StableX API
Mobile application API with WhatsApp authentication, point reward system, email verification, social media rewards, and referral mechanisms. Designed for user engagement and gamification.
WhatsApp Login
Login with WhatsApp
Login or register user account via WhatsApp phone number. Creates new account if phone doesn't exist, awards 50 welcome points for new users. Generates JWT token for subsequent authenticated requests.
Parameters
phonestringrequiredWhatsApp phone number for authentication
Request Body
{
"phone": "+628123456789"
}Response
{
"message": "Login successful",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"userx_id": 123,
"phonex": "+628123456789",
"usernamex": null,
"emailx": null,
"point_balance": 50,
"role": "user"
}
}{
"error": "Phone number is required."
}{
"error": "Account is deactivated or deleted. Please contact support."
}{
"error": "Login failed",
"details": "Database connection error"
}curl -X POST https://api.brdz.link/api/xusers/login \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
"phone": "+628123456789"
}'Get Notifications
Get Push Notifications
Retrieve list of push notifications for authenticated user from x_push_logs table. Returns notifications ordered by creation date (newest first) with read status.
Response
{
"success": true,
"notifications": [
{
"push_id": 456,
"title": "Welcome to StableX!",
"message": "Thank you for joining! You received 50 points as a welcome bonus.",
"read": false,
"created_at": "2024-01-15T10:30:00Z"
},
{
"push_id": 457,
"title": "Username Claimed!",
"message": "Congratulations! Your username has been set, and you received 50 points.",
"read": true,
"created_at": "2024-01-14T15:20:00Z"
}
]
}{
"error": "Unauthorized: User ID not found."
}{
"success": false,
"error": "Failed to fetch notifications."
}curl -X GET https://api.brdz.link/api/xusers/notifications \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY"Request Email Verification
Request Email Verification
Send 6-digit OTP code to email for verification. Checks email availability, prevents duplicate verification. OTP expires in 10 minutes. Updates user email and generates verification token.
Parameters
emailstringrequiredEmail address to verify
Request Body
{
"email": "user@example.com"
}Response
{
"success": true,
"message": "Verification code sent to email."
}{
"error": "Email is already verified."
}{
"error": "Unauthorized: User ID not found."
}{
"error": "Email is already in use by another verified user."
}{
"success": false,
"error": "Failed to initiate email verification."
}curl -X POST https://api.brdz.link/api/xmail/verify-email \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
"email": "user@example.com"
}'Confirm Email Verification
Confirm Email Verification
Verify email using 6-digit OTP code. Awards 50 points for first-time email verification. Marks email as verified and clears verification tokens. Sends push notification on success.
Parameters
otp_codestringrequired6-digit OTP code received via email
Request Body
{
"otp_code": "123456"
}Response
{
"success": true,
"message": "Email verified successfully.",
"points_awarded": 50,
"already_rewarded": false
}{
"error": "Invalid verification code."
}{
"error": "User not found."
}{
"success": false,
"error": "Email verification failed."
}{
"error": "Verification code expired."
}curl -X POST https://api.brdz.link/api/xmail/confirm-email \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
"otp_code": "123456"
}'Claim Username
Claim Username
Set unique username for user account. Awards 50 points for first-time username claim. Checks username availability and prevents duplicate claims. Sends push notification on success.
Parameters
usernamestringrequiredDesired username (must be unique)
Request Body
{
"username": "john_doe"
}Response
{
"message": "Username claimed successfully.",
"points_awarded": 50,
"already_rewarded": false
}{
"error": "Username is required."
}{
"error": "User not found."
}{
"error": "Username is already taken."
}{
"error": "Failed to claim username",
"details": "Database update failed"
}curl -X POST https://api.brdz.link/api/xprofiles/claim-username \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
"username": "john_doe"
}'Get User Profile
Get User Profile
Retrieve complete user profile including point balance and reward completion status. Shows username claim, email verification, contact sync, and social media reward status from multiple tables.
Response
{
"success": true,
"profile": {
"usernamex": "john_doe",
"emailx": "john@example.com",
"phonex": "+628123456789",
"point_balance": 250,
"userx_id": 123,
"claim_username": true,
"verify_email": true,
"sync_contact": true,
"social_facebook": false,
"social_instagram": true,
"social_x": false,
"social_discord": false
}
}{
"error": "Unauthorized. No user ID found in token."
}{
"error": "User not found."
}{
"error": "Failed to get profile"
}curl -X GET https://api.brdz.link/api/xprofiles/getme \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY"Sync Contacts
Sync Contacts
Import user contacts and award 50 points for first-time sync. Performs bulk insert of contacts to x_contacts table. Replaces existing contacts and sends push notification for new syncs.
Parameters
contactsarrayrequiredArray of contact objects with name and phone
Request Body
{
"contacts": [
{
"contact_name": "Alice Johnson",
"contact_phone": "+628111111111"
},
{
"contact_name": "Bob Smith",
"contact_phone": "+628222222222"
}
]
}Response
{
"message": "Contacts synced successfully.",
"points_awarded": 50,
"already_rewarded": false
}{
"error": "Contacts array is required."
}{
"error": "Failed to sync contacts."
}curl -X POST https://api.brdz.link/api/xcontacts/sync \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
"contacts": [
{
"contact_name": "Alice Johnson",
"contact_phone": "+628111111111"
},
{
"contact_name": "Bob Smith",
"contact_phone": "+628222222222"
}
]
}'Add Inviter
Add Inviter
Link user to their inviter (referrer) using phone number. Awards 50 points for successful referral link. Prevents self-invitation and duplicate inviter assignments. Creates entry in x_referrals table.
Parameters
inviter_phonestringrequiredWhatsApp phone number of the person who invited this user
Request Body
{
"inviter_phone": "+628987654321"
}Response
{
"message": "Inviter linked and reward granted.",
"points_awarded": 50
}{
"error": "You cannot invite yourself."
}{
"error": "Inviter not found."
}{
"error": "Failed to add inviter."
}{
"message": "You already have an inviter."
}curl -X POST https://api.brdz.link/api/xreff/add-inviter \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
"inviter_phone": "+628987654321"
}'Get Invited Friends
Get Invited Friends
Retrieve list of friends invited by current user. Shows user details and invitation timestamp from x_referrals JOIN x_users tables. Ordered by most recent invitations first.
Response
{
"success": true,
"invited": [
{
"userx_id": 124,
"usernamex": "alice_doe",
"emailx": "alice@example.com",
"phonex": "+628111111111",
"created_at": "2024-01-15T10:30:00Z"
},
{
"userx_id": 125,
"usernamex": null,
"emailx": null,
"phonex": "+628222222222",
"created_at": "2024-01-14T15:20:00Z"
}
]
}{
"error": "Failed to fetch invited friends."
}curl -X GET https://api.brdz.link/api/xreff/invited-friends \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY"Claim Social Media Reward
Claim Social Media Reward
Claim 50-point reward for following StableX on social media platforms. Supports platform mapping from URLs to standard names. Prevents duplicate claims per platform. Creates entry in x_social_rewards table.
Parameters
platformstringrequiredSocial media platform or URL (facebook, instagram, x, discord, or full URLs)
Request Body
{
"platform": "https://www.instagram.com/stablex.money/"
}Response
{
"message": "Reward for instagram claimed.",
"points_awarded": 50
}{
"error": "Invalid or unrecognized platform provided."
}{
"error": "Unauthorized: User ID not found."
}{
"error": "Failed to claim social reward"
}{
"message": "Already claimed reward for instagram.",
"points_awarded": 0,
"already_rewarded": true
}curl -X POST https://api.brdz.link/api/xsocial/claim \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
"platform": "https://www.instagram.com/stablex.money/"
}'Soft Delete Account
Soft Delete Account
Mark user account as deleted without permanent removal. Sets is_deleted flag to true in x_users_raw table. Account can potentially be restored by admin. Prevents future login attempts.
Response
{
"message": "Account successfully deleted."
}{
"error": "Unauthorized. No user ID found in token."
}{
"error": "Failed to delete account"
}curl -X DELETE https://api.brdz.link/api/xaccount/delete \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY"Request OTP
Request OTP Verification
Send OTP code via WhatsApp or SMS for verification purposes. Supports multiple purposes and delivery channels. Uses Twilio service for message delivery with callback tracking.
Parameters
phone_numberstringrequiredPhone number to send OTP to
purposestringrequiredPurpose of OTP (e.g., 'login', 'verification', 'password_reset')
channelstringDelivery channel (default: 'wa' for WhatsApp, also supports 'sms')
Request Body
{
"phone_number": "+628123456789",
"purpose": "login",
"channel": "wa"
}Response
{
"success": true,
"message": "OTP sent successfully",
"otp_id": "otp_12345",
"expires_at": "2024-01-15T10:40:00Z"
}{
"error": "phone_number and purpose are required."
}{
"error": "Failed to request OTP",
"details": "Twilio service unavailable"
}curl -X POST https://api.brdz.link/api/xotp/request \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
"phone_number": "+628123456789",
"purpose": "login",
"channel": "wa"
}'Verify OTP
Verify OTP Code
Verify OTP code against purpose and phone number. Validates code expiration and correctness. Marks OTP as used after successful verification to prevent replay attacks.
Parameters
phone_numberstringrequiredPhone number that received the OTP
purposestringrequiredPurpose that matches the OTP request
otp_codestringrequiredOTP code received via WhatsApp/SMS
Request Body
{
"phone_number": "+628123456789",
"purpose": "login",
"otp_code": "123456"
}Response
{
"success": true,
"message": "OTP verified successfully",
"verified_at": "2024-01-15T10:35:00Z"
}{
"error": "Invalid or expired OTP code."
}{
"error": "Failed to verify OTP",
"details": "Database query failed"
}curl -X POST https://api.brdz.link/api/xotp/verify \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
"phone_number": "+628123456789",
"purpose": "login",
"otp_code": "123456"
}'Get Wishlist Count
Get Wishlist Count
Retrieve current dynamic wishlist counter. Combines base count (1010), actual user count, and random increments. Updates every hour with random increments (3-10) for engagement purposes.
Response
{
"success": true,
"count": 1247
}{
"success": false,
"error": "Failed to get wishlist count."
}curl -X GET https://api.brdz.link/api/xwishlist/count \
-H "x-api-key: YOUR_API_KEY"Point Reward System
Reward Structure
| Action | Points | Requirements | Notes |
|---|---|---|---|
| Welcome Login | 50 | First-time registration | Automatic on new account |
| Claim Username | 50 | Unique username | One-time reward |
| Verify Email | 50 | Valid email + OTP | One-time reward |
| Sync Contacts | 50 | Contact import | One-time reward |
| Add Inviter | 50 | Valid referrer phone | One-time reward |
| Social Media | 50 each | Follow on platforms | Per platform once |
Supported Social Platforms
Backend maps URLs to standard platform names:
- Facebook:
https://facebook.com/→facebook - Instagram:
https://www.instagram.com/stablex.money/→instagram - X (Twitter):
https://x.com/BrdzStablecoin→x - Discord:
https://discord.gg/uGzV3nfD→discord
Authentication Flow
Complete Registration & Reward Flow
// 1. WhatsApp Login (50 points for new users)
const login = await loginWithWhatsApp({ phone: '+628123456789' });
// 2. Claim Username (50 points)
await claimUsername({ username: 'john_doe' });
// 3. Verify Email (50 points)
await requestEmailVerification({ email: 'john@example.com' });
await confirmEmailVerification({ otp_code: '123456' });
// 4. Sync Contacts (50 points)
await syncContacts({
contacts: [
{ contact_name: 'Alice', contact_phone: '+628111111111' }
]
});
// 5. Add Inviter (50 points)
await addInviter({ inviter_phone: '+628987654321' });
// 6. Social Media Rewards (50 points each)
await claimSocialReward({ platform: 'instagram' });
await claimSocialReward({ platform: 'facebook' });
// Total possible: 350+ points
Database Tables
Based on controller implementation:
- x_users_raw/x_users: Main user data with view aggregation
- x_points: Point transaction history with source tracking
- x_push_logs: Push notification storage
- x_contacts: User contact imports
- x_referrals: Referral relationship mapping
- x_social_rewards: Social media platform reward tracking
- x_meta: System metadata (wishlist counters, etc.)
Security Features
- JWT Authentication: Required for most endpoints
- One-time Rewards: Prevents duplicate point farming
- Soft Delete: Account deactivation without data loss
- OTP Verification: WhatsApp/SMS based verification
- Anti-fraud: Self-invitation prevention, duplicate checks
Most endpoints require JWT token from WhatsApp login. Only login, OTP operations, and wishlist count are public endpoints.
All point rewards are one-time only. System tracks completion status to prevent farming. Points are automatically credited with push notifications.
Platform URLs are automatically mapped to standard names. Users can provide either full URLs or platform names for social media rewards.