Documentation | Badawy Nexus

Welcome to Badawy Nexus Documentation

This documentation is the operating guide for understanding how the platform should be used, configured, secured, and supported. It is written for real users, not just developers.

Clear Guides

Step-by-step explanations for account setup, dashboards, modules, billing, and security.

Multi-Tenant SaaS

Each organization uses its own workspace, users, modules, permissions, records, and reports.

Security-Aware

Explains login safety, roles, audit logs, backend validation, data handling, and compliance controls.

Developer Ready

Includes API guidance, authentication concepts, webhook expectations, and safe integration practices.

Quick Start

Use this process to start correctly and avoid the classic “why is my dashboard angry at me?” problem.

1

Create Organization

Register your business, school, or institution with accurate owner and contact details.

2

Verify Access

Confirm email, secure login credentials, and keep the business ID safe.

3

Choose Modules

Enable modules such as students, finance, HR, reports, subscriptions, inventory, or messages.

4

Operate Live

Use backend-connected forms, real database records, audit logs, and permission-based actions.

Best practice: Configure users, roles, subscription state, and organization settings before importing large records.

Accounts, Roles & Access Control

Every account should have a clear role, permission level, and audit history. Sensitive actions must be checked by the backend, not trusted from frontend buttons alone.

Role	Main Responsibility	Control Level
Platform Super Admin	Approves tenants, monitors activity, controls subscriptions, reviews security events, and manages platform-wide settings.	Platform
Organization Owner	Manages company profile, branch settings, staff access, enabled modules, and billing status.	Tenant
Department User	Works only inside assigned modules such as finance, admissions, HR, library, clinic, or reports.	Limited

Platform Modules

Badawy Nexus should document each module by purpose, required data, user roles, workflows, reports, security controls, and expected backend endpoints.

School ERP

Admissions, students, parents, staff, timetable, attendance, exams, finance, library, clinic, transport, reports, and communication.

Open School System →

Business SaaS

Customers, services, staff, sales, branches, tasks, analytics, documents, invoices, and user permissions.

Open Business SaaS →

Finance & Billing

Invoices, receipts, obligations, overpayments, transfers, refunds, payment methods, and audit-ready finance reports.

Open Finance →

Retail POS

Products, stock, sales, purchases, suppliers, customers, branches, reports, and inventory movement tracking.

Open Retail POS →

Property Management

Tenants, houses, rent invoices, contracts, balances, maintenance requests, and property reports.

Open Property →

Security Services

Trust center, access safety, data policies, role control, audit logs, monitoring, and compliance guidance.

Open Security →

School SaaS Documentation

School modules must work from real database records and should update dashboard counts, reports, charts, tables, and audit logs after every saved action.

✓Admissions: Application intake, approval, student conversion, documents, guardian details, and admission status tracking.
✓Students: Profiles, class placement, guardians, documents, attendance, academic history, and status changes.
✓Staff & HR: Teaching and non-teaching staff, contracts, roles, qualifications, departments, and employment status.
✓Finance: Fees, obligations, invoices, payments, overpayments, transfers, balances, refunds, and reports.
✓Timetable: Lessons, rooms, teachers, subjects, conflict checks, corrections, and printable schedules.
✓Reports: Live KPIs, attendance trends, exam performance, finance summaries, and exportable records.

Billing, Subscriptions & Payment Safety

Subscription access must be controlled by backend state: plan key, payment confirmation, renewal date, expiry status, feature limits, and audit records.

Item	Required Behavior	Reason
Plan Selection	Frontend sends only a safe plan key; backend maps it to the real payment provider plan.	Prevents exposed payment IDs and pricing manipulation.
Payment Verification	Subscription activates only after verified provider status or approved manual confirmation.	Prevents fake frontend activation.
Expiry Rules	Expired subscriptions should restrict paid features while keeping account recovery possible.	Protects revenue without locking customers out unfairly.

API Reference

Use this section to guide developers on authentication, endpoint structure, safe request handling, JSON responses, webhooks, errors, and testing.

Example authenticated request

# Example structure. Replace with your production API domain and issued API key.
curl -X GET "https://api.badawynexus.com/v1/tenants" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"

Important: Never expose API keys, database passwords, payment secrets, webhook signing secrets, or admin tokens in public JavaScript or HTML.

Security & Compliance Controls

A SaaS platform must protect accounts, tenant data, financial records, user permissions, uploads, and activity history. Security must be enforced on the backend.

Password Protection

Store passwords with secure hashing. Never store plain passwords. Require strong password rules.

Role-Based Access

Check permissions for every sensitive route, API endpoint, dashboard action, export, and delete request.

Audit Logs

Record successful logins, failed logins, data changes, payment changes, approvals, and suspicious activity.

Tenant Isolation

Every database query must respect tenant boundaries so one organization cannot access another tenant’s records.

Upload Safety

Validate file types, size limits, storage paths, permissions, and malware/security scanning where possible.

Session Safety

Use secure session cookies, expiry, logout controls, rate limits, and suspicious activity checks.

Legal & Policy Readiness

This documentation page does not replace legal advice, but it should guide customers to the correct legal and policy pages. SaaS documentation should be honest, clear, and operationally accurate.

Privacy Policy

Explains how personal data is collected, used, protected, shared, retained, and deleted.

View Privacy Policy →

Terms of Service

Explains user responsibilities, acceptable use, subscriptions, limitations, and platform rules.

View Terms →

Refund Policy

Explains billing corrections, refunds, cancellations, and payment dispute handling.

View Refund Policy →

Security Policy

Explains account protection, data protection, access control, audit logs, and responsible security practices.

View Security Policy →

Troubleshooting

Use this table to solve common setup, login, dashboard, JSON/API, billing, and module problems quickly.

Problem	Likely Cause	Action
Dashboard count does not update	The card is not reading from the backend database after save.	Connect the card to the correct API and refresh the count after successful save.
API returns HTML instead of JSON	Login redirect, Flask error page, wrong route, or backend exception.	Check Network tab, response status, Flask logs, and API route decorators.
Login fails	Wrong credentials, inactive tenant, expired subscription, or pending approval.	Verify email, password, business ID, tenant status, and subscription state.
Payment does not activate plan	Webhook missing, payment not verified, or backend plan mapping incomplete.	Verify provider event, plan key mapping, subscription status, and audit log.

Frequently Asked Questions

Quick answers for customers, administrators, developers, and implementation teams.

Is Badawy Nexus only for schools?

No. It is built as a multi-tenant SaaS platform that can support schools, businesses, property management, retail, hospital workflows, and other organization types.

Should dashboards use hardcoded values?

No. Production dashboards should read live values from authenticated backend APIs and database records. Hardcoded numbers are only acceptable in early design mockups.

Can different business types open different dashboards?

Yes. The correct model is to route each tenant to the dashboard that matches its registered business type and enabled modules.

Who controls subscription activation?

The backend and super admin controls should manage plan activation, renewal, expiry, payment confirmation, and feature limits.