Documentation Index
Fetch the complete documentation index at: https://docs.city.atlas.krd/llms.txt
Use this file to discover all available pages before exploring further.
Primary Backend Flow
- POST
/auth/signin with email/password
- Receive session cookie
- Include cookie in subsequent requests
// Sign in
await fetch('/api/v1/auth/signin', {
method: 'POST',
credentials: 'include',
body: JSON.stringify({ email, password })
});
// Make authenticated requests
await fetch('/api/v1/users', {
credentials: 'include'
});
Mobile Backend Flow
- POST
/auth/signin with phone number → get accessToken
- POST
/auth/otp/create with accessToken → OTP sent via SMS
- POST
/auth/otp/validate with OTP → get sessionToken
- Use
sessionToken for API calls
// 1. Sign in
const { accessToken } = await fetch('/api/v1/auth/signin', {
method: 'POST',
body: JSON.stringify({ phoneNumber })
}).then(r => r.json());
// 2. Request OTP
await fetch('/api/v1/auth/otp/create', {
method: 'POST',
headers: { 'Authorization': `Bearer ${accessToken}` }
});
// 3. Validate OTP
const { sessionToken } = await fetch('/api/v1/auth/otp/validate', {
method: 'POST',
headers: { 'Authorization': `Bearer ${accessToken}` },
body: JSON.stringify({ otp: '123456' })
}).then(r => r.json());
// 4. Make authenticated requests
await fetch('/api/v1/users/current', {
headers: { 'Authorization': `Bearer ${sessionToken}` }
});
Security Best Practices
Primary Backend
- HttpOnly cookies prevent XSS
- Always use
credentials: 'include'
- Enable CORS for your domain
Mobile Backend
- Store tokens in secure storage (Keychain/Keystore)
- Handle token expiration
- Implement OTP rate limiting
