Developer Portal Auth
Developer Portal Auth
Base path: /api/v1/auth
Password Login
POST /api/v1/auth/login
Content-Type: application/jsonRequest Body:
{
"identifier": "017XXXXXXXX",
"password": "your-password"
}| Field | Type | Required | Description |
|---|---|---|---|
identifier | string | Yes | Email, phone number, or username (3-255 chars) |
password | string | Yes | Account password (8-128 chars) |
Response (201):
{
"status": 200,
"message": "Login successful",
"data": {
"accessToken": "eyJhbGciOiJIUzI1NiIs...",
"refreshToken": "dGhpcyBpcyBhIHJlZnJl...",
"expiresIn": "1h"
}
}Errors:
401 UNAUTHORIZED— Invalid credentials403 FORBIDDEN— User does not have developer portal access
OTP Login
Send OTP
POST /api/v1/auth/otp/send
Content-Type: application/jsonRequest Body:
{
"phone": "017XXXXXXXX"
}| Field | Type | Required | Description |
|---|---|---|---|
phone | string | Yes | Phone number (8-20 chars, digits and optional + prefix) |
Response (200):
{
"status": 200,
"message": "OTP sent",
"data": {
"message": "OTP sent successfully",
"expiresInMinutes": 5
}
}Verify OTP
POST /api/v1/auth/otp/verify
Content-Type: application/jsonRequest Body:
{
"phone": "017XXXXXXXX",
"otp": "1234"
}| Field | Type | Required | Description |
|---|---|---|---|
phone | string | Yes | Phone number used to send OTP |
otp | string | Yes | 4-digit OTP code |
Response (200):
{
"status": 200,
"message": "OTP verified and login successful",
"data": {
"accessToken": "eyJhbGciOiJIUzI1NiIs...",
"refreshToken": "dGhpcyBpcyBhIHJlZnJl...",
"expiresIn": "1h"
}
}Errors:
404 USER_NOT_FOUND— Phone number not registered400 INVALID_OTP— OTP does not match400 OTP_EXPIRED— OTP validity expired
Sign in with SeloraX
Authenticate via the platform's OIDC provider (OAuth authorization code flow):
POST /api/v1/auth/oauth/callback
Content-Type: application/jsonRequest Body:
{
"code": "sx_ic_...",
"redirectUri": "https://portal.selorax.io/auth/callback"
}| Field | Type | Required | Description |
|---|---|---|---|
code | string | Yes | Authorization code from SeloraX OIDC (min 10 chars) |
redirectUri | string | Yes | The redirect URI used in the authorization request |
Response (200):
{
"status": 200,
"message": "Sign in with SeloraX successful",
"data": {
"accessToken": "eyJhbGciOiJIUzI1NiIs...",
"refreshToken": "dGhpcyBpcyBhIHJlZnJl...",
"expiresIn": "1h"
}
}Errors:
401 OAUTH_TOKEN_FAILED— OAuth token exchange failed401 USERINFO_FAILED— Failed to fetch user info from OIDC403 NOT_MERCHANT— Only merchants can access the developer portal404 USER_NOT_FOUND— Developer account not found
Token Refresh
POST /api/v1/auth/refresh
Content-Type: application/jsonRequest Body:
{
"refreshToken": "<refresh-token>"
}| Field | Type | Required | Description |
|---|---|---|---|
refreshToken | string | Yes | Refresh token from login (min 20 chars) |
Response (200):
{
"status": 200,
"message": "Token refreshed",
"data": {
"accessToken": "eyJhbGciOiJIUzI1NiIs...",
"refreshToken": "bmV3IHJlZnJlc2ggdG9r...",
"expiresIn": "1h"
}
}Current Profile
GET /api/v1/auth/me
Authorization: Bearer <accessToken>Response (200):
{
"status": 200,
"message": "Profile fetched",
"data": {
"userId": 42,
"name": "John Developer",
"email": "[email protected]",
"phone": "017XXXXXXXX"
}
}