App instances

The App instances API exposes a single read endpoint that returns which E-BON mobile app instances are currently connected to the e-bon backend over WebSocket for the authenticated organization. Each instance is a phone or tablet running the E-BON app that bridges one or more fiscal devices (AMEFs) on the local network to the cloud — the entries listed here are read straight from the in-memory device gateway, so they reflect live connectivity, not Firestore state.

The route lives under /api/v1/app-instances and accepts either an API key (x-api-key / Authorization: Bearer …) or a Portal JWT.

GET /api/v1/app-instances

Returns the list of E-BON mobile app instances currently connected via WebSocket for the authenticated organization. Each entry includes the metadata captured during the WebSocket handshake (appVersion, deviceModel, osVersion, connectedAt) and a deviceName resolved from the Firestore device record — falling back to the raw deviceId if the device document cannot be read.

• Auth scope: devices:read

Response (200 OK)

{
  "instances": [
    {
      "deviceId": "dev_pos_01",
      "deviceName": "Tejghea POS 1",
      "appVersion": "2.4.1",
      "deviceModel": "Samsung Galaxy Tab A8",
      "osVersion": "Android 14",
      "connectedAt": "2026-04-09T08:00:00.000Z",
      "connectedDevices": []
    }
  ]
}

Example

curl https://api.e-bon.ro/api/v1/app-instances \
  -H "x-api-key: ebon_live_acme_corp_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"

Error codes

• UNAUTHORIZED / FORBIDDEN — see Authentication › Handle auth errors.

The full HTTP catalogue is on API overview › HTTP error code catalogue.

See also

• Devices — manage the fiscal devices these app instances bridge to.
• Authentication — scope catalogue (devices:read is documented here).
• API overview — base URL, error envelope, rate limits, idempotency, pagination.