Auth Endpoints
Authentication endpoints for the Universal Account service.
Web3 Authentication
Connect Wallet
POST /auth/web3
Authenticate using Web3 wallet signature.
Headers:
x-signature(required) - Request signaturex-timestamp(required) - Timestamporigin(required) - Domain originx-api-key(required) - API Key
Request Body:
{
"signature": "0x25cf4f771bc466e31f7a9cdfebfb11741788b481388d622b1e5dfa2a479e72972d328a364ca45eaa432665bbbc6c08e1eee8c40007eb4244f0894199b71542b61c",
"signer": "0x556180984Ec8B4d28476376f99A071042f262a5c"
}
Response: 201 - The user has been successfully logged in
{
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refreshTokenExpire": 1710175253716,
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"accessTokenExpire": 1710175253716,
"userId": "0x2743eec46576f76f47334569074242f3d9a90b44"
}
Token Management
Refresh Token
POST /auth/refresh
Refresh an access token using a refresh token.
Request Body:
{
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Response: 201 Created
Telegram Authentication
Request Telegram OTP
POST /auth/telegram-otp-request
Request a one-time password for Telegram authentication.
Headers:
x-signature(required) - Request signaturex-timestamp(required) - Timestamporigin(required) - Domain originx-api-key(required) - API Key
Request Body:
{
"telegramId": "637528594"
}
Response: 201 - The OTP request was successful
Telegram Login�
POST /auth/telegram-login
Authenticate using Telegram ID and OTP.
Headers:
x-signature(required) - Request signaturex-timestamp(required) - Timestamporigin(required) - Domain originx-api-key(required) - API Key
Request Body:
{
"telegramId": "637528594",
"username": "dangnp",
"firstname": "DANG",
"lastname": "NGUYEN",
"avatarUrl": "https://example.com/avatar.jpg",
"otp": "123456"
}
Response: 201 - The user has been successfully logged in
Create Telegram User from Bot Login
POST /auth/telegram/user
Create a new user from Telegram bot login.
Request Body:
{
"telegramId": "637528594",
"username": "dangnp",
"firstname": "DANG",
"lastname": "NGUYEN",
"domainId": 1,
"sig": "0xe8fb8b8a653f7a85068a58d3346f8c26a805b1047367c3275215a896891d94fe79b24719653bfd2b7a0835d7c8dd8279e022e17370250e02800a2cc7f973f84b1b",
"timestamp": 1741084672,
"apiKey": "7c581609293E503dE149d93f34767DFF33d32C16"
}
Response: 201 Created
Telegram Bot Login from App
POST /auth/telegram/callback
Complete Telegram bot login from the app.
Headers:
x-signature(required) - Request signaturex-timestamp(required) - Timestamporigin(required) - Domain originx-api-key(required) - API Key
Request Body:
{
"state": "637528594",
"code": "4Q49OK0KD93GW7H9"
}
Response: 201 - The user has been successfully logged in with Telegram
Email Authentication
Request Email OTP
POST /auth/email-otp-request
Request a one-time password via email.
Headers:
x-signature(required) - Request signaturex-timestamp(required) - Timestamporigin(required) - Domain originx-api-key(required) - API Key
Request Body:
{
"email": "[email protected]"
}
Response: 201 - The OTP request was successful
Email Login
POST /auth/email-otp-verify
Verify email OTP and login.
Headers:
x-signature(required) - Request signaturex-timestamp(required) - Timestamporigin(required) - Domain originx-api-key(required) - API Key
Request Body:
{
"email": "[email protected]",
"otp": "123456"
}
Response: 201 - The user has been successfully logged in
OAuth Authentication
Facebook Authentication
Facebook Login
GET /auth/facebook
Initiate Facebook login flow.
Headers:
x-signature(required) - Request signaturex-timestamp(required) - Timestamporigin(required) - Domain originx-api-key(required) - API Key
Response: 200 OK
Facebook Authentication Callback
POST /auth/facebook/callback
Handle Facebook authentication callback.
Headers:
x-signature(required) - Request signaturex-timestamp(required) - Timestamporigin(required) - Domain originx-api-key(required) - API Key
Request Body:
{
"code": "F0ASVgi3LIHziCA6lkUipWhD-9j1HZTMLR5y1ExzhpzS9aZueaw6eZkFBva4gCvACrCV1VRw",
"error": "mismatch_redirect_uri",
"state": "eyJrZXkiOiI3YzU4MTYwOTI5M0U1MDNkRTE0OWQ5M2YzNDc2N0RGRjMzZDMyQzE2IiwieC1zaWduYXR1cmUiOiIweGY0MWZjY2FlN2EwNjI3OGExOTVkM2NhMzkzMTE0Y2I5NmM4ZGViMGUxM2QwN2E3OWI2MjFlMWE5YWQzYmJmZjAwMjkzMGUwNTZkM2EwMWNmZDlkMGJiNjc3MWNkOTQ2M2Q5NjI2ODc4ODYzMzVkZjE5N2ExZWE4ZDQ4NGY4OWViMWMiLCJ4LXRpbWVzdGFtcCI6IjE3NDA1NTgxMTAxMzMiLCJ4LWFwaS1rZXkiOiI3YzU4MTYwOTI5M0U1MDNkRTE0OWQ5M2YzNDc2N0RGRjMzZDMyQzE2Iiwib3JpZ2luIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwIn0"
}
Response: 201 - The user has been successfully logged in via Facebook
Google Authentication
Google Login
GET /auth/google
Initiate Google authentication flow.
Headers:
x-signature(required) - Request signaturex-timestamp(required) - Timestamporigin(required) - Domain originx-api-key(required) - API Key
Response: 200 - The user has successfully started the authentication via Google
Google Login Callback
POST /auth/google/callback
Handle Google authentication callback.
Headers:
x-signature(required) - Request signaturex-timestamp(required) - Timestamporigin(required) - Domain originx-api-key(required) - API Key
Request Body:
{
"code": "F0ASVgi3LIHziCA6lkUipWhD-9j1HZTMLR5y1ExzhpzS9aZueaw6eZkFBva4gCvACrCV1VRw",
"error": "mismatch_redirect_uri",
"state": "eyJrZXkiOiI3YzU4MTYwOTI5M0U1MDNkRTE0OWQ5M2YzNDc2N0RGRjMzZDMyQzE2IiwieC1zaWduYXR1cmUiOiIweGY0MWZjY2FlN2EwNjI3OGExOTVkM2NhMzkzMTE0Y2I5NmM4ZGViMGUxM2QwN2E3OWI2MjFlMWE5YWQzYmJmZjAwMjkzMGUwNTZkM2EwMWNmZDlkMGJiNjc3MWNkOTQ2M2Q5NjI2ODc4ODYzMzVkZjE5N2ExZWE4ZDQ4NGY4OWViMWMiLCJ4LXRpbWVzdGFtcCI6IjE3NDA1NTgxMTAxMzMiLCJ4LWFwaS1rZXkiOiI3YzU4MTYwOTI5M0U1MDNkRTE0OWQ5M2YzNDc2N0RGRjMzZDMyQzE2Iiwib3JpZ2luIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwIn0"
}
Response: 201 - The user has been successfully logged in via Google
Twitter Authentication
Twitter Login
GET /auth/twitter
Initiate Twitter authentication flow.
Headers:
x-signature(required) - Request signaturex-timestamp(required) - Timestamporigin(required) - Domain originx-api-key(required) - API Key
Response: 200 OK
Twitter Login Callback
POST /auth/twitter/callback
Handle Twitter authentication callback.
Headers:
x-signature(required) - Request signaturex-timestamp(required) - Timestamporigin(required) - Domain originx-api-key(required) - API Key
Request Body:
{
"code": "F0ASVgi3LIHziCA6lkUipWhD-9j1HZTMLR5y1ExzhpzS9aZueaw6eZkFBva4gCvACrCV1VRw",
"error": "mismatch_redirect_uri",
"state": "eyJrZXkiOiI3YzU4MTYwOTI5M0U1MDNkRTE0OWQ5M2YzNDc2N0RGRjMzZDMyQzE2IiwieC1zaWduYXR1cmUiOiIweGY0MWZjY2FlN2EwNjI3OGExOTVkM2NhMzkzMTE0Y2I5NmM4ZGViMGUxM2QwN2E3OWI2MjFlMWE5YWQzYmJmZjAwMjkzMGUwNTZkM2EwMWNmZDlkMGJiNjc3MWNkOTQ2M2Q5NjI2ODc4ODYzMzVkZjE5N2ExZWE4ZDQ4NGY4OWViMWMiLCJ4LXRpbWVzdGFtcCI6IjE3NDA1NTgxMTAxMzMiLCJ4LWFwaS1rZXkiOiI3YzU4MTYwOTI5M0U1MDNkRTE0OWQ5M2YzNDc2N0RGRjMzZDMyQzE2Iiwib3JpZ2luIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwIn0"
}
Response: 201 - The user has been successfully logged in via Twitter
OAuth Proxy Callback
Proxy for SSO Provider Callbacks
GET /auth/{provider}/proxy-callback
Proxy for handling SSO provider callbacks.
Parameters:
provider(path, required) - The SSO provider namecode(query, required) - Auth codestate(query, required) - Auth stateerror(query, required) - Error if any
Response: 200 OK