /sponsors/{id} | Delete sponsor | sponsors.delete |
| POST | /sponsors/{id}/cohorts | Link sponsor to cohort (with amount) | sponsors.update |
| DELETE | /sponsors/{id}/cohorts/{cohortId} | Unlink from cohort | sponsors.update |
| POST | /sponsors/{id}/businesses | Link sponsor to business | sponsors.update |
| DELETE | /sponsors/{id}/businesses/{businessId} | Unlink from business | sponsors.update |
sponsorfunderdonorinvestorgovernmentngoother
First create Resource Types (e.g. Laptop, Grant, Intern, Loan), then create Resources of that type and assign them to businesses.
| Method | Endpoint | Description | Permission |
|---|---|---|---|
| GET | /resource-types | List resource types | resources.view |
| POST | /resource-types | Create type (Laptop, Grant, etc.) | resource_types.manage |
| PUT | /resource-types/{id} | Update type | resource_types.manage |
| DELETE | /resource-types/{id} | Delete type | resource_types.manage |
| GET | /resources | List all resources (filter: status, resource_type_id) | resources.view |
| POST | /resources | Add resource to inventory | resources.create |
| GET | /resources/{id} | Get resource + type | resources.view |
| PUT | /resources/{id} | Update resource | resources.update |
| DELETE | /resources/{id} | Delete resource | resources.delete |
| GET | /resources/{id}/assignments | History of assignments | resources.view |
| POST | /resources/{id}/assign | Assign resource to business/user | resources.assign |
| POST | /resources/assignments/{assignmentId}/return | Mark resource as returned | resources.assign |
physicalfinancialhumanserviceother
| Method | Endpoint | Description | Permission |
|---|---|---|---|
| GET | /budgets | List budgets (filter: status, cohort_id, business_id) | budgets.view |
| POST | /budgets | Create budget | budgets.create |
| GET | /budgets/{id} | Get budget + line items + totals | budgets.view |
| PUT | /budgets/{id} | Update budget (draft only) | budgets.update |
| DELETE | /budgets/{id} | Delete budget | budgets.delete |
| POST | /budgets/{id}/approve | Approve budget | budgets.approve |
| POST | /budgets/{id}/items | Add line item | budgets.update |
| PUT | /budgets/{id}/items/{itemId} | Update line item (actual spend) | budgets.update |
| DELETE | /budgets/{id}/items/{itemId} | Remove line item | budgets.update |
| Method | Endpoint | Description | Permission |
|---|---|---|---|
| GET | /requests | List requests (filter: status, priority, business_id, assigned_to) | requests.view |
| POST | /requests | Create request to business/assignee | requests.create |
| GET | /requests/{id} | Get request + comments + relations | requests.view |
| PUT | /requests/{id} | Update request | requests.update |
| DELETE | /requests/{id} | Delete request | requests.delete |
| POST | /requests/{id}/status | Update status (with response text) | requests.respond |
| GET | /requests/{id}/comments | Get comments thread | requests.view |
| POST | /requests/{id}/comments | Add comment (internal flag supported) | requests.respond |
pendingacknowledgedin_progresscompletedrejected
| Method | Endpoint | Description | Permission |
|---|---|---|---|
| GET | /reports/dashboard | Overall KPI dashboard for the tenant | reports.view |
| GET | /reports/cohorts/{id} | Full cohort report (businesses, sponsors, budgets, resources, milestones) | reports.view |
| GET | /reports/businesses/{id} | Full business report (resources assigned, milestones, requests, budgets) | reports.view |
| GET | /reports/resources | Resource utilisation report by type/category | reports.view |
| GET | /reports/budgets | Budget variance report (planned vs actual) | reports.view |
Every create, update, delete, login, logout, password reset and permission denial is automatically recorded with: who, what, when, from where, old values and new values.
| Method | Endpoint | Description | Permission |
|---|---|---|---|
| GET | /audit-logs | Full audit log (filter: action, module, entity_type, user_id, from, to) | audit.view |
| GET | /audit-logs/{entityType}/{entityId} | Audit trail for a specific entity | audit.view |
{
"id": 123,
"tenant_id": "uuid",
"user_id": "uuid",
"user_email": "admin@example.com",
"action": "update",
"module": "businesses",
"entity_type": "business",
"entity_id": "uuid",
"description": "Business updated: Acme Corp",
"old_values": { "status": "active", "employees_count": 3 },
"new_values": { "status": "graduated", "employees_count": 3 },
"ip_address": "196.25.1.100",
"user_agent": "Mozilla/5.0 ...",
"request_method": "PUT",
"request_path": "/api/v1/businesses/uuid",
"created_at": "2026-03-05T14:32:00+02:00"
}