Skip to content

Authentication

This document outlines the authentication API endpoints for managing user accounts, including password resets, OTP verification, user registration and login.

Base URL

  • Bas path /api2/auth

Verify OTP

Endpoint: POST /otp/verify

Description: Verifies the OTP sent to the user. OTP expires in 10 minutes.

Parameter Type Required Description
otp string required The OTP code received
identifier string required Email or phone number
type string required OTP type: "registration" (for account registration) or "reset" (for reset) or "demo_auth" (for demo login)
Token Type Description
registration Used for user registration verification.
reset Used for password reset operations.
update_email Used for updating a user's email address.
update_phone Used for updating a user's phone number.
demo_auth Used for demo authentication scenarios.

Example Request:

curl -X POST 'https://api.trackongps.com/api2/auth/otp/verify' \
  -H 'Content-Type: application/json' \
  -d '{
    "otp": "123456",
    "identifier": "user@example.com",
    "type": "reset"
  }'

Responses:

200 OK
{
  "token": "<token>"
}
400 Bad Request - Missing Fields
{
  "message": "OTP & Identifier are required!",
}
400 Bad Request - Invalid OTP
{
  "message": "Invalid OTP!"
}
400 Bad Request - Expired OTP
{
  "message": "OTP has expired!",
}

Login

Endpoint: POST /login

Description: Authenticates a user by verifying their credentials (email or phone number) and password. If successful, it returns the user's email.

Parameter Type Required Description
identifier string required The email address or phone number of the user.
password string required The password associated with the user account.

Example Request:

curl -X POST 'https://api.trackongps.com/api2/auth/login' \
  -H 'Content-Type: application/json' \
  -d '{
    "identifier": "user@example.com",
    "password": "your_password"
  }'

Request Body:

{
  "identifier": "user@example.com", // or phone number
  "password": "your_password"
}

Responses:

200 OK - Response Body
{
  "email": "user@example.com"
}
400 Bad Request - Missing Identifier or Password
{
  "message": "Identifier & password are required!",
}
403 Forbidden - Server Not Running
{
  "message": "Server not running!"
}
400 Bad Request - Multiple Users Found
{
  "message": "Multiple users found!",
  "description": "Multiple users found with same credentials please use another method!"
}
401 Unauthorized - Invalid Credentials
{
  "message": "Login failed!",
  "description": "Invalid Credentials!"
}
404 Not Found - Credentials Error
{
  "message": "Credentials error!",
  "description": "Use your trackon registered email or phone number as identifier!"
}

Reset Password

Init

Endpoint: POST /account/reset

Description: Initiates the password reset process by sending an OTP to the user's email or phone number.

Request Body:

Parameter Type Required Description
email string optional The email address of the user.
phone string optional The phone number of the user.

Example Request:

curl -X POST 'https://api.trackongps.com/api2/auth/account/reset' \
  -H 'Content-Type: application/json' \
  -d '{
    "email": "user@example.com"
  }'

Responses:

200 OK
{
  "message": "OTP sent successfully!",
  "success": true
}
400 Bad Request - Missing Email/Phone
{
  "message": "Email or phone number is required!",
}
403 Forbidden
{
  "message": "Server not running!"
}
404 Not Found
{
  "message": "User not found!"
}
400 Bad Request - Multiple Users
{
  "message": "Multiple users found!",
  "description": "These credentials are used by multiple users. Please use another method!"
}

Finish Reset

Endpoint: POST /password/reset

Description: Resets the user's password using a valid token and new password.

Parameter Type Required Description
token string required Valid verification token
newPassword string required New password for the user

Example Request:

curl -X POST 'https://api.trackongps.com/api2/auth/password/reset' \
  -H 'Content-Type: application/json' \
  -d '{
    "token": "zhfda8fdha0fdanfda08fdhajf9d8ahfdja",
    "newPassword": "new_secure_password"
  }'

Responses:

200 OK

json { "message": "Password Updated!", "success": true }

400 Bad Request - Missing Fields

json { "message": "Token and identifier are required!", }

400 Bad Request - Invalid Token

json { "message": "Invalid Token!" }

400 Bad Request - Expired Token

json { "message": "Token has expired!", }

401 Unauthorized

json { "message": "Unauthorized token!" }


Account Registration

Init Registration

Endpoint: POST /registration/init

Description: Initiates the account registration process by sending an OTP to the user's email or phone number.

Parameter Type Required Description
email string optional The email address of the user.
phone string optional The phone number of the user.

Example Request:

curl -X POST 'https://api.trackongps.com/api2/auth/registration/init' \
  -H 'Content-Type: application/json' \
  -d '{
    "email": "user@example.com"
  }'

Request Body:

{
  "email": "user@example.com" // or phone number
}

Responses:

200 OK
{
  "message": "OTP sent successfully!",
  "success": true
}
400 Bad Request - Missing Email/Phone
{
  "message": "Email or phone number is required!",
}
403 Forbidden
{
  "message": "Server not running!"
}
400 Bad Request - Account Exists
{
  "message": "Account already exists!"
}

Finish Registration

Endpoint: POST /registration/complete

Description: Completes the account registration process by creating a new user on the server.

Parameter Type Required Description
token string required The token received in the initial registration request.
fullName string required The full name of the user.
password string required The password for the new user account.

Example Request:

curl -X POST 'https://api.trackongps.com/api2/auth/registration/complete' \
  -H 'Content-Type: application/json' \
  -d '{
    "token": "zhfda8fdha0fdanfda08fdhajf9d8ahfdja",
    "fullName": "John Doe",
    "password": "your_secure_password"
  }'

Request Body:

{
  "token": "zhfda8fdha0fdanfda08fdhajf9d8ahfdja",
  "fullName": "John Doe",
  "password": "your_secure_password"
}

Responses:

200 OK
{
  "message": "Account registered successfully",
  "success": true
}
400 Bad Request - Missing Parameters
{
  "message": "token, fullName & password are required!",
}
400 Bad Request - Invalid Token
{
  "message": "Invalid Token!"
}
400 Bad Request - Expired Token
{
  "message": "Token has expired!",
}
500 Internal Server Error
{
  "message": "Failed to create user account.",
}

Demo Login

Init Login

Endpoint: POST /demo-login/init

Description: Initiates the demo login process by sending an OTP to the user's phone number.

Request Body Schema

Field Type Description Required
phone string User's phone number Yes
fullName string User's full name Yes

Response Schema

Field Type Description
message string Response message
success boolean Indicates if the request succeeded

🛠 Endpoint:

POST /demo-login/init

Authorization:

  • No authentication required

cURL Request:

curl -X POST https://api.trackongps.com/api2/auth/demo-login/init" \
-H "Content-Type: application/json" \
-d '{
  "phone": "9712345678",
  "fullName": "John Doe"
}'

Request Body:

{
  "phone": "9712345678",
  "fullName": "John Doe"
}

Response:

200 OK - Response Body
{
  "message": "OTP sent successfully!",
  "success": true
}
400 Bad Request - Response Body
{
  "message": "Phone number and Full name is required!",
}

Verify Login

Description To verify the demo login process the token with verify OTP api with token type: 'demo_auth' and other remaining fields

Next Steps:

  • Verify OTP - Complete the authentication process by verifying the OTP
  • Then finally after successful OTP verification login user with demo credentials provided by trackon admin