Documentation Index¶
Fetch the complete documentation index at: https://makakoo-traylinx-35.mintlify.app/llms.txt Use this file to discover all available pages before exploring further.
Auth Service¶
Authentication and user management API operations.
The Auth service handles user registration, login, session management, and credential operations. Its base URL is configured via REACT_APP_AUTH_API_BASE_URL (default: https://api.traylinx.com/ma-authentication-ms/v1/api).
All requests require the Api-Key header. Endpoints that operate on an authenticated session also require Authorization: Bearer <token>.
Login¶
http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token
Authenticate a user with username and password. Returns access and refresh tokens.
Request headers: Api-Key
```bash theme={null}
curl -X POST https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token \
-H "Content-Type: application/json" \
-H "Api-Key: <ResponseField name="data.id" type="string">
The user’s unique ID.
</ResponseField>
<ResponseField name="data.type" type="string">
Always `"session"`.
</ResponseField>
<ResponseField name="data.attributes.accessToken" type="string">
Short-lived JWT used to authenticate subsequent requests.
</ResponseField>
<ResponseField name="data.attributes.refreshToken" type="string">
Long-lived token used to obtain a new access token when the current one expires.
</ResponseField>
<ResponseField name="data.attributes.email" type="string">
The authenticated user’s email address.
</ResponseField>
<ResponseField name="data.attributes.firstName" type="string">
The user’s first name.
</ResponseField>
<ResponseField name="data.attributes.lastName" type="string">
The user’s last name.
</ResponseField>
**Rate limiting:** Login attempts are rate-limited per username. Exceeding the limit returns `429 Too Many Requests`.
***
## Register
<CodeGroup>
```http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users
```
</CodeGroup>
Create a new user account. Depending on the registration method, the response may indicate that account activation is required before the user can log in.
**Request headers:** `Api-Key`
<ParamField body="username" type="string" required>
Email address or phone number for the new account.
</ParamField>
<ParamField body="password" type="string" required>
Password for the new account.
</ParamField>
<ParamField body="method" type="string">
Registration method. Use `"phone"` for phone-based registration; omit or use `"email"` for email-based registration.
</ParamField>
```bash theme={null}
curl -X POST https://api.traylinx.com/ma-authentication-ms/v1/api/users \
-H "Content-Type: application/json" \
-H "Api-Key: <your_api_key>" \
-d '{"username": "user@example.com", "password": "secret"}'
On success without activation required — returns 200 with tokens (same shape as Login).
On success with activation required — returns 201:
201 when activation is required.
true when the account must be activated before logging in.
Rate limiting: Registration attempts are rate-limited per username.
Activate Account (Email)¶
http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/{userId}/activate/email
Activate a newly registered account using the 6-digit verification code sent by email.
Request headers: Api-Key
Response: Returns tokens and user data in the same shape as the Login response.
Activate Account (Phone)¶
http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/{userId}/activate/phone
Activate a newly registered account using the 6-digit verification code sent by SMS.
Request headers: Api-Key
Response: Returns tokens and user data in the same shape as the Login response.
Resend Activation Code¶
http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/{userId}/resend_activation
Resend the activation code to the user’s email or phone.
Request headers: Api-Key
Logout¶
http theme={null}
GET https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token/revoke
Revoke the current access token, effectively ending the session.
Request headers: Api-Key, Authorization: Bearer <token>
```bash theme={null}
curl https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token/revoke \
-H "Api-Key: **Response:** `200 OK`. If the token was already expired, returns `401` — in both cases, clear locally stored tokens.
***
## Refresh Token
<CodeGroup>
```http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token/refresh
```
</CodeGroup>
Exchange a refresh token for a new access token and refresh token pair.
**Request headers:** `Api-Key`
<ParamField body="refresh_token" type="string" required>
The refresh token from a previous login or refresh response.
</ParamField>
```bash theme={null}
curl -X POST https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token/refresh \
-H "Content-Type: application/json" \
-H "Api-Key: <your_api_key>" \
-d '{"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4..."}'
Response: Returns the same shape as Login with new accessToken and refreshToken values.
Check Token Info¶
http theme={null}
GET https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token/info
Verify that an access token is valid and retrieve its associated claims.
Request headers: Api-Key, Authorization: Bearer <token>
```bash theme={null}
curl https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token/info \
-H "Api-Key: **Response:** `200 OK` with token claims on success, `401 Unauthorized` if expired or invalid.
***
## Validate Email
<CodeGroup>
```http theme={null}
GET https://api.traylinx.com/ma-authentication-ms/v1/api/users/validate/email
```
</CodeGroup>
Check whether an email address is valid and available for registration.
**Request headers:** `Api-Key`
<ParamField query="email" type="string" required>
The email address to validate.
</ParamField>
<ResponseField name="valid" type="boolean">
`true` if the email address is syntactically valid.
</ResponseField>
<ResponseField name="exists" type="boolean">
`true` if an account with this email address already exists.
</ResponseField>
**Rate limiting:** Validation requests are rate-limited per address.
***
## Validate Phone
<CodeGroup>
```http theme={null}
GET https://api.traylinx.com/ma-authentication-ms/v1/api/users/validate/phone
```
</CodeGroup>
Check whether a phone number is valid and available for registration.
**Request headers:** `Api-Key`
<ParamField query="phoneNumber" type="string" required>
The phone number without country code.
</ParamField>
<ParamField query="countryCode" type="string" required>
The country calling code (e.g., `"1"` for US/Canada, `"44"` for UK).
</ParamField>
<ResponseField name="valid" type="boolean">
`true` if the phone number is valid.
</ResponseField>
<ResponseField name="exists" type="boolean">
`true` if an account with this phone number already exists.
</ResponseField>
***
## Request Password Reset
<CodeGroup>
```http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/password/reset_request
```
</CodeGroup>
Send a password reset email to the specified address.
**Request headers:** `Api-Key`
<ParamField body="email" type="string" required>
The email address associated with the account.
</ParamField>
```bash theme={null}
curl -X POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/password/reset_request \
-H "Content-Type: application/json" \
-H "Api-Key: <your_api_key>" \
-d '{"email": "user@example.com"}'
Response: 200 OK. The response does not confirm whether the email exists to prevent enumeration.
Rate limiting: Password reset requests are rate-limited per email address.
Reset Password with Token¶
http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/password/reset
Set a new password using the reset token from the password reset email. Does not require an existing session.
Request headers: Api-Key
Change Password (Authenticated)¶
http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/password/change
Change the password for the currently authenticated user.
Request headers: Api-Key, Authorization: Bearer <token>
Built with Mintlify.