Developer Portal Auth
Developer Portal Auth
The current SeloraX developer portal surface does not use a separate public auth API such as /api/v1/auth.
Instead, the routes documented in this section use the same merchant/admin dashboard authentication stack as the main SeloraX admin app.
Current Model
Dashboard-facing app management routes are protected by middleware such as:
authadminstoreOwnership- feature permissions like
apps__manage_apps,apps__install_apps, andapps__view_webhooks
In practice, this means:
- a merchant signs in through the SeloraX dashboard
- the dashboard stores the session token as
x_auth_token - requests to dashboard-facing app routes send that token as
x-auth-token
These routes are not designed as a separate developer-login product for third-party public clients.
Relevant Route Families
The current dashboard-facing developer portal surface is made up of these route groups:
/api/apps/api/apps/installations/api/apps/session/api/apps/webhooks/api/apps/billing
For concrete request and response examples, use:
Embedded App Session Verification
One endpoint in the dashboard-facing flow is intentionally different: the embedded session verification route.
POST /api/apps/session/verify
Content-Type: application/json{
"session_token": "eyJ...",
"client_id": "sx_app_...",
"client_secret": "sx_secret_..."
}This endpoint is used by app backends to verify an embedded session token with app credentials. It is part of the embedded app bootstrap flow, not a separate portal login system.
Sign in with SeloraX
If you are looking for the platform identity provider and OAuth/OIDC flows, use the dedicated Identity Provider documentation instead:
That identity-provider surface is separate from the current dashboard-facing developer portal routes.
Current State
Older references to a standalone developer portal auth service or portal.selorax.io/api/v1/auth should be treated as obsolete for the current implementation reflected in the main SeloraX backend.