Corporate Backend API

Date: February 6, 2026

Version: 1.1

Status: Draft Update

1. Overview

This document serves as the comprehensive technical reference for the Corporate Backend API. It details all available endpoints, authentication flows, and data structures.

2. Authentication & Security Policy

The system uses JWT (JSON Web Tokens) for security. All protected endpoints must include the token in the header:

Authorization: Bearer <access_token>

2.1 Registration Flow

  1. Request OTP: Client requests OTP for Email/SMS.
  2. Verify OTP: Client validates the OTP code.
  3. Register: Client submits user details + OTP (logic checks verification status). Server returns Access Token.

2.2 Login Flow

  1. Login: User authenticates with Email + Password.
  2. Token Issuance: Server returns Access Token (short-lived) + Refresh Token.

3. Authentication Module (`/auth`)

Register

POST /auth/register

Creates a new user account.

// Request
{
  "userName": "jdoe",
  "email": "jdoe@example.com",
  "mobileNumber": "+1234567890",
  "password": "SecurePassword123!",
  "otp": "123456"
}

// Response
{
  "accessToken": "ey...",
  "refreshToken": "...",
  "userId": "guid...",
  "userName": "jdoe"
}

Login

POST /auth/login

{
  "userNameOrEmail": "jdoe",
  "password": "SecurePassword123!"
}

OTP Management

4. General Modules Reference

Company Management (`/company`)

MethodEndpointDescription
GET/company/profileGet company profile details
POST/company/profileUpsert company profile
GET/company/authorized-personList authorized personnel
POST/company/authorized-personAdd/Update authorized person

Transactions (`/transactions`)

MethodEndpointDescription
GET/transactionsList all transactions
POST/transactionsCreate new transaction
PUT/transactions/{id}/approveApprove transaction
PUT/transactions/{id}/rejectReject transaction

Documents (`/documents`)

MethodEndpointDescription
POST/documents/uploadUpload document file
GET/documents/statusCheck document status

User Admin (`/users`)

MethodEndpointDescription
GET/usersList all users
POST/usersCreate user (Admin)
PUT/users/{id}/roleAssign Access Role
POST/users/activateActivate/Deactivate User
© 2026 Corporate Backend Services. Confidential.