Appearance
Authentication API
All authentication endpoints are prefixed with /api/v1/auth.
Agency Authentication
Authenticates an agency user and returns access and refresh tokens.
http
POST /api/v1/auth/agency/loginRequest Body:
json
{
"email": "[email protected]",
"password": "your-password"
}Agency Users
Lists users for the authenticated agency.
http
GET /api/v1/auth/agency/usersQuery Parameters:
| Parameter | Type | Description |
|---|---|---|
| page | int | Page number (1-indexed) |
| page_size | int | Number of items per page |
| search | string | Search by first name, last name, email, or code |
Response:
json
{
"items": [
{
"id": "uuid",
"first_name": "Jane",
"last_name": "Doe",
"email": "[email protected]",
"role": "Customer",
"agency_token": "AGENCY_TOKEN",
"status": "Active",
"account_verified": true,
"manager_role": "ADMIN_MANAGER"
}
],
"total": 1,
"page": 1,
"page_size": 10,
"total_pages": 1
}User Authentication
Registers a user and associates them with an agency.
http
POST /api/v1/auth/registerRequest Body:
json
{
"first_name": "Jane",
"last_name": "Doe",
"email": "[email protected]",
"password": "securePassword123",
"agency_token": "AGENCY_TOKEN",
"role": "Customer",
"device_id": "device-id",
"device_model": "device-model",
"device_name": "device-name",
"push_token": "push-token"
}Authenticates a user and returns access and refresh tokens.
http
POST /api/v1/auth/loginRequest Body:
json
{
"email": "[email protected]",
"password": "user-password"
}Authenticates an admin user and returns access and refresh tokens.
http
POST /api/v1/auth/admin/loginRequest Body:
json
{
"email": "[email protected]",
"password": "admin-password"
}Authenticates a manager user and returns access and refresh tokens.
http
POST /api/v1/auth/manager/loginRequest Body:
json
{
"email": "[email protected]",
"password": "manager-password"
}Authenticates a customer user and registers their device.
http
POST /api/v1/auth/customer/loginRequest Body:
json
{
"email": "[email protected]",
"password": "customer-password",
"device_id": "device-id",
"device_model": "device-model",
"device_name": "device-name",
"push_token": "push-token"
}Verifies a customer device using an OTP.
http
POST /api/v1/auth/customer/verify-deviceRequest Body:
json
{
"email": "[email protected]",
"otp": "123456",
"device_id": "device-id",
"device_model": "device-model",
"device_name": "device-name",
"push_token": "push-token"
}Token Management
Exchanges a refresh token for a new access token.
http
POST /api/v1/auth/refreshRequest Body:
json
{
"refresh_token": "..."
}Invalidates the current refresh token.
http
POST /api/v1/auth/logoutRequest Body:
json
{
"refresh_token": "..."
}Password Recovery
Sends a password reset OTP to the provided email.
http
POST /api/v1/auth/forgot-passwordRequest Body:
json
{
"email": "[email protected]"
}Verifies the one-time password sent to the user's email.
http
POST /api/v1/auth/verify-otpRequest Body:
json
{
"email": "[email protected]",
"otp": "123456"
}Resets the user's password using a verified OTP.
http
POST /api/v1/auth/reset-passwordRequest Body:
json
{
"email": "[email protected]",
"otp": "123456",
"new_password": "newSecurePassword123"
}