SECTION 11.0 : API SPECIFICATION
API Catalog & REST Specifications
The backend exposes a highly structured REST interface. All requests require JSON payloads unless handling binary uploads, and utilize standard status codes to indicate operation results.
API Endpoints
Base URL Settings
Production Gateway: https://hub.unggulaxiom.com/api
GET/api/auth/webauthn/login/begin
Security : PublicGenerates a cryptographically secure 32 byte challenge stored in Redis for passkey authentication.
Success Response (200 OK)
{
"challenge": "F8x7A29M_8b1...",
"rpId": "localhost",
"sessionId": "session_id_hex"
}Standardized Status Responses
All API paths conform to strict status code specifications: 200 OK/201 Created for successes, 401 Unauthorized for invalid JWT/WebAuthn sessions, and 429 Too Many Requests in case rate limits are triggered.
Secure Token Authn
Requests targeting file structures or governance actions pass through interceptor filters. Sessions verify signature authenticity against keys and session tables, preventing user token reuse loops.