For Mobile Development Team
Base URL: http://localhost:5000 (Development)
POST /api/auth/register
Body: name, email, password, role (buyer or admin)
Response: token, user object
POST /api/auth/login
Body: email, password
Response: token, user object
CRITICAL: Store JWT tokens using expo-secure-store (NOT AsyncStorage)
Include token in all protected requests:
Authorization: Bearer {token}
Token expires after 24 hours.
All require Authorization: Bearer {token} header.
POST /api/verifications/submit
Body: business_name, registration_number
Response: verification object with id, status, created_at
GET /api/verifications/my-requests
Response: Array of verification objects
GET /api/verifications/:id
Response: Single verification object
PATCH /api/verifications/:id/cancel
Response: Updated verification with status "cancelled"
Note: Only works for pending/draft requests
pending— Awaiting admin reviewverified— Admin approvedrejected— Admin rejectedflagged— Needs further reviewcancelled— User cancelled
| Code | Meaning | Action |
|---|---|---|
| 200 | Success | Continue |
| 201 | Created | Resource created |
| 400 | Bad Request | Show validation error |
| 401 | Unauthorized | Redirect to login |
| 403 | Forbidden | Show access denied |
| 404 | Not Found | Show not found message |
| 500 | Server Error | Show try again message |
{
"message": "Error description"
}- Token Storage: Use
expo-secure-storeonly - Token Inclusion: Add
Authorization: Bearer {token}to all protected requests - Token Expiry: Handle 401 errors by redirecting to login
- Logout: Delete token from SecureStore
- HTTPS: Use HTTPS in production (DevOps will provide URL)
Check if backend is running:
GET http://localhost:5000
Response: {"message":"VeriTrade API is running"}
References: api-tests.http for request examples, README.md for setup