Architecture

Last generated 2026-07-13 · window 2026-07-12T18:02:00Z–2026-07-13T18:01:03Z

storapp-mobile (Expo)                 mtas (Laravel)
┌─────────────────────────┐            ┌────────────────────────────┐
│ Screens / Navigation    │            │ Passport OAuth /oauth/token │
│ RTK Query (mtas.ts)     │──Bearer───▶│ api/v1/* (access token)     │
│ RTK Query (rapidstor)   │◀──JWT──────│ rapidstor-auth-token broker │
└───────────┬─────────────┘            │ Horizon jobs · Nova admin   │
            │                            └──────┬──────────┬─────────┘
            │ RapidStor JWT                     │          │
            ▼                                   ▼          ▼
     RapidStor API                          SiteLink/   Gate providers
     (payments, merch)                      StorEdge    (Noke, etc.)

Auth flow #

  1. Mobile POST oauth/token — branded apps use corp_specific_password grant; unbranded use password.
  2. Subsequent MTAS calls use Authorization: Bearer <access_token>.
  3. Mobile fetches GET api/v1/users/current/rapidstor-auth-token for RapidStor JWT.
  4. RapidStor calls go directly to RapidStor API with auto-refresh via MTAS.
  5. For Stripe Direct r6Pay: mobile connects Socket.IO to RapidStor, joins payment room, presents Stripe Payment Sheet, waits for paymentEvent confirmation.