Introduction
The Qeei is a B2B SaaS (Software-as-a-Service) platform designed to digitize and streamline the asset valuation process. It operates as a multi-tenant system, meaning a single instance of the software serves multiple companies (tenants), with each company's data kept isolated.
The core concept is to move valuation companies away from manual, paper-based, and Excel-driven workflows to a centralized, online system that manages the entire lifecycle of a valuation request.
Access Requirements
Before using this API, you must obtain your App Key, Secret Key, and the implementation details for X-SIGNATURE from the system administrator.
All API requests must include these credentials; any request without them will be rejected.
Base API URL
https://qeei-backend-admin-dev.dafa.dev/api/v1Common Errors
A guide to consistent error response formats used across all endpoints.
Error 401 – Unauthorized
The request requires authentication. The user is either not logged in or does not have a valid access token.
Error Response
{
"message": "Unauthorized",
"success": false
}Error 403 – Forbidden
The request was understood, but the server refuses to authorize it. The user does not have permission to perform this action.
Error Response
{
"message": "You are not allowed to perform this action",
"success": false
}Error 404 – Not Found
The requested resource could not be found on the server. It may have been moved or deleted.
Error Response
{
"message": "Resource not found",
"success": false
}Error 405 – Method Not Allowed
The HTTP method used is not supported for this endpoint. Check the allowed request methods.
Error Response
{
"message": "Method not allowed",
"success": false
}Error 419 – Page Expired
The session or CSRF token has expired. Please refresh the page and try again.
Error Response
{
"message": "Page Expired",
"success": false
}Error 422 – Unprocessable Entity
The server understood the request, but the submitted data was invalid. Please review and correct the errors.(Errors may be return array or string)
Error Response
{
"errors": [],
"message": "Validation Error",
"success": false
}Error 500 – Internal Server Error
An unexpected error occurred on the server. Please try again later or contact support.
Error Response
{
"message": "Server Error",
"success": false
}
POST
/api/v1/login
Admin Login
Authenticates an administrator and returns an access token.
Authenticates an administrator and returns an access token.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
Request Body
| Field/Name | Type | Examples |
|---|---|---|
| step | integer | 1 |
| string | admin@base.com | |
| password | string | P@ssw0rd |
Request Validations Or Notes
| Field/Name | Examples |
|---|---|
| step | required, integer, allowed: 1, 2 |
| required, valid email, exists admins,email | |
| password | required if step = 1, StrongPassword |
| otp | required if step = 2, 4 digits |
Success (200 OK)
{
"data": {
"id": 1,
"name": "Admin",
"email": "admin@base.com",
"phone": "000000000000",
"roles": [
{
"id": 1,
"name": "Default Role"
},
{
"id": 2,
"name": "Super Admin Role "
}
],
"avatar": "",
"created_at": "2026-04-26",
"permissions": [
"users-fetch",
"users-create",
"users-read",
"users-update",
"users-delete",
"valuers-fetch",
"valuers-create",
"valuers-read",
"valuers-update",
"valuers-delete",
"requests-fetch",
"requests-create",
"requests-read",
"requests-update",
"requests-delete",
"reports-fetch",
"reports-create",
"reports-read",
"reports-update",
"reports-delete",
"team_management-fetch",
"team_management-create",
"team_management-read",
"team_management-update",
"team_management-delete",
"finance-fetch",
"finance-create",
"finance-read",
"finance-update",
"finance-delete"
]
},
"message": "Welcome Admin",
"success": true
}
POST
/api/v1/forget-password
Forget Password Request
Sends an OTP to the user email for password recovery.
Sends an OTP to the user email for password recovery.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
Request Body
| Field/Name | Type | Examples |
|---|---|---|
| string | admin@base.com |
Request Validations Or Notes
| Field/Name | Examples |
|---|---|
| required, valid email, exists admins,email |
Success (200 OK)
{
"data": {
"token": "SJXwJKTiW6hxnFSn7i7IyScUUYpIQSCM9o5L4qmZBgcHlaNBzQKpe05QPKNrbPIw"
},
"message": "Please check your email",
"success": true
}
POST
/api/v1/verify-forget-password-otp
Verify OTP
Verifies the OTP sent to the user email for password recovery.
Verifies the OTP sent to the user email for password recovery.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
Request Body
| Field/Name | Type | Examples |
|---|---|---|
| otp | string | 1234 |
| string | admin@base.com | |
| token | string | token Key |
Request Validations Or Notes
| Field/Name | Examples |
|---|---|
| phone | required, exists users,phone |
| otp | required, 4 digits |
| token | required, exists users,change_password_token |
Success (200 OK)
{
"data": [],
"message": "Your Otp Verified successfully.",
"success": true
}
POST
/api/v1/reset-password
Reset Password
Updates the user password using the provided OTP and temporary token.
Updates the user password using the provided OTP and temporary token.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
Request Body
| Field/Name | Type | Examples |
|---|---|---|
| otp | string | 1234 |
| string | admin@base.com | |
| token | string | token Key |
| password | string | P@ssw0rd |
Request Validations Or Notes
| Field/Name | Examples |
|---|---|
| phone | required, exists users,phone |
| password | required, StrongPassword |
| otp | required, 4 digits |
Success (200 OK)
{
"data": [],
"message": "Password reset successfully.",
"success": true
}
POST
/api/v1/logout
Admin Logout
Revokes the current access token and logs the user out.
Revokes the current access token and logs the user out.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
| Authorization | string | Authorization Key |
Success (200 OK)
{
"data": [],
"message": "Good by.",
"success": true
}
POST
/api/v1/mobile/users/register
User Register
Registers a new mobile user and triggers an OTP verification.
Initiates registration. User data is temporarily cached until verification.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
Request Body
| Field/Name | Type | Examples |
|---|---|---|
| name | string | New User |
| string | user@example.com | |
| phone | string | 01011112222 |
| password | string | P@ssw0rd123 |
| password_confirmation | string | P@ssw0rd123 |
Request Validations Or Notes
| Field/Name | Examples |
|---|---|
| name | required, string, max 255 |
| phone | required, string, unique users,phone |
| optional, valid email, unique users,email | |
| password | required, confirmed, StrongPassword |
Success (200 OK)
{
"data": {
"otp": 1234
},
"message": "Registration OTP sent.",
"success": true
}
POST
/api/v1/mobile/users/login
User Login
Initializes login for a mobile user by verifying credentials.
Validates phone and password. Returns a Bearer token upon success.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
Request Body
| Field/Name | Type | Examples |
|---|---|---|
| phone | string | 01011112222 |
| password | string | P@ssw0rd123 |
Request Validations Or Notes
| Field/Name | Examples |
|---|---|
| phone | required, string, exists users,phone |
| password | required, string |
Success (200 OK)
{
"data": {
"id": 2,
"name": "New User",
"email": "user@example.com",
"phone": "01011112222",
"token": "9|sfuZemlmUNL6WsRzC5Vw7X6NiiXNxMzA4sFm4I9aff106417",
"avatar": "https:\/\/qeei-backend-admin-dev.dafa.dev\/storage",
"is_active": true,
"created_at": "2026-04-26",
"expires_in": null,
"token_type": "Bearer",
"last_login_at": null
},
"message": "Welcome New User",
"success": true
}
POST
/api/v1/mobile/users/verify
User Verify OTP
Completes the registration or login flow for mobile users by verifying the OTP.
Validates the 6-digit OTP code. For registration, this step persists the user record to the database.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
Request Body
| Field/Name | Type | Examples |
|---|---|---|
| otp | string | 1234 |
| phone | string | 01011112222 |
Request Validations Or Notes
| Field/Name | Examples |
|---|---|
| phone | required, string |
| otp | required, 4 digits |
Success (200 OK)
{
"data": {
"id": 2,
"name": "New User",
"email": "user@example.com",
"phone": "01011112222",
"token": "8|Zu4t0d6ZzPuwyuEyz9zGW4VvEubx27qTy0O4w7s37279fe65",
"avatar": "https:\/\/qeei-backend-admin-dev.dafa.dev\/storage",
"is_active": false,
"created_at": "2026-04-26",
"expires_in": null,
"token_type": "Bearer",
"last_login_at": null
},
"message": "Account verified and created successfully.",
"success": true
}
POST
/api/v1/mobile/users/forget-password
User Forget Password
Sends an OTP to the mobile user phone for password recovery.
Step 1 of password reset: Request an OTP for a registered phone number.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
Request Body
| Field/Name | Type | Examples |
|---|---|---|
| phone | string | 01011112222 |
Request Validations Or Notes
| Field/Name | Examples |
|---|---|
| phone | required, exists users,phone |
Success (200 OK)
{
"data": {
"otp": 1234
},
"message": "OTP for password reset sent.",
"success": true
}
POST
/api/v1/mobile/users/reset-password
User Reset Password
Updates the mobile user password using the provided OTP.
Step 2 of password reset: Provide the OTP and the new password simultaneously.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
Request Body
| Field/Name | Type | Examples |
|---|---|---|
| otp | string | 1234 |
| phone | string | 01011112222 |
| password | string | P@ssw0rd123 |
Request Validations Or Notes
| Field/Name | Examples |
|---|---|
| phone | required, exists users,phone |
| password | required, StrongPassword |
| otp | required, 4 digits |
Success (200 OK)
{
"data": [],
"message": "Password reset successfully.",
"success": true
}
POST
/api/v1/mobile/users/change-password
User Change Password
Updates the password for the authenticated mobile user.
Requires the current (old) password for verification before updating to the new password.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
| Authorization | string | Authorization Key |
Request Body
| Field/Name | Type | Examples |
|---|---|---|
| new_password | string | NewP@ssw0rd123 |
| old_password | string | P@ssw0rd123 |
| new_password_confirmation | string | NewP@ssw0rd123 |
Request Validations Or Notes
| Field/Name | Examples |
|---|---|
| old_password | required |
| new_password | required, StrongPassword |
Success (200 OK)
{
"data": [],
"message": "Password changed successfully.",
"success": true
}
POST
/api/v1/mobile/users/resend-otp
User Resend OTP
Resends a new OTP to the mobile user phone.
Requests a fresh OTP code. Checks both registration cache and database state.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
Request Body
| Field/Name | Type | Examples |
|---|---|---|
| phone | string | 01011112222 |
Request Validations Or Notes
| Field/Name | Examples |
|---|---|
| phone | required, exists users,phone |
Success (200 OK)
{
"data": {
"otp": 1234
},
"message": "OTP resent successfully.",
"success": true
}
GET
/api/v1/mobile/users/profile
User Profile
Retrieves the authenticated mobile user profile.
Retrieves the authenticated mobile user profile.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
| Authorization | string | Authorization Key |
Success (200 OK)
{
"data": {
"id": 1,
"name": "Demo User 2",
"email": "user2@example.com",
"phone": "01011113333",
"token": null,
"avatar": "https:\/\/qeei-backend-admin-dev.dafa.dev\/storage",
"is_active": true,
"created_at": "2026-04-26",
"expires_in": null,
"token_type": "Bearer",
"last_login_at": null
},
"message": "Profile retrieved successfully.",
"success": true
}
POST
/api/v1/mobile/users/profile
User Update Profile
Updates the authenticated mobile user profile with an optional avatar image.
Updates the user's profile details including name, email, phone, and avatar. Avatar must be a valid image.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
| Authorization | string | Authorization Key |
Request Body
| Field/Name | Type | Examples |
|---|---|---|
| name | string | Updated User Name |
| string | updated_email@example.com |
Request Validations Or Notes
| Field/Name | Examples |
|---|---|
| name | sometimes, string, max 255 |
| sometimes, valid email, unique users,email,1 | |
| phone | sometimes, string, unique users,phone,1 |
| avatar | sometimes, image, types: jpeg,png,jpg,gif, max 2048 |
Success (200 OK)
{
"data": {
"id": 1,
"name": "Updated User Name",
"email": "updated_email@example.com",
"phone": "01011113333",
"token": null,
"avatar": "https:\/\/qeei-backend-admin-dev.dafa.dev\/storage",
"is_active": true,
"created_at": "2026-04-26",
"expires_in": null,
"token_type": "Bearer",
"last_login_at": null
},
"message": "Profile updated successfully.",
"success": true
}
POST
/api/v1/mobile/users/refresh-token
User Refresh Token
Issues a new session token for the authenticated mobile user.
Issues a new session token for the authenticated mobile user.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
| Authorization | string | Authorization Key |
Success (200 OK)
{
"data": {
"user": {
"id": 1,
"name": "Updated User Name",
"email": "updated_email@example.com",
"phone": "01011113333",
"token": null,
"avatar": "",
"is_active": true,
"created_at": "2026-04-26T10:19:07.000000Z",
"expires_in": null,
"token_type": "Bearer",
"last_login_at": null
},
"token": "10|J1Jqp9KLZnea6RwS8GW72JNH2yjUXVAv1NHaQ5cLb2a87d99",
"expires_in": null,
"token_type": "Bearer"
},
"message": "New Token",
"success": true
}
POST
/api/v1/mobile/users/logout
User Logout
Logs out the authenticated mobile user and revokes the token.
Logs out the authenticated mobile user and revokes the token.
Headers
| Field/Name | Type | Examples |
|---|---|---|
| Accept | string | application/json |
| X-API-Token | string | X-API-Token Key |
| Content-Type | string | application/json |
| Authorization | string | Authorization Key |
Success (200 OK)
{
"data": [],
"message": "Good by.",
"success": true
}