Notification & Messaging
Modul ini mencakup endpoint API v1 untuk OTP, pesan user, inquiry, dan push token FCM.
Daftar route
| Method | Path | Controller@method | Middleware |
|---|---|---|---|
| POST | /api/email/otp-code | AuthController@requestEmailOtp | publik |
| POST | /api/phone/otp | PhoneController@requestOtp | auth.xtoken, verified:api |
| GET | /api/user-messages | MessageController@listMessage | auth.xtoken, verified:api |
| GET | /api/user-messages/read | MessageController@readMessages | auth.xtoken, verified:api |
| POST | /api/user-messages/read-all | MessageController@readAllMessages | auth.xtoken, verified:api |
| DELETE | /api/user-messages/delete-multiple | MessageController@deleteMultipleMessages | auth.xtoken, verified:api |
| POST | /api/fcm/token | FcmController@storeOrUpdateToken | auth.xtoken, verified:api |
| DELETE | /api/fcm/delete-user-tokens | FcmController@clearToken | auth.xtoken, verified:api |
| POST | /api/inquiries | InquiryController@submitInquiry | grecaptcha.verify |
Email OTP
Route
POST /api/email/otp-code- Controller:
AuthController@requestEmailOtp - Request validation:
EmailOtpRequest
Payload
{
"email": "user@example.com"
}
Behavior
- Jika email tidak ditemukan, tetap balas sukses untuk mencegah user enumeration.
- Limit request OTP email: max 3x per 5 menit per IP/email (redis throttle).
- OTP 6 digit disimpan di Redis 5 menit.
Response
- sukses:
api.email_otp_sent - gagal throttle:
api.otp_code_request_throttle
Phone OTP
Route
POST /api/phone/otp- Controller:
PhoneController@requestOtp - Request validation:
RequestOtpRequest
Payload
| Field | Type | Required |
|---|---|---|
phone | string | Ya |
countryCode | string | Ya |
dialCode | string | Ya |
Behavior
- Cek blacklisted phone.
- Cek nomor belum dipakai user lain.
- Limit request OTP: max 3x per 5 menit per IP/nomor.
- OTP dikirim via
SmsUtil.
Response gagal umum
api.phone_number_blacklistedapi.phone_number_in_usedapi.otp_code_request_throttleapi.otp_sent_failure
User messages
Controller: MessageController
1) List messages
GET /api/user-messages- Query opsional:
type:ALL(default),READ,UNREAD- pagination default mengikuti
limit/offset
Response data berisi:
data(list pesan)totalCounttotalReadCounttotalUnreadCount
2) Mark as read
GET /api/user-messages/read- Parameter:
type=alluntuk tandai semua pesan 30 hari terakhir- atau
userMessageIds[]untuk tandai pesan tertentu
Response message:
api.user_messages_have_been_read
3) Read all (explicit endpoint)
POST /api/user-messages/read-all- Menandai semua unread message (30 hari terakhir) jadi read.
- Response message:
api.user_messages_have_been_read_all
4) Delete multiple
DELETE /api/user-messages/delete-multiple- Payload:
{
"messageIds": [1, 2, 3]
}
- Validasi:
messageIdswajib array integer
- Response:
- sukses:
api.user_messages_deleted - data memuat
deletedCount
- sukses:
FCM token (push notification)
Controller: FcmController
1) Store or update token
POST /api/fcm/token- Payload:
{
"user_id": 123,
"fcm_token": "..."
}
Response (controller ini tidak memakai envelope sendResponse)
- sukses:
- HTTP 200
{ "success": true, ... }
- validasi gagal:
- HTTP 422
{ "success": false, "message": "Validation failed", "errors": {...} }
- user tidak ditemukan:
- HTTP 404
- error internal:
- HTTP 500
2) Clear token
DELETE /api/fcm/delete-user-tokens- Payload:
{
"user_id": 123
}
Response:
- sukses:
{ "success": true, "message": "FCM token cleared successfully" }
Inquiry (contact us)
Route
POST /api/inquiries- Controller:
InquiryController@submitInquiry - Request validation:
SubmitInquiryRequest - Middleware:
grecaptcha.verify
Payload
| Field | Type | Required | Validasi |
|---|---|---|---|
subject | string | Ya | required |
firstName | string | Ya | min 3, max 255 |
lastName | string | Ya | min 3, max 255 |
email | string | Ya | email, max 255 |
phone | string | Ya | min 5, max 255 |
message | string | Ya | min 5 |
Response
- sukses:
api.inquiry_submit_successfully - gagal: pesan validasi/request error