Authentication
This document outlines the authentication API endpoints for managing user accounts, including password resets, OTP verification, user registration and login.
Base URL
- Bas path
/api2/auth
Verify OTP
Endpoint: POST /otp/verify
Description: Verifies the OTP sent to the user. OTP expires in 10 minutes.
Parameter | Type | Required | Description |
---|---|---|---|
otp |
string | required | The OTP code received |
identifier |
string | required | Email or phone number |
type |
string | required | OTP type: "registration" (for account registration) or "reset" (for reset) or "demo_auth" (for demo login) |
Token Type | Description |
---|---|
registration |
Used for user registration verification. |
reset |
Used for password reset operations. |
update_email |
Used for updating a user's email address. |
update_phone |
Used for updating a user's phone number. |
demo_auth |
Used for demo authentication scenarios. |
Example Request:
curl -X POST 'https://api.trackongps.com/api2/auth/otp/verify' \
-H 'Content-Type: application/json' \
-d '{
"otp": "123456",
"identifier": "user@example.com",
"type": "reset"
}'
Responses:
200 OK
{
"token": "<token>"
}
400 Bad Request - Missing Fields
{
"message": "OTP & Identifier are required!",
}
400 Bad Request - Invalid OTP
{
"message": "Invalid OTP!"
}
400 Bad Request - Expired OTP
{
"message": "OTP has expired!",
}
Login
Endpoint: POST /login
Description: Authenticates a user by verifying their credentials (email or phone number) and password. If successful, it returns the user's email.
Parameter | Type | Required | Description |
---|---|---|---|
identifier |
string | required | The email address or phone number of the user. |
password |
string | required | The password associated with the user account. |
Example Request:
curl -X POST 'https://api.trackongps.com/api2/auth/login' \
-H 'Content-Type: application/json' \
-d '{
"identifier": "user@example.com",
"password": "your_password"
}'
Request Body:
{
"identifier": "user@example.com", // or phone number
"password": "your_password"
}
Responses:
200 OK - Response Body
{
"email": "user@example.com"
}
400 Bad Request - Missing Identifier or Password
{
"message": "Identifier & password are required!",
}
403 Forbidden - Server Not Running
{
"message": "Server not running!"
}
400 Bad Request - Multiple Users Found
{
"message": "Multiple users found!",
"description": "Multiple users found with same credentials please use another method!"
}
401 Unauthorized - Invalid Credentials
{
"message": "Login failed!",
"description": "Invalid Credentials!"
}
404 Not Found - Credentials Error
{
"message": "Credentials error!",
"description": "Use your trackon registered email or phone number as identifier!"
}
Reset Password
Init
Endpoint: POST /account/reset
Description: Initiates the password reset process by sending an OTP to the user's email or phone number.
Request Body:
Parameter | Type | Required | Description |
---|---|---|---|
email |
string | optional | The email address of the user. |
phone |
string | optional | The phone number of the user. |
Example Request:
curl -X POST 'https://api.trackongps.com/api2/auth/account/reset' \
-H 'Content-Type: application/json' \
-d '{
"email": "user@example.com"
}'
Responses:
200 OK
{
"message": "OTP sent successfully!",
"success": true
}
400 Bad Request - Missing Email/Phone
{
"message": "Email or phone number is required!",
}
403 Forbidden
{
"message": "Server not running!"
}
404 Not Found
{
"message": "User not found!"
}
400 Bad Request - Multiple Users
{
"message": "Multiple users found!",
"description": "These credentials are used by multiple users. Please use another method!"
}
Finish Reset
Endpoint: POST /password/reset
Description: Resets the user's password using a valid token and new password.
Parameter | Type | Required | Description |
---|---|---|---|
token |
string | required | Valid verification token |
newPassword |
string | required | New password for the user |
Example Request:
curl -X POST 'https://api.trackongps.com/api2/auth/password/reset' \
-H 'Content-Type: application/json' \
-d '{
"token": "zhfda8fdha0fdanfda08fdhajf9d8ahfdja",
"newPassword": "new_secure_password"
}'
Responses:
200 OK
json
{
"message": "Password Updated!",
"success": true
}
400 Bad Request - Missing Fields
json
{
"message": "Token and identifier are required!",
}
400 Bad Request - Invalid Token
json
{
"message": "Invalid Token!"
}
400 Bad Request - Expired Token
json
{
"message": "Token has expired!",
}
401 Unauthorized
json
{
"message": "Unauthorized token!"
}
Account Registration
Init Registration
Endpoint: POST /registration/init
Description: Initiates the account registration process by sending an OTP to the user's email or phone number.
Parameter | Type | Required | Description |
---|---|---|---|
email |
string | optional | The email address of the user. |
phone |
string | optional | The phone number of the user. |
Example Request:
curl -X POST 'https://api.trackongps.com/api2/auth/registration/init' \
-H 'Content-Type: application/json' \
-d '{
"email": "user@example.com"
}'
Request Body:
{
"email": "user@example.com" // or phone number
}
Responses:
200 OK
{
"message": "OTP sent successfully!",
"success": true
}
400 Bad Request - Missing Email/Phone
{
"message": "Email or phone number is required!",
}
403 Forbidden
{
"message": "Server not running!"
}
400 Bad Request - Account Exists
{
"message": "Account already exists!"
}
Finish Registration
Endpoint: POST /registration/complete
Description: Completes the account registration process by creating a new user on the server.
Parameter | Type | Required | Description |
---|---|---|---|
token |
string | required | The token received in the initial registration request. |
fullName |
string | required | The full name of the user. |
password |
string | required | The password for the new user account. |
Example Request:
curl -X POST 'https://api.trackongps.com/api2/auth/registration/complete' \
-H 'Content-Type: application/json' \
-d '{
"token": "zhfda8fdha0fdanfda08fdhajf9d8ahfdja",
"fullName": "John Doe",
"password": "your_secure_password"
}'
Request Body:
{
"token": "zhfda8fdha0fdanfda08fdhajf9d8ahfdja",
"fullName": "John Doe",
"password": "your_secure_password"
}
Responses:
200 OK
{
"message": "Account registered successfully",
"success": true
}
400 Bad Request - Missing Parameters
{
"message": "token, fullName & password are required!",
}
400 Bad Request - Invalid Token
{
"message": "Invalid Token!"
}
400 Bad Request - Expired Token
{
"message": "Token has expired!",
}
500 Internal Server Error
{
"message": "Failed to create user account.",
}
Demo Login
Init Login
Endpoint: POST /demo-login/init
Description: Initiates the demo login process by sending an OTP to the user's phone number.
Request Body Schema
Field | Type | Description | Required |
---|---|---|---|
phone |
string |
User's phone number | Yes |
fullName |
string |
User's full name | Yes |
Response Schema
Field | Type | Description |
---|---|---|
message |
string |
Response message |
success |
boolean |
Indicates if the request succeeded |
🛠Endpoint:
POST /demo-login/init
Authorization:
- No authentication required
cURL Request:
curl -X POST https://api.trackongps.com/api2/auth/demo-login/init" \
-H "Content-Type: application/json" \
-d '{
"phone": "9712345678",
"fullName": "John Doe"
}'
Request Body:
{
"phone": "9712345678",
"fullName": "John Doe"
}
Response:
200 OK - Response Body
{
"message": "OTP sent successfully!",
"success": true
}
400 Bad Request - Response Body
{
"message": "Phone number and Full name is required!",
}
Verify Login
Description
To verify the demo login process the token with verify OTP api with token type: 'demo_auth'
and other remaining fields
Next Steps:
- Verify OTP - Complete the authentication process by verifying the OTP
- Then finally after successful OTP verification login user with demo credentials provided by trackon admin