Auth
Authentication and API access endpoints.
- Public: magic link, Google OAuth, API key -> JWT exchange, programmatic signup
- Authenticated: API key management (
/auth/api-keys*)
POST /auth/request
Request a magic link email.
curl -X POST https://api.paylinks.ro/api/v1/auth/request \
-H "Content-Type: application/json" \
-d '{"email": "[email protected]","redirectTo":"https://app.paylinks.ro/auth/callback"}'
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Email address |
redirectTo | string (URL) | No | Frontend callback URL (same origin as app) |
Response (200):
{"ok": true}
GET /auth/verify
Verify a magic link token and receive a JWT.
curl "https://api.paylinks.ro/api/v1/auth/verify?token=abc123"
Query Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
token | string | Yes | Magic link token from email |
redirectTo | string (URL) | No | Frontend callback URL (same origin as app) |
Response (200):
{
"token": "eyJhbGciOiJIUzI1NiIs...",
"needsOnboarding": false
}
POST /auth/api/token
Exchange API key credentials for a short-lived JWT.
curl -X POST https://api.paylinks.ro/api/v1/auth/api/token \
-H "Content-Type: application/json" \
-d '{"keyId":"plk_xxx","keySecret":"pls_xxx"}'
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
keyId | string | Yes | API key ID (plk_...) |
keySecret | string | Yes | API key secret (pls_...) |
Response (200):
{
"token": "eyJhbGciOiJIUzI1NiIs...",
"tokenType": "Bearer",
"expiresInSeconds": 3600,
"user": {
"id": "user_123",
"email": "[email protected]",
"role": "USER"
}
}
POST /auth/api/signup
Create account + first API key in one request (programmatic onboarding).
curl -X POST https://api.paylinks.ro/api/v1/auth/api/signup \
-H "Content-Type: application/json" \
-d '{"email":"[email protected]","name":"Dev","keyName":"Primary integration"}'
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | New account email |
name | string | No | Display name |
keyName | string | No | Name for the first API key |
Response (201):
{
"user": {
"id": "user_123",
"email": "[email protected]"
},
"apiKey": {
"id": "key_123",
"name": "Primary integration",
"keyId": "plk_xxx"
},
"keySecret": "pls_xxx",
"token": "eyJhbGciOiJIUzI1NiIs...",
"tokenType": "Bearer",
"expiresInSeconds": 3600,
"needsOnboarding": true
}
GET /auth/api-keys
List API keys for the authenticated user.
curl https://api.paylinks.ro/api/v1/auth/api-keys \
-H "Authorization: Bearer YOUR_JWT"
POST /auth/api-keys
Create a new API key.
curl -X POST https://api.paylinks.ro/api/v1/auth/api-keys \
-H "Authorization: Bearer YOUR_JWT" \
-H "Content-Type: application/json" \
-d '{"name":"Zapier"}'
Response includes keySecret only once.
POST /auth/api-keys/:id/revoke
Revoke an API key.
curl -X POST https://api.paylinks.ro/api/v1/auth/api-keys/<id>/revoke \
-H "Authorization: Bearer YOUR_JWT"
GET /auth/google/start
Start Google OAuth flow. Redirects to Google consent screen.
curl -L "https://api.paylinks.ro/api/v1/auth/google/start?redirectTo=https://yourapp.com/callback"
Query Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
redirectTo | string | No | URL to redirect after auth |
Response: 302 redirect to Google.
GET /auth/google/callback
Google OAuth callback. Called by Google after user consents.
Query Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
code | string | Yes | OAuth authorization code |
state | string | Yes | OAuth state parameter |
Response (200):
{
"token": "eyJhbGciOiJIUzI1NiIs...",
"needsOnboarding": false,
"user": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"email": "[email protected]",
"role": "USER"
}
}
POST /auth/google/onetap
Authenticate via Google One Tap.
curl -X POST https://api.paylinks.ro/api/v1/auth/google/onetap \
-H "Content-Type: application/json" \
-d '{"credential": "GOOGLE_JWT_CREDENTIAL"}'
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
credential | string | Yes | Google One Tap JWT |
Response (200):
{
"token": "eyJhbGciOiJIUzI1NiIs...",
"needsOnboarding": false,
"user": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"email": "[email protected]",
"role": "USER"
}
}