Skip to content

API Documentation

Amit Das edited this page Apr 28, 2026 · 1 revision

πŸ“‘ API Documentation

This page documents all major API endpoints available in SecureAuth.

The API is responsible for authentication, session management, authenticator account handling, backups, and security operations.


🌐 Base URL

Example:

http://localhost:3000

Production example:

https://yourdomain.com

πŸ” Authentication APIs

Authentication endpoints handle OTP verification, login sessions, and account access.


Send OTP

Send OTP to user phone number.

Endpoint

POST /api/auth/send-otp

Request Body

{
  "phone": "+1234567890"
}

Success Response

{
  "success": true,
  "message": "OTP sent successfully"
}

Verify OTP

Verify user OTP and create session.

Endpoint

POST /api/auth/verify-otp

Request Body

{
  "phone": "+1234567890",
  "otp": "123456"
}

Success Response

{
  "success": true,
  "message": "Authentication successful"
}

Get Current User

Returns authenticated user information.

Endpoint

GET /api/auth/me

Logout User

Destroy active session.

Endpoint

POST /api/auth/logout

πŸ“± Session Management APIs

Manage active sessions and connected devices.


Get Active Sessions

Endpoint

GET /api/auth/sessions

Revoke Specific Session

Endpoint

DELETE /api/auth/sessions/:sessionId

Revoke Other Sessions

Endpoint

DELETE /api/auth/sessions/others

πŸ”’ App Lock APIs

Secure local app access with PIN protection.


Setup App Lock

Endpoint

POST /api/auth/app-lock/setup

Verify PIN

Endpoint

POST /api/auth/app-lock/verify

Toggle App Lock

Endpoint

POST /api/auth/app-lock/toggle

Update App Lock Settings

Endpoint

POST /api/auth/app-lock/settings

πŸ”‘ Authenticator Account APIs

Manage encrypted authenticator accounts.


Get Accounts

Endpoint

GET /api/accounts

Add Account

Endpoint

POST /api/accounts

Example Request

{
  "name": "GitHub",
  "secret": "SECRET_KEY"
}

Update Account

Endpoint

PUT /api/accounts/:id

Rename Account

Endpoint

PATCH /api/accounts/:id/rename

Delete Account

Endpoint

DELETE /api/accounts/:id

πŸ“¦ Backup APIs

Manage encrypted backups.


Export Backup

Endpoint

POST /api/backup/export

Import Backup

Endpoint

POST /api/backup/import

πŸ” Authentication Requirements

Protected endpoints require authentication.

Authentication uses:

  • JWT validation
  • Secure cookies
  • Session verification

🚨 Error Responses


Unauthorized

{
  "error": "Unauthorized"
}

Invalid OTP

{
  "error": "Invalid OTP"
}

Session Expired

{
  "error": "Session expired"
}

Too Many Requests

{
  "error": "Too many requests"
}

πŸ›‘οΈ Security Features

API protection includes:

  • Rate limiting
  • JWT validation
  • Secure cookie authentication
  • Request validation
  • Session verification

⚠️ Best Practices

When using the API:

  • Always use HTTPS
  • Validate inputs
  • Protect authentication tokens
  • Avoid exposing secrets

πŸ” API Architecture Overview

Client
  ↓
API Request
  ↓
Authentication Validation
  ↓
Session Verification
  ↓
Protected Route Access
  ↓
Secure Response

βœ… Next Steps

Continue with:


Secure β€’ Fast β€’ Modern ⚑

Clone this wiki locally