Skip to main content

API Endpoints Overview

Introduction

This API provides authentication and user management functionalities, including session validation, user updates, multi-factor authentication (MFA), and password recovery. Below is a high-level overview of all available endpoints.

Each endpoint is documented on its own page with clear request and response structures, making it easy to integrate with any client application.

Endpoint Categories

🔑 Authentication Endpoints

POST

/auth/register

Creates a new user
POST

/auth/login

Authenticates a user and issues tokens for accessing protected resources.
POST

/auth/logout

Logs the user out by invalidating and removing their authentication tokens.
GET

/auth/validate-session

Verifies if a user is properly authenticated

🔄 Multi-Factor Authentication (MFA)

POST

/auth/enable-mfa

Enables MFA for the authenticated user and provides a QR code for setup.
POST

/auth/verify-mfa

Verifies a user's MFA token to complete the login process.
POST

/auth/recover-mfa

Disables MFA on the user's account if they provide a valid recovery code.

🔧 User Management

PUT

/auth/update-user

Allows users to update their account details.
PUT

/auth/update-email

Finalizes the email change process

🔑 Password Recovery

POST

/auth/request-reset-password

Initiates the password reset process
POST

/auth/reset-password

Allows users to reset their account password

Understanding Endpoint Documentation

Each endpoint has its own dedicated page, structured as follows:

1. General Information

  • What does the endpoint do?
  • HTTP method (e.g., POST, GET, PUT, DELETE)
  • Route (e.g., /auth/login)
  • Authentication requirements (e.g., accessToken, refreshToken)
  • Who can access it? (User roles, permissions, or public access)

2. Flow

  • A step-by-step explanation of how the endpoint works internally.
  • Special considerations, like token expiration or additional security checks.

3. Request Details

  • Headers: Any required headers (e.g., Content-Type, Authorization).
  • Query Parameters: If applicable, details on required/optional parameters.
  • Request Body: Fields, data types, required status, and descriptions.

4. Request Examples

  • A valid JSON request body.
  • cURL command to test the endpoint.
  • Axios example for client-side integration.

5. Response Details

  • Possible Status Codes: Success and error codes.
  • Successful Response Example: JSON response when the request is successful.
  • Error Response Examples: Common errors and their JSON response formats.

6. Additional Notes

  • Special Considerations: Expiration times, retry mechanisms, or security measures.
  • Common Mistakes: Errors developers might encounter and how to avoid them.