Support & API Reference for the Stock Audit iOS app.
Stock Audit connects to your own hosted inventory management server. Before signing in you will need:
https://your-api-server.com)Enter these on the Sign In screen and tap Sign In.
To correct a previously submitted count, open the audit from Audit History, then long-press any item row to edit it.
The Valuation Summary shows:
Tap the share icon to export the report as plain text and send it via Mail, Messages, or any other app.
The home screen lists all audits for the current calendar month. Pull down to refresh. Tap any audit to view its item-level detail. Incomplete audits can be resumed by tapping Continue.
The app says "Could Not Connect" on the login screen.
Check that your device is connected to the internet, and that the server URL is reachable. Ensure that the username and password provided are valid and correct.
Can I use the app without a server?
No. Stock Audit is a client app that requires a compatible backend server. Please refer to the Backend API Reference for the required endpoints.
Is my data sent to a third party?
No. All data is transmitted directly between your iPhone and your own server. Stock Audit does not send any data to external services.
How do I add new products or units?
Products and units are managed on the server side. Please refer to your inventory system's documentation or contact your server administrator.
Stock Audit talks to a REST API served from the base URL you configure at sign-in.
All endpoints accept and return JSON.
Authentication is session-based (Django-style): a successful login sets a
sessionid cookie that must be sent with every subsequent request.
POST requests also require a X-CSRFToken header carrying the value of
the csrftoken cookie (obtained after login). The login endpoint itself
is CSRF-exempt.
https://your-api-server.com).
Authenticates the user and opens a session. CSRF-exempt — no token needed for this call.
Request body
"username": "john", "password": "secret"
Success response — HTTP 200
"ok": true, "username": "john", "csrftoken": "abc123..."
Failure response — HTTP 400 / 401
"ok": false, "error": "Invalid credentials."
On success the server must set a Set-Cookie: sessionid=... header (and optionally csrftoken=...). The app stores both cookies and attaches them to all subsequent requests automatically.
Returns the list of categories/locations that can be audited.
Response — HTTP 200
"units": [ { "unitcode": 1, "unitdescription": "Warehouse A" }, ... ]
Creates a new audit session for the given unit and returns its metadata.
Request body
"unit_description": "Warehouse A"
Response — HTTP 200
"audit_id": 42, "unit_description": "Warehouse A", "total_items": 120, "username": "john"
Returns the next product that has not yet been manually counted. When all items have been counted, returns "done": true.
Response — item pending (HTTP 200)
"done": false, "audit_id": 42, "productcode": "P001", "productname": "Paracetamol 500mg", "computer_stock": 100.0, "manual_stock": null
Response — audit complete (HTTP 200)
"done": true
Records the physical count for one product. Can also be called to overwrite an existing count (used by the edit flow).
Request body
"productcode": "P001", "manual_stock": 95.0
Response — HTTP 200
Any JSON body (app ignores it). A 200 status is sufficient.
Returns the current progress counters for an audit.
Response — HTTP 200
"audit_id": 42, "unit_description": "Warehouse A", "completed": 80, "total": 120, "remaining": 40, "username": "john"
"completed" as an integer (item count), not as a boolean.
Returns all audits started within the given date range for the authenticated user.
Response — HTTP 200
"audits": [ { "audit_id": 42, "unit_description": "Warehouse A", "completed": true, "start_datetime": "2026-04-01T09:30:00Z", "end_datetime": "2026-04-01T10:15:00Z", "completed_items": 120, "total_items": 120, "username": "john" }, ... ]
Datetime strings must be ISO 8601 format (e.g. 2026-04-01T09:30:00Z or with fractional seconds).
Returns every item in the audit, including those not yet counted. Used to display the detail table.
Response — HTTP 200
"audit_id": 42, "unit_description": "Warehouse A", "username": "john", "items": [ { "productcode": "P001", "productname": "Paracetamol 500mg", "computer_stock": 100.0, "manual_stock": 95.0 }, { "productcode": "P002", "productname": "Amoxicillin 250mg", "computer_stock": 50.0, "manual_stock": null }, ... ]
manual_stock is null for items not yet counted.
Returns a financial breakdown of all stock discrepancies, using unit prices from the inventory system.
Response — HTTP 200
"audit_id": 42, "unit_description": "Warehouse A", "username": "john", "shortage_items": [ { "productcode": "P001", "productname": "Paracetamol 500mg", "quantity": 5.0, "unit_price": 12.50, "total_value": 62.50 } ], "excess_items": [ ... ], "shortage_total_value": 62.50, "excess_total_value": 0.0
quantity is the absolute difference between manual and system stock. total_value = quantity × unit_price.
Permanently deletes an audit and all its item records.
Request body
Empty (send Content-Type: application/json with an empty body or {}).
Response — HTTP 200
Any JSON body. A 200 status is sufficient.
For any error, the server should return an appropriate HTTP status code and a JSON body in this shape:
"error": "A human-readable description of the error."
sessionid and csrftoken as cookies and automatically attaches them. If you implement the backend with Django, enabling SessionMiddleware and CsrfViewMiddleware covers this out of the box.
If you experience a problem not covered above, please send an email to stockauditapp.ios@gmail.com.