API docs by Redocly

uExcelerate Auth Service (1.0.0)

Download OpenAPI specification:

E-mail: support@uexcelerate.com

Authentication microservice — user registration, login, JWT tokens, account management, email flows

Account

Account/organization management

Create account with admin user

Creates an organization/account and its initial admin user.

Authorizations:
bearerAuth
Request Body schema: application/json
required
accountName
required
string [ 3 .. 100 ] characters

Account/organization name

website
string <uri>

Account website URL

address
string [ 10 .. 500 ] characters

Mailing address

licensePlan
string
Enum: "STARTER" "BUSINESS" "ENTERPRISE"

License plan tier

billingType
string
Enum: "MONTHLY" "ANNUAL" "TRIAL" "FREE"

Billing cadence/type

serviceTypes
Array of strings [ 1 .. 3 ] items
Items Enum: "COACHING" "MENTORING" "FACILITATION"

Services included in the account subscription

maxUsers
integer [ 1 .. 10000 ]

Maximum number of seats/users allowed on this account

adminName
required
string [ 3 .. 100 ] characters

Initial admin user's full name

adminEmail
required
string <email>

Initial admin user's email (unique, lowercased server-side)

adminRole
required
string
Enum: "ADMIN" "GROUP_ADMIN"

Role assigned to the initial admin user

ssoDomain
string

SSO email domain for the account

isDefaultAccount
boolean

Whether this is the platform's default account

Responses

Request samples

Content type
application/json
{
  • "accountName": "Acme Corp",
  • "website": "https://example.com",
  • "address": "123 Main St, Springfield, IL 62701",
  • "licensePlan": "BUSINESS",
  • "billingType": "ANNUAL",
  • "serviceTypes": [
    ],
  • "maxUsers": 100,
  • "adminName": "Jane Doe",
  • "adminEmail": "admin@example.com",
  • "adminRole": "ADMIN",
  • "ssoDomain": "example.com",
  • "isDefaultAccount": false
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Update account

Updates account fields and (optionally) admin name.

Authorizations:
bearerAuth
path Parameters
id
required
string <uuid>
Example: 550e8400-e29b-41d4-a716-446655440000

Account ID

Request Body schema: application/json
required
accountName
string [ 3 .. 100 ] characters

Account/organization name

website
string <uri>

Account website URL

address
string

Mailing address

licensePlan
string
Enum: "STARTER" "BUSINESS" "ENTERPRISE"

License plan tier

billingType
string
Enum: "MONTHLY" "ANNUAL" "TRIAL" "FREE"

Billing cadence/type

serviceTypes
Array of strings
Items Enum: "COACHING" "MENTORING" "FACILITATION"

Services included in the account subscription

maxUsers
integer

Maximum number of seats/users allowed on this account

isDefaultAccount
boolean

Whether this is the platform's default account

status
string
Enum: "ACTIVE" "INACTIVE"

Resource status

adminName
string

Initial admin user's full name

Responses

Request samples

Content type
application/json
{
  • "accountName": "Acme Corp",
  • "website": "https://example.com",
  • "address": "123 Main St, Springfield, IL 62701",
  • "licensePlan": "BUSINESS",
  • "billingType": "ANNUAL",
  • "serviceTypes": [
    ],
  • "maxUsers": 100,
  • "isDefaultAccount": false,
  • "status": "ACTIVE",
  • "adminName": "Jane Doe"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

List all accounts

Returns all accounts visible to the caller.

Authorizations:
bearerAuth

Responses

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Get account by ID

Returns a single account by ID.

Authorizations:
bearerAuth
path Parameters
id
required
string <uuid>
Example: 550e8400-e29b-41d4-a716-446655440000

Resource UUID

Responses

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Admin

Administrative operations

Run full cleanup

Manually triggers token / expired-record cleanup.

Responses

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Get cleanup statistics

Returns counters for the cleanup scheduler.

Responses

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Auth

Login, registration, token operations

Verify email via activation token

Verifies a user email using the activation token.

Request Body schema: application/json
required
token
required
string

Activation token sent via email

Responses

Request samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.token.value"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Refresh access token

Issues a new access token using a valid refresh token.

Request Body schema: application/json
required
refreshToken
required
string [ 1 .. 1000 ] characters

Long-lived refresh token used to mint a new accessToken

Responses

Request samples

Content type
application/json
{
  • "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyIn0.refresh"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Logout current session

Invalidates the active session and refresh token.

Authorizations:
bearerAuth

Responses

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

OAuth signup completion

Completes account setup after OAuth verification using a pre-verified temp token.

path Parameters
provider
required
string
Enum: "google" "outlook" "azure-ad" "microsoft"
Example: google

OAuth provider identifier

Request Body schema: application/json
required
tempToken
required
string

Email verification token (hex string)

verifiedEmail
required
string <email>

Verified email

object

User

object

Account

object

Profile

code
string

Machine-readable error code

state
string

State

scope
string

Scope

error
string

Error

error_description
string

Error description

Responses

Request samples

Content type
application/json
{
  • "tempToken": "string",
  • "verifiedEmail": "user@example.com",
  • "user": { },
  • "account": { },
  • "profile": { },
  • "code": "ERROR_CODE",
  • "state": "string",
  • "scope": "string",
  • "error": "string",
  • "error_description": "string"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

OAuth signin

Signs in an existing user via OAuth callback payload.

path Parameters
provider
required
string
Enum: "google" "outlook" "azure-ad" "microsoft"
Example: google

OAuth provider identifier

Request Body schema: application/json
required
object

User

object

Account

object

Profile

code
string

Machine-readable error code

state
string

State

scope
string

Scope

error
string

Error

error_description
string

Error description

Responses

Request samples

Content type
application/json
{
  • "user": { },
  • "account": { },
  • "profile": { },
  • "code": "ERROR_CODE",
  • "state": "string",
  • "scope": "string",
  • "error": "string",
  • "error_description": "string"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

OAuth invitation flow

Creates an account from an invitation link via OAuth.

path Parameters
provider
required
string
Enum: "google" "outlook" "azure-ad" "microsoft"
Example: google

OAuth provider identifier

Request Body schema: application/json
required
invitationToken
required
string

Mandatory invitation token

object

User

object

Account

object

Profile

code
string

Machine-readable error code

state
string

State

scope
string

Scope

Responses

Request samples

Content type
application/json
{
  • "invitationToken": "i_8f3c1b6a9d4e2f17",
  • "user": { },
  • "account": { },
  • "profile": { },
  • "code": "ERROR_CODE",
  • "state": "string",
  • "scope": "string"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Login with email and password

Authenticates a user and returns access + refresh tokens.

Request Body schema: application/json
required
email
required
string <email> <= 255 characters

User email address (unique, lowercased server-side)

password
required
string <password> non-empty

User password — plaintext at API boundary, bcrypt-hashed (rounds=12 per BCRYPT_ROUNDS env) before storage

rememberMe
boolean
Default: false

If true, mints a longer-lived refresh token

Responses

Request samples

Content type
application/json
{
  • "email": "user@example.com",
  • "password": "Pa$$w0rd123",
  • "rememberMe": false
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Request password reset email

Sends a password reset link to the supplied email.

Request Body schema: application/json
required
email
required
string <email> <= 255 characters

User email address (unique, lowercased server-side)

Responses

Request samples

Content type
application/json
{
  • "email": "user@example.com"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Reset password with token

Resets the user's password using a reset token.

Request Body schema: application/json
required
token
required
string [ 1 .. 1000 ] characters

Opaque or JWT token (context-specific)

newPassword
required
string <password> >= 8 characters

Must contain upper, lower, digit, special char

Responses

Request samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.token.value",
  • "newPassword": "Pa$$w0rd123"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Validate JWT token

Validates an access or refresh token; used by legacy services.

Request Body schema: application/json
required
token
required
string [ 1 .. 2000 ] characters

Opaque or JWT token (context-specific)

tokenType
string
Default: "access"
Enum: "access" "refresh"

Token type

Responses

Request samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.token.value",
  • "tokenType": "access"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Email

Email verification & notifications

AWS SNS webhook for SES events

Public endpoint hit by AWS SNS to deliver SES Bounce / Complaint / Delivery notifications and the initial SubscriptionConfirmation. No bearer auth — relies on SNS signature verification.

Request Body schema: text/plain
required
string

Raw SNS message body (parsed as text/plain regardless of Content-Type).

Responses

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Health

Service health checks

Service health check

Returns service uptime and timestamp.

Responses

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Test email connection

Verifies SMTP/SES connectivity for outbound mail.

Responses

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Service root

Returns service version and known endpoint prefixes.

Responses

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Users

User CRUD and lifecycle

Register user (set password)

Sets the password for a previously invited / verified user.

Request Body schema: application/json
required
email
required
string <email> <= 255 characters

User email address (unique, lowercased server-side)

password
required
string <password> >= 8 characters

User password — plaintext at API boundary, bcrypt-hashed (rounds=12 per BCRYPT_ROUNDS env) before storage

token
required
string non-empty

Opaque or JWT token (context-specific)

Responses

Request samples

Content type
application/json
{
  • "email": "user@example.com",
  • "password": "Pa$$w0rd123",
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.token.value"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Create a user

Creates a new user under an account.

Authorizations:
bearerAuth
Request Body schema: application/json
required
email
required
string <email> <= 255 characters

User email address (unique, lowercased server-side)

role
required
string
Enum: "COACH" "ADMIN" "COACHEE" "ASSOCIATE" "MANAGER" "SPONSOR" "GROUP_ADMIN"

User role; gates access to role-specific endpoints

accountId
required
integer >= 1

Account ID (numeric)

name
string [ 3 .. 100 ] characters

Display name

createdBy
integer or null

ID of the user who created this resource

programId
integer

Program ID (numeric)

skipEmail
boolean
Default: false

If true, suppresses the invitation email send

Responses

Request samples

Content type
application/json
{
  • "email": "user@example.com",
  • "role": "COACH",
  • "accountId": 1,
  • "name": "Jane Doe",
  • "createdBy": 1,
  • "programId": 0,
  • "skipEmail": false
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Bulk create users

Creates up to 100 users in one call.

Authorizations:
bearerAuth
Request Body schema: application/json
required
required
Array of objects [ 1 .. 100 ] items

Users

filename
string [ 1 .. 255 ] characters

Filename

Responses

Request samples

Content type
application/json
{
  • "users": [ ],
  • "filename": "string"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Simple bulk create users

Creates users without filename; name auto-derived from email.

Authorizations:
bearerAuth
Request Body schema: application/json
required
required
Array of objects [ 1 .. 100 ] items

Users

Responses

Request samples

Content type
application/json
{
  • "users": [ ]
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Update user

Updates user details, role, activation status, or role operation.

Authorizations:
bearerAuth
path Parameters
id
required
string <uuid>
Example: 550e8400-e29b-41d4-a716-446655440000

Resource UUID

Request Body schema: application/json
required
email
string <email>

User email address (unique, lowercased server-side)

role
string
Enum: "SUPER_ADMIN" "COACH" "ADMIN" "COACHEE" "ASSOCIATE" "MANAGER" "SPONSOR" "GROUP_ADMIN"

User role; gates access to role-specific endpoints

accountId
integer

Account ID (numeric)

activationStatus
string
Enum: "PENDING_EMAIL_VERIFICATION" "PENDING_ACCOUNT_CREATION" "INVITED" "ACTIVE" "INACTIVE"

Activation status

name
string

Display name

emailVerified
string or null <date-time>

Email verified

activeRoleName
string
Enum: "SUPER_ADMIN" "COACH" "ADMIN" "COACHEE" "ASSOCIATE" "MANAGER" "SPONSOR" "GROUP_ADMIN"

Active role name

roleOperation
string
Enum: "ACTIVATE_ROLE" "DEACTIVATE_ROLE" "REMOVE_ROLE"

Role operation

Responses

Request samples

Content type
application/json
{
  • "email": "user@example.com",
  • "role": "SUPER_ADMIN",
  • "accountId": 0,
  • "activationStatus": "PENDING_EMAIL_VERIFICATION",
  • "name": "Jane Doe",
  • "emailVerified": "string",
  • "activeRoleName": "SUPER_ADMIN",
  • "roleOperation": "ACTIVATE_ROLE"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Simple user update (name & roles)

Admin-only update of user name and roles.

Authorizations:
bearerAuth
path Parameters
id
required
string <uuid>
Example: 550e8400-e29b-41d4-a716-446655440000

Resource UUID

Request Body schema: application/json
required
name
string [ 3 .. 100 ] characters

Display name

roles
Array of strings non-empty
Items Enum: "COACH" "ADMIN" "COACHEE" "ASSOCIATE" "MANAGER" "SPONSOR" "GROUP_ADMIN"

List of user roles

accountId
required
integer >= 1

Account ID (numeric)

Responses

Request samples

Content type
application/json
{
  • "name": "Jane Doe",
  • "roles": [
    ],
  • "accountId": 1
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Delete user or remove role

Deletes a user or removes a specific role from their account.

Authorizations:
bearerAuth
path Parameters
id
required
string <uuid>
Example: 550e8400-e29b-41d4-a716-446655440000

Resource UUID

Request Body schema: application/json
required
accountId
required
integer >= 1

Account ID (numeric)

role
required
string
Enum: "COACH" "ADMIN" "COACHEE" "ASSOCIATE" "MANAGER" "SPONSOR" "GROUP_ADMIN"

User role; gates access to role-specific endpoints

email
required
string <email>

User email address (unique, lowercased server-side)

Responses

Request samples

Content type
application/json
{
  • "accountId": 1,
  • "role": "COACH",
  • "email": "user@example.com"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

List users by account

Returns all users for a given account.

path Parameters
accountId
required
string <uuid>
Example: 550e8400-e29b-41d4-a716-446655440000

Account UUID

Responses

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Send verification reminder

Resends the verification email to a single user.

Authorizations:
bearerAuth
Request Body schema: application/json
required
emailId
required
string <email>

Email id UUID

accountId
integer >= 1

Account ID (numeric)

Responses

Request samples

Content type
application/json
{
  • "emailId": "550e8400-e29b-41d4-a716-446655440000",
  • "accountId": 1
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Batch send verification reminders

Sends verification reminders to multiple users.

Authorizations:
bearerAuth
Request Body schema: application/json
required
required
Array of objects non-empty

Users

Responses

Request samples

Content type
application/json
{
  • "users": [ ]
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Change current user password

Authenticated password change for the current user.

Authorizations:
bearerAuth
Request Body schema: application/json
required
currentPassword
required
string <password> non-empty

Current password — required to authorize the change

newPassword
required
string <password> >= 8 characters

Must contain upper, lower, digit, special char

Responses

Request samples

Content type
application/json
{
  • "currentPassword": "Pa$$w0rd123",
  • "newPassword": "Pa$$w0rd123"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Generate registration link

Creates a tokenized registration link for invitation flows.

Authorizations:
bearerAuth
Request Body schema: application/json
required
role
required
string
Enum: "SUPER_ADMIN" "COACH" "ADMIN" "COACHEE" "ASSOCIATE" "MANAGER" "SPONSOR" "GROUP_ADMIN"

User role; gates access to role-specific endpoints

accountId
required
integer >= 1

Account ID (numeric)

programId
integer

Program ID (numeric)

Responses

Request samples

Content type
application/json
{
  • "role": "SUPER_ADMIN",
  • "accountId": 1,
  • "programId": 0
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Decode registration token

Decodes a registration token to inspect embedded user info.

Request Body schema: application/json
required
token
required
string non-empty

Opaque or JWT token (context-specific)

Responses

Request samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.token.value"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Process invitation token

Creates a user account by accepting an invitation token.

Request Body schema: application/json
required
token
required
string non-empty

Opaque or JWT token (context-specific)

email
required
string <email> <= 255 characters

User email address (unique, lowercased server-side)

name
required
string [ 3 .. 100 ] characters

Display name

password
required
string <password> >= 8 characters

Must contain upper, lower, digit, special char

Responses

Request samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.token.value",
  • "email": "user@example.com",
  • "name": "Jane Doe",
  • "password": "Pa$$w0rd123"
}

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

List bulk upload results

Returns bulk upload result history for the caller's account.

Authorizations:
bearerAuth

Responses

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}

Export bulk upload results as CSV

Returns the bulk upload result rows as a CSV download.

Authorizations:
bearerAuth
path Parameters
uploadId
required
string <uuid>
Example: 550e8400-e29b-41d4-a716-446655440000

Bulk-upload batch UUID

Responses

Response samples

Content type
application/json
{
  • "result": "FAILURE",
  • "message": "Operation failed"
}

Get basic user info by ID

Service-to-service endpoint to fetch basic user info; used by the calendar service. Requires service-to-service auth (not bearer JWT).

path Parameters
userId
required
integer
Example: 0

Numeric user ID

Responses

Response samples

Content type
application/json
{
  • "result": "SUCCESS",
  • "message": "Operation succeeded",
  • "data": { }
}