Profile & Account Settings
Modul ini fokus ke endpoint API v1 untuk pengaturan akun user: bind phone/2FA, preferensi language/currency, serta API key.
Daftar route
| Method | Path | Controller@method | Middleware |
|---|---|---|---|
| POST | /api/users/phone-bind | UserController@bindPhone | auth.xtoken, verified:api |
| POST | /api/users/twofa-bind | UserController@bindTwoFA | auth.xtoken, verified:api |
| POST | /api/users/twofa-unbind | UserController@unBindTwoFA | auth.xtoken, verified:api |
| PATCH | /api/users/language | UserController@updateLanguage | auth.xtoken, verified:api |
| PATCH | /api/users/currency | UserController@updateCurrency | auth.xtoken, verified:api |
| POST | /api/user/api-key | UserController@addApiKey | auth.xtoken, verified:api |
| PUT | /api/user/api-key | UserController@editApiKey | auth.xtoken, verified:api |
| DELETE | /api/user/api-key | UserController@deleteApiKey | auth.xtoken, verified:api |
| GET | /api/user/api-key | UserController@listApiKey | auth.xtoken, verified:api |
Bind phone
Route
POST /api/users/phone-bind- Controller:
UserController@bindPhone - Request validation:
BindPhoneRequest
Payload
| Field | Type | Required |
|---|---|---|
phone | string | Ya |
countryCode | string | Ya |
dialCode | string | Ya |
otpCode | string | Ya |
Behavior
- Validasi nomor belum dipakai user lain.
- Cek blacklist phone.
- Verifikasi OTP via
SmsUtil->verifyOtp. - Jika OTP gagal berulang (berbasis IP + redis), nomor bisa masuk blacklist.
Response
- sukses:
api.mobile_verified - gagal umum:
api.otp_verification_code_invalidapi.phone_number_blacklisted
Google 2FA bind/unbind
Bind
POST /api/users/twofa-bind- Controller:
UserController@bindTwoFA - Request validation:
BindTwoFARequest(otpCoderequired)
Payload:
{
"otpCode": "123456"
}
Response:
- sukses:
api.twofa_binded_successfully - gagal OTP:
auth.otp_failed(403)
Unbind
POST /api/users/twofa-unbind- Controller:
UserController@unBindTwoFA - Request validation:
BindTwoFARequest
Behavior:
- Verifikasi OTP.
- Set
bind2FA=false. - Regenerate
secret2FAbaru.
Response:
- sukses:
api.twofa_unbinded(dengan data user) - gagal OTP:
auth.otp_failed(403)
User preferences
1) Update language
PATCH /api/users/language- Controller:
UserController@updateLanguage - Request validation:
UpdateLanguageRequest
Payload:
{
"language": "id"
}
Response:
- sukses:
api.language_updated_successfully
2) Update currency
PATCH /api/users/currency- Controller:
UserController@updateCurrency - Request validation:
UpdateCurrencyRequest
Payload:
{
"currency": "idr"
}
Behavior:
- Nilai akan disimpan uppercase ke
user_price_symbol.
Response:
- sukses:
api.currency_updated_successfully
API key management
Controller: UserController
Request validation: ApiKeyRequest
1) Create API key
POST /api/user/api-key
Payload:
| Field | Type | Required |
|---|---|---|
apiName | string | Ya |
emailOtpCode | string | Ya |
phoneOtpCode | string | Opsional |
permissions | array | Ya |
Behavior:
- Verifikasi email OTP dari Redis (
KEY_EMAIL_CODE_PRE + email). - Generate
api_key(random) +secret_key(HMAC SHA-256).
Response:
- sukses:
api.generate_key_successful(+ data api key) - gagal OTP email:
api.email_otp_error
2) Edit/regenerate API key
PUT /api/user/api-key
Payload:
| Field | Type | Required |
|---|---|---|
apiKeyId | integer/string | Ya |
apiKey | string | Ya |
secretKey | string | Opsional |
permissions | array | Ya |
Behavior:
- Cari API key milik user berdasarkan
apiKeyId + apiKey. - Jika ditemukan, regenerate key pair baru dan update permission.
Response:
- sukses:
api.edit_api_key_successful - gagal tidak ditemukan:
api.user_api_key_not_found
3) Delete API key
DELETE /api/user/api-key
Payload:
{
"apiKeyId": 123,
"apiKey": "existing_api_key"
}
Response:
- sukses:
api.delete_api_key_successful - gagal tidak ditemukan:
api.user_api_key_not_found
4) List API key
GET /api/user/api-key- Mendukung pagination dari parameter global (
limit,offset,sortBy,sort).
Response:
- sukses:
api.list_api_key_successful