Navigation

2ndPay.in REST API Documentation

API Information

Base URL: http://localhost/2ndPay.in/api

Version: 1.0.0

Authentication: JWT Bearer Token

Content-Type: application/json

API Status: Operational

✅ All endpoints are working correctly. Firebase phone authentication endpoints added and routed successfully.

Response Format

Success Response
{
  "success": true,
  "message": "Success message",
  "data": {...},
  "timestamp": "2025-09-27 12:00:00"
}
Error Response
{
  "success": false,
  "message": "Error message",
  "errors": {...},
  "timestamp": "2025-09-27 12:00:00"
}

Authentication APIs

Phone Authentication (Firebase-based)

New Firebase-based phone authentication system for React Native app. Supports E.164 format (+919876543210).

Development Mode: In development (APP_ENV='development'), OTPs are logged to /logs/test_otps.log instead of being sent via SMS.

POST /auth/send-otp

Send OTP to phone number (Firebase Phone Auth)

Sends a 6-digit OTP to the provided phone number. Returns verificationId for OTP verification.

Request Body:
{
  "phoneNumber": "+919876543210"
}
Success Response (200):
{
  "success": true,
  "message": "OTP sent successfully",
  "data": {
    "verificationId": "abc123xyz456",
    "expiresIn": 300
  }
}
Rate Limits: 3 OTP/hour per phone, 10/hour per IP
POST /auth/verify-otp

Verify OTP and authenticate (Firebase Phone Auth)

Verifies OTP and returns JWT token. Auto-creates user on first login. Supports both Firebase and legacy formats.

Request Body (Firebase Format - New):
{
  "verificationId": "abc123xyz456",
  "phoneNumber": "+919876543210",
  "otp": "123456"
}
Request Body (Legacy Format):
{
  "mobile": "9876543210",
  "otp": "123456"
}
Success Response (200):
{
  "success": true,
  "message": "Login successful",
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "user": {
      "id": 123,
      "name": "User",
      "phoneNumber": "+919876543210",
      "email": null,
      "role": "customer",
      "phoneVerified": true,
      "isNewUser": false
    },
    "expiresIn": 2592000
  }
}
Rate Limits: 20 verify attempts per 5 minutes per IP. Max 3 attempts per OTP.
POST /auth/register

Register a new user account (Legacy)

Request Body:
{
  "name": "John Doe",
  "mobile": "9876543210",
  "email": "john@example.com"
}
POST /auth/login

Login with mobile number - sends OTP (Legacy)

Request Body:
{
  "mobile": "9876543210"
}
POST /auth/agent-login

Agent login with mobile and password

Request Body:
{
  "mobile": "9876543210",
  "password": "agent123"
}

User APIs

Authentication Required: All user APIs require JWT token in Authorization header: Bearer <token>
GET /user/brands

Get list of active mobile brands

GET /user/brands/{id}/models

Get models for a specific brand

GET /user/models/{id}

Get detailed model information including parts and variants

POST /user/requests

Create a new sell request

Request Body:
{
  "brand_id": 1,
  "model_id": 1,
  "imei": "123456789012345",
  "pickup_address": "123 Main St, City",
  "pickup_date": "2025-09-28",
  "pickup_time_slot": "morning",
  "special_instructions": "Call before coming"
}

Agent APIs

Authentication Required: All agent APIs require JWT token with agent role
GET /agent/orders/assigned

Get orders assigned to the authenticated agent

GET /agent/orders/{id}

Get detailed information about a specific order

PUT /agent/orders/{id}/status

Update order status

Request Body:
{
  "status": "collected",
  "remarks": "Device collected successfully"
}

Common APIs

GET /common/time-slots

Get available pickup time slots

GET /common/app-config

Get application configuration and settings

API Testing Interface

Test API Endpoint
Response
Response will appear here...
Troubleshooting Guide
Common Issues & Solutions:
  • 404 Not Found: Check if endpoint is registered in /api/index.php routing
  • 500 Server Error: Check PHP error logs and /logs/app_*.log
  • CORS Error: Verify .htaccess CORS headers are enabled
  • Missing OTP in development: Check /logs/test_otps.log file
  • Rate Limit (429): Wait 1 hour or clear phone_otps table
Testing Phone Authentication:
  1. Test /auth/send-otp with phone number
  2. Check /logs/test_otps.log for OTP (development mode)
  3. Test /auth/verify-otp with verificationId, phone, and OTP
  4. Use returned JWT token in Authorization header for protected endpoints