This document provides a comprehensive guide to all API endpoints available in the application, organized by functionality.
- What it does: Handles all authentication-related requests including sign-in... Also captures and verifies
User-Agentto track devices and sends an Email/SMS alert for new logins. - How to implement: Use
next-authhooks likesignIn(),signOut(), oruseSession()on the client side. - Response: Varies by action (e.g., set-cookie for sessions, JSON for session info).
- What it does: Registers a new user with email, username, and password. It hashes the password, creates the user in MongoDB, captures the initial device
User-Agent, and triggers a verification email. - How to implement:
- Body:
{ "email": "string", "username": "string", "password": "password" }
- Body:
- Response:
201 Created:{ "message": "User Registered. Please check your email to verify your account." }400/409/500 Errors:{ "message": "Error details" }
- What it does: Verifies a user's email address using a token sent via email.
- How to implement:
- Query Params:
?token=YOUR_TOKEN
- Query Params:
- Response:
302 Redirect: Redirects to/login?verified=trueon success.400 Bad Request:{ "message": "Invalid or expired verification token." }
- What it does: Resends the verification email to a registered but unverified user.
- How to implement:
- Body:
{ "email": "string" }or{ "username": "string" }
- Body:
- Response:
200 OK:{ "message": "Verification email sent successfully" }400/404 Errors:{ "message": "Error details" }
- What it does: Initiates the password recovery flow for users who registered via email. Generates a reset token and sends it via email.
- How to implement:
- Body:
{ "email": "string" }
- Body:
- Response:
200 OK:{ "message": "If an account with that email exists, we sent you a password reset link." }
- What it does: Verifies the OTP sent to a phone number during the password recovery flow and returns a password reset token.
- How to implement:
- Body:
{ "phone": "+91XXXXXXXXXX", "otp": "123456" }
- Body:
- Response:
200 OK:{ "message": "OTP verified successfully.", "token": "uuid-token" }400/404 Errors:{ "message": "Error details" }
- What it does: Resets the user's password using a valid reset token (obtained via email link or phone OTP verification).
- How to implement:
- Body:
{ "token": "string", "newPassword": "string" }
- Body:
- Response:
200 OK:{ "message": "Your password has been successfully reset." }400 Error:{ "message": "Invalid or expired password reset token." }
- What it does: Checks if an email is already registered in the database.
- How to implement:
- Body:
{ "email": "string" }
- Body:
- Response:
{ "exists": boolean }
- What it does: Checks if a username is already taken.
- How to implement:
- Body:
{ "username": "string" }
- Body:
- Response:
{ "exists": boolean }
- What it does: Checks if a phone number is already registered.
- How to implement:
- Body:
{ "phone": "string" }
- Body:
- Response:
{ "exists": boolean }
- What it does: Combined check for both email and username existence.
- How to implement:
- Body:
{ "email": "string", "username": "string" }
- Body:
- Response:
{ "email": boolean, "username": boolean }
- What it does: Generates and sends a 6-digit OTP to the specified Indian phone number via SMS.
- How to implement:
- Body:
{ "phone": "+91XXXXXXXXXX" }
- Body:
- Response:
200 OK:{ "message": "OTP sent successfully" }400/500 Errors:{ "error": "Error details" }