Authentication

All API requests to the Gateway require a JWT Bearer token. Tokens are obtained via the Auth API after email verification.

ℹ️

A default workspace is automatically created when you verify your email. This workspace is used for knowledge base storage and agent organization.


Register

BASH
curl -X POST https://ultravoice.us.inc/api/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePass123!",
    "first_name": "John",
    "last_name": "Doe"
  }'
JSON
{
  "success": true,
  "data": {
    "message": "OTP sent to [email protected]",
    "user_id": "550e8400-e29b-41d4-a716-446655440000"
  }
}

Password Requirements

  • Minimum 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number

Verify Email (OTP)

After registration, a 6-digit OTP code is sent to your email. Verify within 10 minutes. Maximum 5 attempts.

BASH
curl -X POST https://ultravoice.us.inc/api/v1/auth/verify-otp \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]", "code": "482916"}'

Resend OTP

BASH
curl -X POST https://ultravoice.us.inc/api/v1/auth/resend-otp \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]"}'

Login

BASH
curl -X POST https://ultravoice.us.inc/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]", "password": "SecurePass123!"}'
JSON
{
  "data": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expires_in": 86400,
    "token_type": "Bearer",
    "user": {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "email": "[email protected]",
      "first_name": "John",
      "last_name": "Doe"
    }
  }
}

Using Tokens

Include the access token in every API request:

BASH
curl https://ultravoice.us.inc/api/v1/agents/ \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

Token Refresh

Access tokens expire after 24 hours. Use the refresh token to get a new one without re-authenticating:

BASH
curl -X POST https://ultravoice.us.inc/api/v1/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{"refresh_token": "eyJhbGciOiJIUzI1NiIs..."}'

Get Current User

BASH
curl https://ultravoice.us.inc/api/v1/auth/me \
  -H "Authorization: Bearer $TOKEN"

Security Best Practices

  • Never expose tokens in client-side code or version control
  • Always use HTTPS in production
  • Store tokens in httpOnly cookies or secure storage
  • Implement token refresh logic before the 24h expiry
  • Rotate JWT_SECRET regularly in production environments