MTAS API registered in app/Providers/RouteServiceProvider.php. Mobile primary client: storapp-mobile/src/services/mtas.ts.
OAuth #
| Method | Path | Auth |
|---|---|---|
| POST | /oauth/token | Client credentials + user password; outdated middleware on issue |
Public (no token) #
File: routes/api/v1/public.php
| Method | Path |
|---|---|
| GET | /api/v1/health, /health/extra, /health/full |
| GET | /api/v1/corporations/{code}/locations |
| POST | /api/v1/corporations/{code}/users, password resets, exists checks |
| GET | /api/v1/app-configuration — feature flags, maintenance mode |
| POST | Identity webhooks (Stripe, Shufti, Veriff), Twilio, R6Pay webhooks |
Current user (Passport token) #
File: routes/api/v1/protected/accessToken.php. Middleware: auth:api.
| Method | Path | Mobile consumer |
|---|---|---|
| GET/PUT | /api/v1/users/current | Profile, polling (60s in TabNavigator) |
| GET | /api/v1/users/current/rapidstor-auth-token | JWT broker for RapidStor API |
| GET | /api/v1/users/current/invoices, download | InvoiceHistoryScreen |
| POST | /api/v1/users/current/create-r6pay-payment/{ledger} | MakePayment (R6Pay path) |
| POST | /api/v1/users/current/unlock | Smart key / BLE unlock |
| GET | .../corporations/{code}/locations/{loc}/tenants/{tenant}/access-codes | AccessScreen |
| POST | .../noke/unlock, .../inception/unlock | Gate unlock |
| GET/PATCH | /api/v1/users/current/notifications | NotificationsScreen |
| GET/POST | /api/v1/in-app-messages | InAppMessage banners |
| POST | /api/v1/users/current/sync | Post-payment refresh |
RapidStor proxy #
Prefix: rapidstorApi/api/v1. Same Passport token. Proxies payments, ledgers, invoices, contact to RapidStor.
Contract note: Mobile defines POST api/v1/users/current/protege/unlock in mtas.ts but no dedicated route exists in MTAS — generic POST /users/current/unlock handles Protege via UserController::unlock.
API key & corp key routes #
Integration/admin routes in apiKey.php and corpKey.php — corp management, reports, push notifications, tenant sync. Not used by the mobile app directly.