Auth Service¶
Authentication and user management API operations.
The Auth service handles user registration, login, session management, and credential operations. Its base URL is configured via REACT_APP_AUTH_API_BASE_URL (default: https://api.traylinx.com/ma-authentication-ms/v1/api).
All requests require the Api-Key header. Endpoints that operate on an authenticated session also require Authorization: Bearer <token>.
Login¶
http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token
Authenticate a user with username and password. Returns access and refresh tokens.
Request headers: Api-Key
```bash theme={null}
curl -X POST https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token \
-H "Content-Type: application/json" \
-H "Api-Key: <ResponseField name="data.id" type="string">
The user’s unique ID.
</ResponseField>
<ResponseField name="data.type" type="string">
Always `"session"`.
</ResponseField>
<ResponseField name="data.attributes.accessToken" type="string">
Short-lived JWT used to authenticate subsequent requests.
</ResponseField>
<ResponseField name="data.attributes.refreshToken" type="string">
Long-lived token used to obtain a new access token when the current one expires.
</ResponseField>
<ResponseField name="data.attributes.email" type="string">
The authenticated user’s email address.
</ResponseField>
<ResponseField name="data.attributes.firstName" type="string">
The user’s first name.
</ResponseField>
<ResponseField name="data.attributes.lastName" type="string">
The user’s last name.
</ResponseField>
**Rate limiting:** Login attempts are rate-limited per username. Exceeding the limit returns `429 Too Many Requests`.
***
## Register
<CodeGroup>
```http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users
```
</CodeGroup>
Create a new user account. Depending on the registration method, the response may indicate that account activation is required before the user can log in.
**Request headers:** `Api-Key`
<ParamField body="username" type="string" required>
Email address or phone number for the new account.
</ParamField>
<ParamField body="password" type="string" required>
Password for the new account.
</ParamField>
<ParamField body="method" type="string">
Registration method. Use `"phone"` for phone-based registration; omit or use `"email"` for email-based registration.
</ParamField>
```bash theme={null}
curl -X POST https://api.traylinx.com/ma-authentication-ms/v1/api/users \
-H "Content-Type: application/json" \
-H "Api-Key: <your_api_key>" \
-d '{"username": "user@example.com", "password": "secret"}'
On success without activation required — returns 200 with tokens (same shape as Login).
On success with activation required — returns 201:
201 when activation is required.
true when the account must be activated before logging in.
Rate limiting: Registration attempts are rate-limited per username.
Activate Account (Email)¶
http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/{userId}/activate/email
Activate a newly registered account using the 6-digit verification code sent by email.
Request headers: Api-Key
Response: Returns tokens and user data in the same shape as the Login response.
Activate Account (Phone)¶
http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/{userId}/activate/phone
Activate a newly registered account using the 6-digit verification code sent by SMS.
Request headers: Api-Key
Response: Returns tokens and user data in the same shape as the Login response.
Resend Activation Code¶
http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/{userId}/resend_activation
Resend the activation code to the user’s email or phone.
Request headers: Api-Key
Logout¶
http theme={null}
GET https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token/revoke
Revoke the current access token, effectively ending the session.
Request headers: Api-Key, Authorization: Bearer <token>
```bash theme={null}
curl https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token/revoke \
-H "Api-Key: **Response:** `200 OK`. If the token was already expired, returns `401` — in both cases, clear locally stored tokens.
***
## Refresh Token
<CodeGroup>
```http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token/refresh
```
</CodeGroup>
Exchange a refresh token for a new access token and refresh token pair.
**Request headers:** `Api-Key`
<ParamField body="refresh_token" type="string" required>
The refresh token from a previous login or refresh response.
</ParamField>
```bash theme={null}
curl -X POST https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token/refresh \
-H "Content-Type: application/json" \
-H "Api-Key: <your_api_key>" \
-d '{"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4..."}'
Response: Returns the same shape as Login with new accessToken and refreshToken values.
Check Token Info¶
http theme={null}
GET https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token/info
Verify that an access token is valid and retrieve its associated claims.
Request headers: Api-Key, Authorization: Bearer <token>
```bash theme={null}
curl https://api.traylinx.com/ma-authentication-ms/v1/api/oauth/token/info \
-H "Api-Key: **Response:** `200 OK` with token claims on success, `401 Unauthorized` if expired or invalid.
***
## Validate Email
<CodeGroup>
```http theme={null}
GET https://api.traylinx.com/ma-authentication-ms/v1/api/users/validate/email
```
</CodeGroup>
Check whether an email address is valid and available for registration.
**Request headers:** `Api-Key`
<ParamField query="email" type="string" required>
The email address to validate.
</ParamField>
<ResponseField name="valid" type="boolean">
`true` if the email address is syntactically valid.
</ResponseField>
<ResponseField name="exists" type="boolean">
`true` if an account with this email address already exists.
</ResponseField>
**Rate limiting:** Validation requests are rate-limited per address.
***
## Validate Phone
<CodeGroup>
```http theme={null}
GET https://api.traylinx.com/ma-authentication-ms/v1/api/users/validate/phone
```
</CodeGroup>
Check whether a phone number is valid and available for registration.
**Request headers:** `Api-Key`
<ParamField query="phoneNumber" type="string" required>
The phone number without country code.
</ParamField>
<ParamField query="countryCode" type="string" required>
The country calling code (e.g., `"1"` for US/Canada, `"44"` for UK).
</ParamField>
<ResponseField name="valid" type="boolean">
`true` if the phone number is valid.
</ResponseField>
<ResponseField name="exists" type="boolean">
`true` if an account with this phone number already exists.
</ResponseField>
***
## Request Password Reset
<CodeGroup>
```http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/password/reset_request
```
</CodeGroup>
Send a password reset email to the specified address.
**Request headers:** `Api-Key`
<ParamField body="email" type="string" required>
The email address associated with the account.
</ParamField>
```bash theme={null}
curl -X POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/password/reset_request \
-H "Content-Type: application/json" \
-H "Api-Key: <your_api_key>" \
-d '{"email": "user@example.com"}'
Response: 200 OK. The response does not confirm whether the email exists to prevent enumeration.
Rate limiting: Password reset requests are rate-limited per email address.
Reset Password with Token¶
http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/password/reset
Set a new password using the reset token from the password reset email. Does not require an existing session.
Request headers: Api-Key
Change Password (Authenticated)¶
http theme={null}
POST https://api.traylinx.com/ma-authentication-ms/v1/api/users/password/change
Change the password for the currently authenticated user.
Request headers: Api-Key, Authorization: Bearer <token>
Built with Mintlify.