{"openapi":"3.0.3","info":{"title":"SSO RCX API","description":"Dokumentasi OAuth2, identitas user, verifikasi akun, reset password, dan admin client SSO RCX. Secret tidak pernah ditampilkan di dokumentasi.","version":"1.0.0"},"servers":[{"url":"https:\/\/sso.rcx.co.id","description":"SSO RCX production"},{"url":"https:\/\/sso.rcx.co.id","description":"Current application URL"}],"tags":[{"name":"Public","description":"Health, metadata, dan OpenAPI spec."},{"name":"OAuth2","description":"Authorization Code flow untuk aplikasi client."},{"name":"Identity","description":"Data user SSO yang dibaca aplikasi client."},{"name":"Account Verification","description":"Email\/phone verification dan password reset."},{"name":"Profile","description":"Update profil user via token."},{"name":"Admin","description":"Admin web SSO untuk setting dan OAuth client."}],"paths":{"\/api\/health":{"get":{"tags":["Public"],"summary":"Health check SSO RCX","responses":{"200":{"description":"Service healthy","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/HealthResponse"}}}}}}},"\/.well-known\/sso":{"get":{"tags":["Public"],"summary":"Metadata SSO RCX","responses":{"200":{"description":"Metadata endpoints, clients, identity fields, and mirror fields","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SsoMetadata"}}}}}}},"\/openapi.json":{"get":{"tags":["Public"],"summary":"OpenAPI JSON spec","responses":{"200":{"description":"OpenAPI document"}}}},"\/oauth\/authorize":{"get":{"tags":["OAuth2"],"summary":"Redirect user to SSO authorization page","parameters":[{"$ref":"#\/components\/parameters\/response_type"},{"$ref":"#\/components\/parameters\/client_id"},{"$ref":"#\/components\/parameters\/redirect_uri"},{"$ref":"#\/components\/parameters\/scope"},{"$ref":"#\/components\/parameters\/state"}],"responses":{"302":{"description":"Redirect to login\/consent or callback URL"},"400":{"description":"Invalid OAuth request"}}}},"\/oauth\/token":{"post":{"tags":["OAuth2"],"summary":"Exchange authorization code for token","requestBody":{"required":true,"content":{"application\/x-www-form-urlencoded":{"schema":{"$ref":"#\/components\/schemas\/OAuthTokenRequest"}}}},"responses":{"200":{"description":"Access token and refresh token","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/OAuthTokenResponse"}}}},"400":{"description":"Invalid grant or invalid client"}}}},"\/oauth\/me":{"get":{"tags":["Identity"],"summary":"Get authenticated SSO user profile","security":[{"ssoOAuth":[]},{"bearerAuth":[]}],"responses":{"200":{"description":"SSO user payload for client mirroring","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/UserIdentity"}}}},"401":{"description":"Invalid or missing access token"}}}},"\/api\/oauth\/me":{"get":{"tags":["Identity"],"summary":"Get authenticated SSO user profile via API prefix","security":[{"ssoOAuth":[]},{"bearerAuth":[]}],"responses":{"200":{"description":"SSO user payload for client mirroring","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/UserIdentity"}}}},"401":{"description":"Invalid or missing access token"}}}},"\/oauth\/logout":{"post":{"tags":["OAuth2"],"summary":"Revoke current OAuth token","security":[{"ssoOAuth":[]},{"bearerAuth":[]}],"responses":{"200":{"description":"Token revoked","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/OkResponse"}}}},"401":{"description":"Invalid or missing access token"}}}},"\/api\/oauth\/logout":{"post":{"tags":["OAuth2"],"summary":"Revoke current OAuth token via API prefix","security":[{"ssoOAuth":[]},{"bearerAuth":[]}],"responses":{"200":{"description":"Token revoked","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/OkResponse"}}}},"401":{"description":"Invalid or missing access token"}}}},"\/api\/profile":{"post":{"tags":["Profile"],"summary":"Update profile fields using OAuth token","security":[{"ssoOAuth":[]},{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/ProfileUpdateRequest"}}}},"responses":{"200":{"description":"Profile updated"},"422":{"description":"Validation error"},"401":{"description":"Invalid or missing access token"}}}},"\/register":{"post":{"tags":["Account Verification"],"summary":"Register new SSO user through web form","requestBody":{"required":true,"content":{"application\/x-www-form-urlencoded":{"schema":{"$ref":"#\/components\/schemas\/RegisterRequest"}}}},"responses":{"302":{"description":"Redirect to profile or verification flow"},"422":{"description":"Validation error"}}}},"\/email\/verification-notification":{"post":{"tags":["Account Verification"],"summary":"Resend email verification link","responses":{"302":{"description":"Verification link queued"},"401":{"description":"Authentication required"}}}},"\/phone\/verification-code":{"post":{"tags":["Account Verification"],"summary":"Send phone\/WhatsApp OTP code","requestBody":{"required":true,"content":{"application\/x-www-form-urlencoded":{"schema":{"$ref":"#\/components\/schemas\/PhoneOtpRequest"}}}},"responses":{"302":{"description":"OTP sent through WHAPI if active, otherwise fallback notification"},"401":{"description":"Authentication required"},"429":{"description":"Throttle limit reached"}}}},"\/phone\/verify":{"post":{"tags":["Account Verification"],"summary":"Verify phone\/WhatsApp OTP code","requestBody":{"required":true,"content":{"application\/x-www-form-urlencoded":{"schema":{"$ref":"#\/components\/schemas\/PhoneVerifyRequest"}}}},"responses":{"302":{"description":"Phone verified or validation returned to form"},"422":{"description":"Invalid OTP code"},"429":{"description":"Throttle limit reached"}}}},"\/forgot-password":{"post":{"tags":["Account Verification"],"summary":"Request password reset link","requestBody":{"required":true,"content":{"application\/x-www-form-urlencoded":{"schema":{"$ref":"#\/components\/schemas\/ForgotPasswordRequest"}}}},"responses":{"302":{"description":"Password reset link queued if email exists"},"422":{"description":"Validation error"}}}},"\/reset-password":{"post":{"tags":["Account Verification"],"summary":"Reset password using token","requestBody":{"required":true,"content":{"application\/x-www-form-urlencoded":{"schema":{"$ref":"#\/components\/schemas\/ResetPasswordRequest"}}}},"responses":{"302":{"description":"Password reset success or failure returned to form"},"422":{"description":"Validation error"}}}},"\/admin\/settings":{"get":{"tags":["Admin"],"summary":"Admin page for SMTP, WHAPI, app name, domain, and issuer","responses":{"200":{"description":"Admin settings page"}}},"post":{"tags":["Admin"],"summary":"Update runtime SSO settings","responses":{"302":{"description":"Settings saved"}}}},"\/admin\/oauth-clients":{"get":{"tags":["Admin"],"summary":"Admin OAuth client list","responses":{"200":{"description":"OAuth clients page"}}},"post":{"tags":["Admin"],"summary":"Create custom OAuth client; secret appears once","responses":{"302":{"description":"Client created and secret flashed once"}}}}},"components":{"securitySchemes":{"ssoOAuth":{"type":"oauth2","flows":{"authorizationCode":{"authorizationUrl":"https:\/\/sso.rcx.co.id\/oauth\/authorize","tokenUrl":"https:\/\/sso.rcx.co.id\/oauth\/token","scopes":{}}}},"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"parameters":{"response_type":{"name":"response_type","in":"query","required":true,"schema":{"type":"string","example":"code"}},"client_id":{"name":"client_id","in":"query","required":true,"schema":{"type":"string","example":"1"}},"redirect_uri":{"name":"redirect_uri","in":"query","required":true,"schema":{"type":"string","format":"uri","example":"https:\/\/panel.rasyacomputer.co.id\/auth\/sso\/callback"}},"scope":{"name":"scope","in":"query","required":false,"schema":{"type":"string","example":""}},"state":{"name":"state","in":"query","required":true,"schema":{"type":"string","example":"random-state-value"}}},"schemas":{"HealthResponse":{"type":"object","properties":{"service":{"type":"string","example":"SSO RCX"},"issuer":{"type":"string","example":"https:\/\/sso.rcx.co.id"},"ok":{"type":"boolean","example":true},"status":{"type":"string","example":"healthy"}}},"SsoMetadata":{"type":"object","properties":{"service":{"type":"string"},"issuer":{"type":"string"},"clients":{"type":"object"},"endpoints":{"type":"object"},"identity_fields":{"type":"object"},"mirror_fields":{"type":"array","items":{"type":"string"}}}},"OAuthTokenRequest":{"type":"object","required":["grant_type","client_id","client_secret","redirect_uri","code"],"properties":{"grant_type":{"type":"string","example":"authorization_code"},"client_id":{"type":"string","example":"1"},"client_secret":{"type":"string","example":"client-secret-from-admin"},"redirect_uri":{"type":"string","format":"uri"},"code":{"type":"string"}}},"OAuthTokenResponse":{"type":"object","properties":{"token_type":{"type":"string","example":"Bearer"},"expires_in":{"type":"integer","example":3600},"access_token":{"type":"string"},"refresh_token":{"type":"string"}}},"OkResponse":{"type":"object","properties":{"ok":{"type":"boolean","example":true},"message":{"type":"string"}}},"RegisterRequest":{"type":"object","required":["name","email","phone","password","password_confirmation"],"properties":{"name":{"type":"string"},"email":{"type":"string","format":"email"},"phone":{"type":"string","example":"628123456789"},"password":{"type":"string","format":"password"},"password_confirmation":{"type":"string","format":"password"}}},"ForgotPasswordRequest":{"type":"object","required":["email"],"properties":{"email":{"type":"string","format":"email"}}},"ResetPasswordRequest":{"type":"object","required":["token","email","password","password_confirmation"],"properties":{"token":{"type":"string"},"email":{"type":"string","format":"email"},"password":{"type":"string","format":"password"},"password_confirmation":{"type":"string","format":"password"}}},"PhoneOtpRequest":{"type":"object","required":["phone"],"properties":{"phone":{"type":"string","example":"628123456789"}}},"PhoneVerifyRequest":{"type":"object","required":["code"],"properties":{"code":{"type":"string","example":"123456"}}},"ProfileUpdateRequest":{"type":"object","properties":{"name":{"type":"string"},"username":{"type":"string"},"phone":{"type":"string"},"gender":{"type":"string","enum":["male","female","other"]},"birth_date":{"type":"string","format":"date"},"address":{"type":"string"},"city":{"type":"string"},"province":{"type":"string"},"country":{"type":"string"},"timezone":{"type":"string"},"locale":{"type":"string"},"telegram_id":{"type":"string"},"telegram_username":{"type":"string"},"whatsapp_number":{"type":"string"}}},"UserIdentity":{"type":"object","properties":{"id":{"type":"string"},"numeric_id":{"type":"integer"},"uuid":{"type":"string"},"name":{"type":"string"},"username":{"type":"string","nullable":true},"email":{"type":"string","format":"email"},"phone":{"type":"string"},"role":{"type":"string","enum":["admin","reseller","customer"]},"status":{"type":"string","enum":["pending_verification","active","suspended","blocked"]},"suspended":{"type":"boolean"},"blocked":{"type":"boolean"},"email_verified":{"type":"boolean"},"phone_verified":{"type":"boolean"},"email_verified_at":{"type":"string","nullable":true},"phone_verified_at":{"type":"string","nullable":true},"profile":{"type":"object"},"channels":{"type":"object"},"referral":{"type":"object"},"security":{"type":"object"}}}}}}