CLIENT API REFERENCE
Central Auth Platform
Complete API reference for Flutter, React, and other client applications. All endpoints
accept and return application/json.
Base URL
https://centralauth.serveo.net
API Prefix
/api/v1
Content-Type
application/json
๐
All Endpoints
| Method | Endpoint | Description | Auth |
|---|---|---|---|
| POST | /api/v1/identities/ | Register a new account | โ |
| POST | /api/v1/auth/login | Login with email & password | โ |
| POST | /api/v1/auth/otp/request | Request OTP (login, reset, verify, link) | โ |
| POST | /api/v1/auth/phone/verify | OTP login via phone | โ |
| POST | /api/v1/auth/google | Google Sign-In token exchange | โ |
| POST | /api/v1/auth/verify-email | Verify email with OTP | โ |
| POST | /api/v1/auth/resend-verification | Resend email verification | โ |
| POST | /api/v1/auth/forgot-password | Request password reset | โ |
| POST | /api/v1/auth/reset-password | Reset password with OTP | โ |
| GET | /api/v1/identities/me | Get current user profile | ๐ Bearer |
| POST | /api/v1/identities/me/phone | Link phone number | ๐ Bearer |
| POST | /api/v1/identities/me/email | Link email address | ๐ Bearer |
| POST | /api/v1/identities/me/password | Update / set password | ๐ Bearer |
| DELETE | /api/v1/identities/me | Delete account (soft delete) | ๐ Bearer |
| POST | /api/v1/auth/refresh | Refresh tokens | ๐ช Cookie |
| POST | /api/v1/auth/logout | Logout & revoke session | โ |
| GET | /api/v1/auth/activities | View login activities | ๐ Bearer |
1
Registration
/api/v1/identities
POST
/api/v1/identities/
Register a new account
โถ
Request Body
JSON
{ "email": "[email protected]", "password": "SecurePassword123!", "clientId": "your_client_id" }
201
Returns the created user identity object.
2
Authentication
/api/v1/auth
POST
/api/v1/auth/login
Login with email & password
โถ
Request Body
JSON
{ "email": "[email protected]", "password": "SecurePassword123!", "clientId": "your_client_id" }
200
Returns user info plus Access and Refresh Tokens.
POST
/api/v1/auth/otp/request
Request OTP (unified)
โถ
Unified OTP endpoint
Supports types:
LOGIN, RESET, VERIFY, LINK. Target
can be email or phone number.
Request Body
JSON
{ "target": "[email protected]", // OR "+1234567890" "type": "LOGIN" // LOGIN | RESET | VERIFY | LINK }
POST
/api/v1/auth/phone/verify
OTP login via phone
โถ
Request Body
JSON
{ "target": "+1234567890", "code": "123456", "clientId": "your_client_id" }
POST
/api/v1/auth/google
Google Sign-In token exchange
โถ
Google ID Token Exchange
Exchanges a Google ID Token from the native Flutter/Android SDK for Central Auth tokens.
Request Body
JSON
{ "token": "eyJhbG... (Google ID Token)", "clientId": "your_client_id" }
3
Verification & Recovery
/api/v1/auth
POST
/api/v1/auth/verify-email
Verify email with OTP
โถ
JSON
{ "email": "[email protected]", "otp": "123456" }
POST
/api/v1/auth/resend-verification
Resend verification email
โถ
JSON
{ "email": "[email protected]" }
POST
/api/v1/auth/forgot-password
Request password reset
โถ
JSON
{ "email": "[email protected]" }
POST
/api/v1/auth/reset-password
Reset password with OTP
โถ
JSON
{ "email": "[email protected]", "otp": "123456", "newPassword": "NewPassword123!" }
4
Protected Identity Management
/api/v1/identities/me
Authentication Required
All endpoints in this section require:
Authorization: Bearer <access_token>
GET
/api/v1/identities/me
Get current user profile
โถ
No request body required. Pass the access token in the
Authorization
header.
200
Returns the current user's identity object.
POST
/api/v1/identities/me/phone
Link phone number
โถ
Send an OTP first via
/api/v1/auth/otp/request
with type LINK before
calling this endpoint.JSON
{ "phone": "+1234567890", "code": "123456" }
POST
/api/v1/identities/me/email
Link email address
โถ
JSON
{ "email": "[email protected]", "code": "123456" }
POST
/api/v1/identities/me/password
Update / set password
โถ
JSON
{ "target": "[email protected]", "code": "123456", "newPassword": "NewPassword123!" }
DELETE
/api/v1/identities/me
Delete account (soft delete)
โถ
No request body required. This performs a soft delete โ the account is marked as deleted but data is retained.
200
Account successfully soft-deleted.
5
Session Management
/api/v1/auth
POST
/api/v1/auth/refresh
Refresh tokens
โถ
Cookie Required
The
refresh-token
must be present as an httpOnly cookie. No request body needed.
200
Returns new access and refresh tokens.
POST
/api/v1/auth/logout
Logout & revoke session
โถ
Revokes the current session and clears authentication cookies. No request body required.
GET
/api/v1/auth/activities
View login activities
โถ
Required Header
HTTP
Authorization: Bearer <access_token>
200
Returns login history for the current user.
๐
Authentication Flow Guide
๐ง Email / Password
1
Register via
POST /identities/2
Verify email via
POST /auth/verify-email3
Login via
POST /auth/login โ receive tokens4
Use
Authorization: Bearer <token> on protected routes๐ฑ OTP Phone Login
1
Request OTP via
POST /auth/otp/request with type LOGIN2
Verify OTP via
POST /auth/phone/verify โ receive tokens๐ต Google Sign-In
1
Get Google ID Token from Flutter/Android SDK
2
Exchange via
POST /auth/google โ receive Central Auth tokens๐ Token Refresh
1
Access token expires
2
Call
POST /auth/refresh โ refresh token sent automatically via httpOnly cookie3
Receive new access + refresh tokens
Central Auth Platform โ Client API Reference ยท All endpoints return application/json