-
-
Notifications
You must be signed in to change notification settings - Fork 0
API Documentation
This page documents all major API endpoints available in SecureAuth.
The API is responsible for authentication, session management, authenticator account handling, backups, and security operations.
Example:
http://localhost:3000Production example:
https://yourdomain.comAuthentication endpoints handle OTP verification, login sessions, and account access.
Send OTP to user phone number.
POST /api/auth/send-otp{
"phone": "+1234567890"
}{
"success": true,
"message": "OTP sent successfully"
}Verify user OTP and create session.
POST /api/auth/verify-otp{
"phone": "+1234567890",
"otp": "123456"
}{
"success": true,
"message": "Authentication successful"
}Returns authenticated user information.
GET /api/auth/meDestroy active session.
POST /api/auth/logoutManage active sessions and connected devices.
GET /api/auth/sessionsDELETE /api/auth/sessions/:sessionIdDELETE /api/auth/sessions/othersSecure local app access with PIN protection.
POST /api/auth/app-lock/setupPOST /api/auth/app-lock/verifyPOST /api/auth/app-lock/togglePOST /api/auth/app-lock/settingsManage encrypted authenticator accounts.
GET /api/accountsPOST /api/accounts{
"name": "GitHub",
"secret": "SECRET_KEY"
}PUT /api/accounts/:idPATCH /api/accounts/:id/renameDELETE /api/accounts/:idManage encrypted backups.
POST /api/backup/exportPOST /api/backup/importProtected endpoints require authentication.
Authentication uses:
- JWT validation
- Secure cookies
- Session verification
{
"error": "Unauthorized"
}{
"error": "Invalid OTP"
}{
"error": "Session expired"
}{
"error": "Too many requests"
}API protection includes:
- Rate limiting
- JWT validation
- Secure cookie authentication
- Request validation
- Session verification
When using the API:
- Always use HTTPS
- Validate inputs
- Protect authentication tokens
- Avoid exposing secrets
Client
β
API Request
β
Authentication Validation
β
Session Verification
β
Protected Route Access
β
Secure ResponseContinue with:
Secure β’ Fast β’ Modern β‘
SecureAuth
Secure β’ Fast β’ Modern β‘