Authentication API

Authenticate users and manage sessions with the BRDZ API.

POST/api/auth/login

Login User

Authenticate a user with email/username and password. Returns JWT token for subsequent API calls.

Parameters

usernameoremailstringrequired

User's email address or username

passwordstringrequired

User's password

Request Body

{
  "usernameoremail": "user@example.com",
  "password": "securepassword123"
}

Response

200Login successful - No 2FA required

{
  "success": true,
  "message": "Login berhasil",
  "requires_2fa": false,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "user": {
      "user_id": 123,
      "email": "user@example.com",
      "role": "admin",
      "username": "user123",
      "phone": "+6281234567890",
      "ekyc_status": "PENDING"
    },
    "client": {
      "client_id": 45,
      "client_type": "BUSINESS",
      "client_status": "ACTIVE",
      "ekyc_status": "PENDING",
      "ekyb_status": "PENDING"
    }
  }
}

400Missing credentials

{
  "success": false,
  "error": "Incorrect username or password"
}

401Invalid credentials

{
  "success": false,
  "error": "Incorrect username or password"
}

403Account not active

{
  "success": false,
  "error": "Account is not active or rejected"
}

200 (2FA Required)Password verified - 2FA required

{
  "success": true,
  "requires_2fa": true,
  "message": "Password verified. Please provide 2FA verification code.",
  "data": {
    "user_id": 123,
    "email": "user@example.com"
  }
}

curl -X POST https://api.brdz.link/api/auth/login \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
  "usernameoremail": "user@example.com",
  "password": "securepassword123"
}'

POST/api/auth/complete-login

Complete Login with 2FA

Complete the login process when 2FA is enabled. Use this after initial login returns requires_2fa: true.

Parameters

user_idnumberrequired

User ID from initial login response

two_fa_tokenstringrequired

6-digit code from authenticator app

Request Body

{
  "user_id": 123,
  "two_fa_token": "123456"
}

Response

2002FA verification successful

{
  "success": true,
  "message": "2FA verification successful. Login completed.",
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "user": {
      "user_id": 123,
      "email": "user@example.com",
      "role": "admin",
      "username": "user123",
      "phone": "+6281234567890",
      "ekyc_status": "PENDING"
    },
    "client": {
      "client_id": 45,
      "client_type": "BUSINESS",
      "client_status": "ACTIVE",
      "ekyc_status": "PENDING",
      "ekyb_status": "PENDING"
    }
  }
}

400Missing parameters or 2FA not enabled

{
  "success": false,
  "error": "User ID and 2FA token are required"
}

401Invalid 2FA token

{
  "success": false,
  "error": "Invalid 2FA verification code"
}

403Account not active

{
  "success": false,
  "error": "Account is not active"
}

404User not found

{
  "success": false,
  "error": "User not found"
}

curl -X POST https://api.brdz.link/api/auth/complete-login \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
  "user_id": 123,
  "two_fa_token": "123456"
}'

Forgot Password

POST/api/password/request_reset

Forgot Password

Request password reset email for user account.

Parameters

emailstringrequired

User's email address

Request Body

{
  "email": "user@example.com"
}

Response

200Password reset email sent

{
  "success": true,
  "message": "Password reset email sent"
}

400Missing email parameter

{
  "success": false,
  "error": "Email is required"
}

500Server error

{
  "success": false,
  "error": "An error occurred while processing request",
  "details": "Error details"
}

curl -X POST https://api.brdz.link/api/password/request_reset \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
  "email": "user@example.com"
}'

Register Client with Admin

POST/api/clients/create_with_admin

Register Client with Admin

Parameters

emailstringrequired

Client's email address

client_aliasstringrequired

Client's display name/alias

client_typestringrequired

Type of client (e.g., 'BUSINESS', 'INDIVIDUAL')

country_codestringrequired

ISO country code (e.g., 'ID', 'US')

phonestringrequired

Client's phone number

client_statusstring

Client status (defaults to 'PENDING')

Request Body

{
  "email": "newclient@example.com",
  "client_alias": "My Company",
  "client_type": "BUSINESS",
  "country_code": "ID",
  "phone": "+6281234567890"
}

Response

201Client and admin user created successfully

{
  "message": "Client & Admin successfully created! Admin must complete KYC before being able to use the account.",
  "client": {
    "client_id": 124,
    "client_code": "CL-202501-0001",
    "email": "newclient@example.com",
    "client_alias": "My Company",
    "client_type": "BUSINESS",
    "client_status": "PENDING",
    "ekyc_status": "PENDING",
    "country_code": "ID",
    "psp_id": 1,
    "phone": "+6281234567890"
  },
  "admin_user": {
    "user_id": 456,
    "email": "newclient@example.com",
    "username": "My Company",
    "role": "admin",
    "user_status": "ACTIVE"
  },
  "ekyc_status": "PENDING"
}

400Validation error

{
  "error": "Email, Name, Type, Country and Mobile Number are required!"
}

409Email already exists

{
  "error": "Email is already in use by another client."
}

curl -X POST https://api.brdz.link/api/clients/create_with_admin \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
  "email": "newclient@example.com",
  "client_alias": "My Company",
  "client_type": "BUSINESS",
  "country_code": "ID",
  "phone": "+6281234567890"
}'

Get User Profile

GET/api/users/{user_id}

Get User Profile

Get user profile information. Requires authentication.

Parameters

user_idstringrequired

User ID (path parameter)

Response

200User profile retrieved

{
  "success": true,
  "data": {
    "user": {
      "user_id": 123,
      "email": "user@example.com",
      "username": "user123",
      "role": "admin",
      "phone": "+6281234567890",
      "user_status": "ACTIVE",
      "ekyc_status": "PENDING"
    }
  }
}

401Authentication required

{
  "success": false,
  "error": "Authentication required"
}

404User not found

{
  "success": false,
  "error": "User not found"
}

curl -X GET https://api.brdz.link/api/users/123 \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY"

Authentication Required

Most BRDZ API endpoints require authentication. Include the JWT token in the Authorization header:

Authorization: Bearer YOUR_JWT_TOKEN

API Key Required

All requests must include your API key in the x-api-key header. Get your API key from the Dashboard.

Login User​

Login User

Parameters

Request Body

Response

Complete Login with 2FA​

Complete Login with 2FA

Parameters

Request Body

Response

Forgot Password​

Forgot Password

Parameters

Request Body

Response

Register Client with Admin​

Register Client with Admin

Parameters

Request Body

Response

Get User Profile​

Get User Profile

Parameters

Response

Login User

Complete Login with 2FA

Forgot Password

Register Client with Admin

Get User Profile