Architecture
Last generated 2026-07-13 · window 2026-07-12T18:02:00Z–2026-07-13T18:01:03Z
storapp-mobile (Expo) mtas (Laravel)
┌─────────────────────────┐ ┌────────────────────────────┐
│ Screens / Navigation │ │ Passport OAuth /oauth/token │
│ RTK Query (mtas.ts) │──Bearer───▶│ api/v1/* (access token) │
│ RTK Query (rapidstor) │◀──JWT──────│ rapidstor-auth-token broker │
└───────────┬─────────────┘ │ Horizon jobs · Nova admin │
│ └──────┬──────────┬─────────┘
│ RapidStor JWT │ │
▼ ▼ ▼
RapidStor API SiteLink/ Gate providers
(payments, merch) StorEdge (Noke, etc.)
Auth flow #
- Mobile
POST oauth/token — branded apps use corp_specific_password grant; unbranded use password. - Subsequent MTAS calls use
Authorization: Bearer <access_token>. - Mobile fetches
GET api/v1/users/current/rapidstor-auth-token for RapidStor JWT. - RapidStor calls go directly to RapidStor API with auto-refresh via MTAS.
- For Stripe Direct r6Pay: mobile connects Socket.IO to RapidStor, joins payment room, presents Stripe Payment Sheet, waits for
paymentEvent confirmation.