Swiftap API Documentation

Go to Swagger

This page displays the API endpoints. It is generated from the static markdown file.


# Swiftap API – Documentation

## Authentication
| Method | URL | Description |
|--------|-----|-------------|
| POST | `/api/auth/register` | Register a new user; returns a Sanctum token. |
| POST | `/api/auth/login` | Log in with credentials; returns a Sanctum token. |
| POST | `/api/auth/social-login` | OAuth‑style social login; returns a token. |
| POST | `/api/auth/logout` | Revoke the current token (requires authentication). |
| POST | `/api/auth/forgot-password` | Initiate password‑reset flow (public). |
| POST | `/api/auth/verify-reset-code` | Verify reset code (public). |
| POST | `/api/auth/reset-password` | Complete password reset (public). |

All **authenticated** routes require the header:
```
Authorization: Bearer <token>
```

## Public (No Auth) Endpoints
| Method | URL | Description |
|--------|-----|-------------|
| GET | `/api/profile/{slug}` | Retrieve public profile data for shared links. |
| GET | `/api/profile/{slug}/qrcode` | QR‑code for the shared profile. |
| GET | `/api/profile/{slug}/vcard` | vCard download for the shared profile. |
| POST | `/api/login` | Legacy login endpoint (kept for backward compatibility). |

## User‑Facing Authenticated Endpoints
| Method | URL | Description |
|--------|-----|-------------|
| GET | `/api/templates` | List onboarding templates. |
| GET | `/api/themes` | List available themes. |
| GET | `/api/avatars` | Retrieve avatar catalogue. |
| GET | `/api/user/profile` | Get current user profile. |
| POST | `/api/user/profile-image` | Upload a profile picture. |
| POST | `/api/user/select-avatar` | Choose an avatar. |
| POST | `/api/user/pick-path` | Select a navigation path (onboarding). |
| POST | `/api/user/set-style` | Set user style preferences. |
| GET | `/api/user/contact-info` | View contact information. |
| PUT | `/api/user/contact-info` | Update contact information. |
| PUT | `/api/user/contact-info/visibility` | Change visibility of contact fields. |
| PUT | `/api/user/photo-settings` | Update photo‑related settings. |
| PUT | `/api/user/profile-template` | Change the profile template. |
| GET | `/api/user/share` | Retrieve share data for the current user. |
| GET | `/api/user/widgets` | List user widgets. |
| POST | `/api/user/widgets` | Create a new widget. |
| GET | `/api/user/widgets/{widgetId}` | View a specific widget. |
| PUT | `/api/user/widgets/{widgetId}` | Update a widget. |
| DELETE | `/api/user/widgets/{widgetId}` | Delete a widget. |
| POST | `/api/user/widgets/reorder` | Reorder widgets. |
| POST | `/api/user/widgets/{widgetId}/items` | Add an item to a widget. |
| PUT | `/api/user/widgets/{widgetId}/items/{itemId}` | Update a widget item. |
| DELETE | `/api/user/widgets/{widgetId}/items/{itemId}` | Delete a widget item. |
| POST | `/api/user/widgets/{widgetId}/items/reorder` | Reorder widget items. |
| POST | `/api/user/widgets/{widgetId}/images` | Upload a widget image. |
| POST | `/api/user/widgets/{widgetId}/items/{itemId}/image` | Upload an image for a widget item. |
| DELETE | `/api/user/widgets/{widgetId}/images/{imageId}` | Delete a widget image. |

## Widget Library (Read‑only)
| Method | URL | Description |
|--------|-----|-------------|
| GET | `/api/widgets/library` | List all available widget types. |
| GET | `/api/widgets/library/category/{categoryId}` | Filter library widgets by category. |
| GET | `/api/widgets/library/{id}` | Get details for a specific widget type. |

## Admin Endpoints (Super‑admin only)
| Method | URL | Description |
|--------|-----|-------------|
| GET | `/api/admin/themes` | List all themes. |
| POST | `/api/admin/themes` | Create a new theme. |
| GET | `/api/admin/themes/{id}` | View a specific theme. |
| POST | `/api/admin/themes/{id}` | Update a theme. |
| DELETE | `/api/admin/themes/{id}` | Delete a theme. |

All admin routes require both a valid Sanctum token and the `admin` middleware permission.

---
**Response conventions**
- JSON payloads throughout.
- Validation errors → `422 Unprocessable Entity` with error details.
- Missing/invalid token → `401 Unauthorized`.
- Forbidden admin access → `403 Forbidden`.