API endpoints
Auto-generated from
auth-server/internal/api/routes/routes.go. Runnpm run docs:gen auth-serverto refresh after route changes.
Total endpoints: 90.
Base path: /api/v1 (configurable via API_PREFIX). The /health endpoint sits outside the prefix.
Auth
| Method | Path | Auth | Handler |
|---|---|---|---|
| POST | /auth/register | public | authHandler.Register |
| POST | /auth/login | public | authHandler.Login |
| POST | /auth/refresh | public | authHandler.RefreshToken |
| POST | /auth/logout | yes | authMw.Authenticate(http.HandlerFunc(authHandler.Logout |
| POST | /auth/validate | public | authHandler.ValidateToken |
| POST | /auth/admin/set-password | yes | authMw.Authenticate(http.HandlerFunc(authHandler.AdminSetPassword |
| POST | /auth/check-email | yes | authMw.Authenticate(http.HandlerFunc(authHandler.CheckEmail |
| POST | /auth/logout/all | yes | authMw.Authenticate(http.HandlerFunc(authHandler.LogoutAll |
SSO
| Method | Path | Auth | Handler |
|---|---|---|---|
| POST | /auth/sso/url | public | authHandler.GetSSOAuthURL |
| GET | /auth/sso/callback | public | authHandler.SSOCallback |
| POST | /auth/sso/callback | public | authHandler.SSOCallback |
| POST | /auth/sso/exchange | public | authHandler.SSOExchange |
| GET | /auth/sso/providers | public | authHandler.GetEnabledProviders |
Two-factor
| Method | Path | Auth | Handler |
|---|---|---|---|
| POST | /auth/2fa/setup | yes | authMw.Authenticate(http.HandlerFunc(authHandler.SetupTwoFactor |
| POST | /auth/2fa/enable | yes | authMw.Authenticate(http.HandlerFunc(authHandler.EnableTwoFactor |
| POST | /auth/2fa/disable | yes | authMw.Authenticate(http.HandlerFunc(authHandler.DisableTwoFactor |
Sessions
| Method | Path | Auth | Handler |
|---|---|---|---|
| GET | /auth/sessions | yes | authMw.Authenticate(http.HandlerFunc(authHandler.GetSessions |
| DELETE | /auth/sessions/{sessionId} | yes | authMw.Authenticate(http.HandlerFunc(authHandler.TerminateSession |
Password
| Method | Path | Auth | Handler |
|---|---|---|---|
| POST | /auth/password/reset-request | public | authHandler.RequestPasswordReset |
| POST | /auth/password/reset | public | authHandler.ResetPassword |
| POST | /auth/password/change | yes | authMw.Authenticate(http.HandlerFunc(authHandler.ChangePassword |
Email verification
| Method | Path | Auth | Handler |
|---|---|---|---|
| POST | /auth/verify-email | public | authHandler.VerifyEmail |
| GET | /auth/verify-email | public | authHandler.VerifyEmail |
| POST | /auth/verify-email/resend | public | authHandler.ResendVerificationEmail |
Magic link
| Method | Path | Auth | Handler |
|---|---|---|---|
| POST | /auth/magic-link/request | public | magicLinkHandler.Request |
| POST | /auth/magic-link/verify | public | magicLinkHandler.Verify |
Me
| Method | Path | Auth | Handler |
|---|---|---|---|
| GET | /auth/me | yes | authMw.Authenticate(http.HandlerFunc(authHandler.GetMe |
| GET | /me/apps | yes | authMw.Authenticate(http.HandlerFunc(appHandler.MyApps |
| GET | /me/orgs | yes | authMw.Authenticate(http.HandlerFunc(userHandler.GetMyOrganizations |
| DELETE | /me/account | yes | authMw.Authenticate(http.HandlerFunc(authHandler.DeleteMyAccount |
| GET | /me/invitations | yes | authMw.Authenticate(http.HandlerFunc(invitationHandler.ListMyInvitations |
| POST | /me/invitations/{invitationId}/accept | yes | authMw.Authenticate(http.HandlerFunc(invitationHandler.AcceptMyInvitation |
| POST | /me/invitations/{invitationId}/decline | yes | authMw.Authenticate(http.HandlerFunc(invitationHandler.DeclineMyInvitation |
OAuth
| Method | Path | Auth | Handler |
|---|---|---|---|
| POST | /oauth/token | public | oauthHandler.Token |
Orgs
| Method | Path | Auth | Handler |
|---|---|---|---|
| GET | /orgs/{orgId}/members | public | orgSelfChain("org:members:read", http.HandlerFunc(orgHandler.ListMembers |
| POST | /orgs/{orgId}/members | public | orgSelfChain("org:members:invite", http.HandlerFunc(orgHandler.AddMember |
| DELETE | /orgs/{orgId}/members/{userId} | public | orgSelfChain("org:members:remove", http.HandlerFunc(orgHandler.RemoveMember |
| PUT | /orgs/{orgId}/members/{userId}/status | public | orgSelfChain("org:members:update", http.HandlerFunc(orgHandler.UpdateMemberStatus |
| GET | /orgs/{orgId} | public | orgSelfChain("org:read", http.HandlerFunc(orgHandler.GetOrganization |
| PUT | /orgs/{orgId} | public | orgSelfChain("org:update", http.HandlerFunc(orgHandler.UpdateOrganization |
| GET | /orgs/{orgId}/roles | public | orgSelfChain("org:roles:read", http.HandlerFunc(orgRoleHandler.List |
| GET | /orgs/{orgId}/roles/{roleId} | public | orgSelfChain("org:roles:read", http.HandlerFunc(orgRoleHandler.Get |
| POST | /orgs/{orgId}/roles | public | orgSelfChain("org:roles:create", http.HandlerFunc(orgRoleHandler.Create |
| PUT | /orgs/{orgId}/roles/{roleId} | public | orgSelfChain("org:roles:update", http.HandlerFunc(orgRoleHandler.Update |
| DELETE | /orgs/{orgId}/roles/{roleId} | public | orgSelfChain("org:roles:delete", http.HandlerFunc(orgRoleHandler.Delete |
| GET | /orgs/{orgId}/permissions/assignable | public | orgSelfChain("org:roles:read", http.HandlerFunc(orgRoleHandler.ListAssignablePermissions |
| POST | /orgs/{orgId}/invitations | public | orgSelfChain("org:members:invite", http.HandlerFunc(invitationHandler.CreateOrgInvitation |
| GET | /orgs/{orgId}/invitations | public | orgSelfChain("org:members:read", http.HandlerFunc(invitationHandler.ListOrgInvitations |
| DELETE | /orgs/{orgId}/invitations/{invitationId} | public | orgSelfChain("org:members:invite", http.HandlerFunc(invitationHandler.RevokeOrgInvitation |
Admin · Users
| Method | Path | Auth | Handler |
|---|---|---|---|
| GET | /admin/users | public | adminChain(http.HandlerFunc(userHandler.ListUsers |
| GET | /admin/users/{userId} | public | adminChain(http.HandlerFunc(userHandler.GetUser |
| POST | /admin/users/lookup | public | adminChain(http.HandlerFunc(userHandler.LookupUsers |
| GET | /admin/users/{userId}/roles | public | adminChain(http.HandlerFunc(userHandler.GetUserRoles |
| PUT | /admin/users/{userId}/roles | public | adminChain(http.HandlerFunc(userHandler.SetUserRoles |
| GET | /admin/users/{userId}/organizations | public | adminChain(http.HandlerFunc(userHandler.GetUserOrganizations |
| POST | /admin/users/{userId}/revoke-sessions | public | adminChain(http.HandlerFunc(userHandler.RevokeUserSessions |
| GET | /admin/users/{userId}/sessions | public | adminChain(http.HandlerFunc(userHandler.ListUserSessions |
| DELETE | /admin/users/{userId}/sessions/{sessionId} | public | adminChain(http.HandlerFunc(userHandler.TerminateUserSession |
| POST | /admin/users/{userId}/impersonate | yes | authMw.Authenticate(http.HandlerFunc(authHandler.Impersonate |
| DELETE | /admin/users/{userId}/hard | public | systemAdminChain(http.HandlerFunc(authHandler.HardDeleteUser |
| POST | /admin/users/{userId}/apps/{appId} | public | adminChain(http.HandlerFunc(appHandler.GrantUser |
| DELETE | /admin/users/{userId}/apps/{appId} | public | adminChain(http.HandlerFunc(appHandler.RevokeUser |
Admin · Organizations
| Method | Path | Auth | Handler |
|---|---|---|---|
| GET | /admin/organizations | public | adminChain(http.HandlerFunc(orgHandler.ListOrganizations |
| POST | /admin/organizations | public | adminChain(http.HandlerFunc(orgHandler.CreateOrganization |
| GET | /admin/organizations/{orgId} | public | adminChain(http.HandlerFunc(orgHandler.GetOrganization |
| PUT | /admin/organizations/{orgId} | public | adminChain(http.HandlerFunc(orgHandler.UpdateOrganization |
| DELETE | /admin/organizations/{orgId} | public | adminChain(http.HandlerFunc(orgHandler.DeleteOrganization |
| GET | /admin/organizations/{orgId}/members | public | adminChain(http.HandlerFunc(orgHandler.ListMembers |
| POST | /admin/organizations/{orgId}/members | public | adminChain(http.HandlerFunc(orgHandler.AddMember |
| DELETE | /admin/organizations/{orgId}/members/{userId} | public | adminChain(http.HandlerFunc(orgHandler.RemoveMember |
| PUT | /admin/organizations/{orgId}/members/{userId}/status | public | adminChain(http.HandlerFunc(orgHandler.UpdateMemberStatus |
Admin · Apps
| Method | Path | Auth | Handler |
|---|---|---|---|
| POST | /admin/apps | public | systemAdminChain(http.HandlerFunc(appHandler.Create |
| GET | /admin/apps | public | adminChain(http.HandlerFunc(appHandler.List |
| GET | /admin/apps/{appId} | public | adminChain(http.HandlerFunc(appHandler.Get |
| PATCH | /admin/apps/{appId} | public | systemAdminChain(http.HandlerFunc(appHandler.Update |
| DELETE | /admin/apps/{appId} | public | systemAdminChain(http.HandlerFunc(appHandler.Delete |
Admin · M2M
| Method | Path | Auth | Handler |
|---|---|---|---|
| POST | /admin/m2m-clients | public | systemAdminChain(http.HandlerFunc(m2mHandler.Create |
| GET | /admin/m2m-clients | public | systemAdminChain(http.HandlerFunc(m2mHandler.List |
| GET | /admin/m2m-clients/{clientId} | public | systemAdminChain(http.HandlerFunc(m2mHandler.Get |
| DELETE | /admin/m2m-clients/{clientId} | public | systemAdminChain(http.HandlerFunc(m2mHandler.Revoke |
Admin · Permissions
| Method | Path | Auth | Handler |
|---|---|---|---|
| POST | /admin/permissions/register | public | systemAdminChain(http.HandlerFunc(permHandler.RegisterPermissions |
Admin · Jobs
| Method | Path | Auth | Handler |
|---|---|---|---|
| GET | /admin/jobs | public | adminChain(http.HandlerFunc(jobHandler.List |
| GET | /admin/jobs/{name} | public | adminChain(http.HandlerFunc(jobHandler.Get |
| POST | /admin/jobs/{name}/trigger | public | adminChain(http.HandlerFunc(jobHandler.Trigger |
| POST | /admin/jobs/{name}/pause | public | adminChain(http.HandlerFunc(jobHandler.Pause |
| POST | /admin/jobs/{name}/resume | public | adminChain(http.HandlerFunc(jobHandler.Resume |
Admin · Audit log
| Method | Path | Auth | Handler |
|---|---|---|---|
| GET | /admin/audit-log | public | adminChain(http.HandlerFunc(auditHandler.List |
Admin
| Method | Path | Auth | Handler |
|---|---|---|---|
| GET | /admin/roles | public | adminChain(http.HandlerFunc(userHandler.ListSystemRoles |
System
| Method | Path | Auth | Handler |
|---|---|---|---|
| GET | /health | public | func(w http.ResponseWriter, r *http.Request |
Other
| Method | Path | Auth | Handler |
|---|---|---|---|
| GET | /apps/{code}/registration-policy | public | appHandler.RegistrationPolicy |