Mobile API Documentation – myAuthenticator

Overview

This document provides details on the mobile API endpoints for the myAuthenticator project. These endpoints are used for user authentication, registration, scanning QR codes, generating and verifying OTPs, and managing apps (including delete and update operations). Use this documentation to integrate and troubleshoot your mobile application.

Note: For local testing using an Android emulator, use http://10.0.2.2/ in place of localhost. For real devices, use your PC’s IP address (e.g., http://192.168.x.x/). In production, always use HTTPS.

Base URL

Base URL: http://<server-address>/myauthenticator_api/mobile_api/

Example for emulator: http://10.0.2.2/myauthenticator_api/mobile_api/

Endpoints

User Login

URL: login.php

Method: POST

Headers: Content-Type: application/json

Request Body:

{
  "email": "user@example.com",
  "password": "user_password"
}

Successful Response:

{
  "status": "success",
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
}

Error Response:

{
  "status": "error",
  "message": "Missing email or password"
}

User Registration

URL: user_register.php

Method: POST

Headers: Content-Type: application/json

Request Body:

{
  "username": "JohnDoe",
  "email": "john@example.com",
  "password": "password123"
}

Successful Response:

{
  "status": "success",
  "message": "Registration successful",
  "user_id": 3,
  "remember_token": "003d79783ce4b179921d5bf9effae716",
  "totp_secret": "a006877c348443cba698",
  "api_key": "0360c2393c91bf097905e71fbe382cbec508b840"
}

Error Response:

{
  "status": "error",
  "message": "All fields are required"
}

List Registered Apps

URL: list_apps.php

Method: GET

Headers:

• Authorization: Bearer {JWT_TOKEN}

Successful Response:

[
  {
      "app_name": "Google",
      "created_at": "2025-03-05 14:54:45"
  },
  {
      "app_name": "Grey",
      "created_at": "2025-03-01 09:58:33"
  }
]

Error Response:

{
  "status": "error",
  "message": "Token missing"
}

Generate OTP

URL: generate_otp.php

Method: POST

Headers:

• Authorization: Bearer {JWT_TOKEN}
• Content-Type: application/json

Request Body:

{
  "app_name": "Google"
}

Successful Response:

{
  "status": "success",
  "otp": "123456"
}

Error Response:

{
  "status": "error",
  "message": "App not found"
}

Verify OTP

URL: verify_otp.php

Method: POST

Headers:

• Authorization: Bearer {JWT_TOKEN}
• Content-Type: application/json

Request Body:

{
  "app_name": "Google",
  "otp": "123456"
}

Successful Response:

{
  "status": "success",
  "message": "OTP is valid"
}

Error Response:

{
  "status": "error",
  "message": "Invalid OTP"
}

Scan QR Code

URL: scan_qr.php

Method: POST

Headers:

• Authorization: Bearer {JWT_TOKEN}
• Content-Type: application/json

Request Body:

{
  "app_name": "ExampleApp",
  "secret": "JBSWY3DPEHPK3PXP"
}

Successful Response:

{
  "status": "success",
  "message": "QR code scanned successfully"
}

Error Response:

{
  "status": "error",
  "message": "Invalid QR code data"
}

Delete App

URL: delete_app.php

Method: POST

Headers:

• Authorization: Bearer {JWT_TOKEN}
• Content-Type: application/json

Request Body:

{
  "app_name": "Google"
}

Successful Response:

{
  "status": "success",
  "message": "App deleted successfully"
}

Error Response:

{
  "status": "error",
  "message": "App not found"
}

Update App

URL: update_app.php

Method: POST

Headers:

• Authorization: Bearer {JWT_TOKEN}
• Content-Type: application/json

Request Body:

{
  "old_app_name": "Google",
  "new_app_name": "GooglePlus",
  "new_secret": "NEWSECRETKEY123"
}

Successful Response:

{
  "status": "success",
  "message": "App name updated successfully"
}

Error Response:

{
  "status": "error",
  "message": "Update failed"
}

Token Generation (token_gen)

URL: token_gen.php

Method: GET

Successful Response:

{
  "status": "success",
  "token": "generated_jwt_token_here"
}

Error Response:

{
  "status": "error",
  "message": "Token generation failed"
}

Verify Generated Token (verify_token_gen)

URL: verify_token_gen.php

Method: GET

Headers:

• Authorization: Bearer {JWT_TOKEN}

Successful Response:

{
  "status": "success",
  "message": "Token is valid"
}

Error Response:

{
  "status": "error",
  "message": "Invalid token"
}

Security Considerations

• All endpoints (except login and registration) require a valid JWT in the Authorization header: Bearer {JWT_TOKEN}.
• For testing, ensure cleartext traffic is enabled. In AndroidManifest.xml, add:

  <application android:usesCleartextTraffic="true" ...>

• Always use HTTPS in production environments to secure data transmission.

Testing the API

You can use Postman or cURL to test the API endpoints:

curl -X POST http://10.0.2.2/myauthenticator_api/mobile_api/login.php \
-H "Content-Type: application/json" \
-d '{"email":"user@example.com","password":"user_password"}'
    

If testing on a real device, replace 10.0.2.2 with your PC's IP address.

Troubleshooting

• Network Errors: Ensure your device/emulator is on the same network as your server and the BASE_URL is set correctly (use 10.0.2.2 for emulator or your PC's IP for a real device).
• JSON Parsing Errors: If you encounter errors like JsonReader.setLenient(true), ensure your API returns valid JSON. You can enable lenient parsing in your Gson instance.
• Token Issues: If you get "Token missing" errors, verify that the JWT token is saved in SharedPreferences after login and included in subsequent requests.

Conclusion

This documentation provides the basic information required to interact with the myAuthenticator mobile API, including endpoints for login, registration, scanning QR codes, OTP generation/verification, and app management (delete and update), as well as token generation and verification. For any further questions or issues, please contact your API administrator or consult the project documentation.