Tenant isolation
Integrations should never cross tenant boundaries unless a protected platform-owner workflow explicitly allows it.
Integration guidance for connecting FAREXA ERP with modern business systems.
Use this page as a developer-friendly API documentation hub for planned and supported integration patterns across tenant workspaces, leads, support chat, subscriptions, reports, and public website workflows.
API principles
Designed for tenant-safe, permission-aware integrations.
FAREXA ERP integrations should preserve tenant isolation, use public identifiers where exposed to browsers, respect module entitlements, and return clear structured responses for connected applications.
Secure access
Protected APIs should use authenticated access tokens, role checks, permissions, and module entitlement checks.
Public identifiers
Browser-facing links and public APIs should use PublicId, Guid, or secure tokens instead of internal numeric IDs.
Clear responses
ERP actions should return structured success, validation, forbidden, or upgrade-required responses suitable for toast and alert UI.
Endpoint map
Common API areas for ERP and website extensions.
Exact endpoints may depend on deployment and enabled modules, but these categories define how integrations should be organized as the platform grows.
Public flows
Website leads, demo requests, support chat, and inquiry capture.
Protected ERP flows
Tenant workspace APIs should require authentication, permissions, and module access checks.
Integration posture
Plan for webhooks, exports, payment gateways, WhatsApp, mobile apps, and reporting feeds.
Response standard
ERP actions should return structured messages that can appear as top-right toast notifications, alert-style validation, or upgrade-required states.
Public website
Lead capture, demo requests, contact forms
Collect qualified public inquiries and route them into Growth leads without requiring login.
Guest support chat
Conversation start, token read, guest reply
Allow visitors to continue chat securely from the same browser session.
Tenant workspaces
Users, branches, settings, branding
Connect tenant setup workflows while preserving tenant scope and permissions.
Sales and inventory
Orders, invoices, receipts, products, stock
Integrate POS, catalog, inventory movement, and export-ready reporting workflows.
Subscriptions
Plans, entitlements, renewal status
Support plan-aware module access and upgrade flows for tenant workspaces.
Reports
Filtered exports, PDF, Excel-ready data
Expose controlled reporting outputs for dashboards, management packs, and external analytics.
Examples
Integration-ready request patterns.
Use clear JSON payloads, public IDs for browser-facing flows, and structured success or validation responses.
Create a website lead
POST /api/public/leads
Content-Type: application/json
{
"source": "WebsiteContactForm",
"name": "Malik Farhan Ahmed",
"email": "farhan@email.com",
"phone": "+971501234567",
"message": "I want a retail POS demo."
}Start guest support chat
POST /api/v1/support/guest
Content-Type: application/json
{
"fullName": "Omar Ali",
"email": "omar@example.com",
"phoneNumber": "+971551112222",
"message": "Can you help with inventory setup?"
}Read tenant report export
GET /api/tenants/{tenantPublicId}/reports/sales?from=2026-05-01&to=2026-05-31
Authorization: Bearer {access_token}Implementation checklist
What every ERP integration should handle before rollout.
Use this checklist to align technical integration work with tenant security, module access, operational support, and the ERP UI response patterns used across FAREXA.
Authentication
Use secure access tokens for protected APIs and avoid embedding long-lived credentials in browser code.
Tenant scope
Every request that touches ERP data must resolve the intended tenant workspace before reading or writing records.
Permission checks
Respect role-based access and block actions the current user or integration identity is not allowed to perform.
Module entitlements
Check subscription plan access before exposing POS, Inventory, CRM, HR, Fleet, Reports, or other module actions.
Public identifiers
Expose PublicId, Guid, or secure tokens in public URLs and callbacks instead of internal numeric IDs.
Validation errors
Return structured field-level errors that can appear beside inputs and in alert-style UI.
Rate limiting
Protect public endpoints such as leads and support chat from repeated IP, email, or token abuse.
Audit trail
Record meaningful create, update, export, approval, and integration events for operational visibility.
Retry strategy
Design outbound integrations to handle duplicate callbacks, timeouts, and safe retries without double-posting business records.
Toast-ready responses
Return clear success, warning, failure, and upgrade-required messages for top-right toast and breadcrumb/alert UI.
Delivery flow
From request to production-ready integration.
Developer work should move through a predictable flow: define the business event, confirm tenant and permission scope, test payloads, validate error handling, and document support ownership.
Define scope
Document the source system, target module, tenant scope, business event, payload fields, and expected user outcome.
Secure access
Choose authentication, permission checks, module entitlement behavior, and public identifier strategy.
Validate payloads
Test required fields, formats, limits, duplicate handling, and clear validation messages.
Test operations
Run sandbox or staging flows for success, failure, retry, upgrade-required, and unauthorized cases.
Monitor and support
Confirm logs, audit trail, support ownership, notification behavior, and escalation route before production use.
Planning a custom integration?
Share the system, data flow, authentication model, and expected ERP modules so we can guide the right approach.