AuthApi
All URIs are relative to https://business.apis.kesk.app/v1
| Method | HTTP request | Description |
|---|---|---|
| changePassword | POST /auth/change-password | Update account password |
| forgotPassword | POST /auth/forgot-password | Initiate password reset process |
| login | POST /auth/login | Authenticate user and generate access token |
| logout | POST /auth/logout | End user session and invalidate token |
| profileUpdate | PUT /profile/update | Update user profile information |
| refreshToken | POST /auth/refresh-token | Refresh access token |
| resendEmailOtp | POST /otp/resend/email | Resend email verification OTP |
| resendMobileOtp | POST /otp/resend/mobile | Resend mobile phone verification OTP |
| resetPasswordWithOtp | POST /auth/reset-password-otp | Reset password using OTP |
| sendOtp | POST /otp/send | Send OTP code to phone number |
| signup | POST /auth/signup | Create a new user account |
| verifyEmailOtp | POST /otp/verify/email | Verify email address with OTP code |
| verifyMobileOtp | POST /otp/verify/mobile | Verify mobile phone number with OTP code |
| verifyOtp | POST /otp/verify | Verify OTP code |
| verifyPhoneAccount | GET /verify/phone | Check if phone number is registered |
| verifySignupOtp | POST /auth/verify-signup-otp | Verify email address after signup |
changePassword
MessageResponse changePassword(ChangePasswordRequest)
Update account password
Changes the authenticated user’s password by validating their current password and updating it to the new value. Requires the user to provide both current and new passwords.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ChangePasswordRequest | ChangePasswordRequest | Current password and new password |
Return type
Authorization
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8
forgotPassword
ForgotPasswordSuccessResponse forgotPassword(ForgotPasswordRequest)
Initiate password reset process
Sends a password reset OTP to the user’s registered email address. If the user’s email is not verified, sends a verification OTP instead and indicates that email verification is required before password reset. For security purposes, the response does not indicate whether an account with the provided email exists when the account is not found.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ForgotPasswordRequest | ForgotPasswordRequest | Email address to send password reset OTP |
Return type
Authorization
No authorization required
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8
login
LoginSuccessResponse login(LoginRequest)
Authenticate user and generate access token
Validates user credentials (email and password) and returns a JWT authentication token upon successful login. The token should be included in subsequent API requests for authorization.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| LoginRequest | LoginRequest | User credentials containing email and password |
Return type
Authorization
No authorization required
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8
logout
MessageResponse logout(authorization)
End user session and invalidate token
Logs out the authenticated user by invalidating their current session token and updating their online status. The token can no longer be used for subsequent requests. Returns success even if the token is expired or invalid (graceful logout).
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| authorization | String | Optional JWT bearer token for logout | [optional] [default to null] |
Return type
Authorization
No authorization required
HTTP request headers
- Content-Type: Not defined
- Accept: application/json; charset=utf-8
profileUpdate
ProfileUpdateResponse profileUpdate(ProfileUpdateRequest)
Update user profile information
Modifies the authenticated user’s profile details including name, email, phone number, gender, and online status. Changes are validated before being applied to the account.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ProfileUpdateRequest | ProfileUpdateRequest | Updated profile information fields |
Return type
Authorization
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8
refreshToken
RefreshTokenResponse refreshToken(RefreshTokenRequest)
Refresh access token
Exchanges a valid refresh token for a new access token and refresh token pair. The old refresh token is invalidated (rotated) for security. Use this endpoint when the access token expires to obtain a new one without requiring re-authentication.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| RefreshTokenRequest | RefreshTokenRequest | Refresh token request containing the refresh token |
Return type
Authorization
No authorization required
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8
resendEmailOtp
OtpSuccessResponse resendEmailOtp(ResendEmailOtpRequest)
Resend email verification OTP
Generates and sends a new one-time password to the user’s email address. Use this when the previous OTP has expired or was not received by the user.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ResendEmailOtpRequest | ResendEmailOtpRequest | Email address to send new OTP |
Return type
Authorization
No authorization required
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8
resendMobileOtp
OtpSuccessResponse resendMobileOtp(ResendMobileOtpRequest)
Resend mobile phone verification OTP
Generates and sends a new one-time password to the user’s mobile phone via SMS. Use this when the previous OTP has expired or was not received by the user.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ResendMobileOtpRequest | ResendMobileOtpRequest | Mobile number to send new OTP |
Return type
Authorization
No authorization required
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8
resetPasswordWithOtp
ResetPasswordSuccessResponse resetPasswordWithOtp(ResetPasswordWithOtpRequest)
Reset password using OTP
Validates the OTP sent via forgot-password and updates the user’s password to the new value. The OTP is single-use and expires after 10 minutes.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| ResetPasswordWithOtpRequest | ResetPasswordWithOtpRequest | Email, OTP, and new password |
Return type
Authorization
No authorization required
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8
sendOtp
OtpResponse sendOtp(SendOtpInput)
Send OTP code to phone number
Generates and sends a one-time password via SMS to the specified phone number. For login purposes, validates that the phone number is associated with an active account. OTP codes expire after a configured time period and can only be used once.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| SendOtpInput | SendOtpInput | OTP request containing phone number and purpose |
Return type
Authorization
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8
signup
SignupSuccessResponse signup(SignupRequest)
Create a new user account
Registers a new user with email and optional phone number. Sends a verification OTP to the provided email address that must be verified before the account can be activated and used for login.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| SignupRequest | SignupRequest | User registration details including name, email, phone, and password |
Return type
Authorization
No authorization required
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8
verifyEmailOtp
OtpSuccessResponse verifyEmailOtp(VerifyEmailOtpRequest)
Verify email address with OTP code
Validates a one-time password sent to the user’s email address for email verification purposes. Used for confirming email ownership during profile updates or security verification.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| VerifyEmailOtpRequest | VerifyEmailOtpRequest | Email address and OTP code to verify |
Return type
Authorization
No authorization required
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8
verifyMobileOtp
OtpSuccessResponse verifyMobileOtp(VerifyMobileOtpRequest)
Verify mobile phone number with OTP code
Validates a one-time password sent to the user’s mobile phone via SMS for phone verification. Used for confirming phone number ownership during registration or profile updates.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| VerifyMobileOtpRequest | VerifyMobileOtpRequest | Mobile number and OTP code to verify |
Return type
Authorization
No authorization required
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8
verifyOtp
OtpResponse verifyOtp(VerifyOtpInput)
Verify OTP code
Validates the provided OTP code against the phone number and marks it as consumed. For login flows, returns a JWT token upon successful verification and marks the phone number as verified. For generic verification, confirms the OTP without issuing a token.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| VerifyOtpInput | VerifyOtpInput | Verification request containing phone number, code, and purpose |
Return type
Authorization
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8
verifyPhoneAccount
PhoneVerificationResponse verifyPhoneAccount(phone)
Check if phone number is registered
Verifies whether a phone number is already registered in the system. Used during signup or profile updates to check phone number availability and prevent duplicates.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| phone | String | Phone number to verify | [default to null] |
Return type
Authorization
No authorization required
HTTP request headers
- Content-Type: Not defined
- Accept: application/json; charset=utf-8
verifySignupOtp
VerifySignupOtpSuccessResponse verifySignupOtp(VerifySignupOtpRequest)
Verify email address after signup
Validates the OTP sent to the user’s email during registration. Upon successful verification, the account is activated and a JWT authentication token is returned for immediate login.
Parameters
| Name | Type | Description | Notes |
|---|---|---|---|
| VerifySignupOtpRequest | VerifySignupOtpRequest | Email address and OTP code to verify |
Return type
VerifySignupOtpSuccessResponse
Authorization
No authorization required
HTTP request headers
- Content-Type: application/json; charset=utf-8
- Accept: application/json; charset=utf-8