- Development:
http://localhost:8000 - Production:
https://api.yourdomain.com
Most endpoints require authentication using JWT Bearer tokens.
POST /api/v1/auth/register
Content-Type: application/json
{
"email": "user@example.com",
"password": "securepassword123",
"first_name": "John",
"last_name": "Doe",
"phone_number": "+27123456789"
}POST /api/v1/auth/login
Content-Type: application/json
{
"email": "user@example.com",
"password": "securepassword123",
"mfa_token": "123456" // Optional, if MFA enabled
}Response:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 1800
}Include the token in the Authorization header:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Basic health check endpoint.
Readiness check (verifies database connectivity).
Liveness check.
Get current user information.
Authentication: Required
Response:
{
"id": 1,
"email": "user@example.com",
"first_name": "John",
"last_name": "Doe",
"role": "user",
"is_active": true,
"mfa_enabled": false,
"created_at": "2024-01-01T00:00:00Z"
}Get user by ID (admin/auditor only).
Authentication: Required (admin/auditor role)
Create a new transaction.
Authentication: Required
Request:
{
"transaction_type": "deposit",
"amount": "1000.00",
"currency": "ZAR",
"description": "Initial deposit",
"recipient_account": null
}Response:
{
"id": 1,
"user_id": 1,
"transaction_type": "deposit",
"status": "pending",
"amount": "1000.00",
"currency": "ZAR",
"reference": "TXN-ABC123DEF456",
"description": "Initial deposit",
"created_at": "2024-01-01T00:00:00Z",
"completed_at": null
}List user's transactions.
Authentication: Required
Query Parameters:
skip: Number of records to skip (default: 0)limit: Maximum number of records (default: 100, max: 1000)
Get transaction by ID.
Authentication: Required
Access all personal information (POPIA Section 23).
Authentication: Required
Response:
{
"user_data": {...},
"transactions": [...],
"consents": [...],
"audit_logs": [...],
"exported_at": "2024-01-01T00:00:00Z"
}Correct personal information (POPIA Section 24).
Authentication: Required
Request:
{
"field": "first_name",
"new_value": "Jane"
}Request deletion of personal information (POPIA Section 25).
Authentication: Required
Export personal data in machine-readable format (POPIA: Data Portability).
Authentication: Required
Get data inventory (POPIA: Openness requirement).
Authentication: Required (admin/auditor role)
Get audit logs.
Authentication: Required (admin/auditor role)
Query Parameters:
skip: Number of records to skiplimit: Maximum number of recordsuser_id: Filter by user IDaction: Filter by action type
Get POPIA compliance status.
Authentication: Required (admin role)
Setup MFA for user account.
Authentication: Required
Response:
{
"secret": "JBSWY3DPEHPK3PXP",
"qr_code": "data:image/png;base64,iVBORw0KG...",
"backup_codes": []
}Verify and enable MFA.
Authentication: Required
Request:
{
"token": "123456"
}{
"detail": "Validation error message"
}{
"detail": "Invalid authentication credentials"
}{
"detail": "Access denied. Required roles: ['admin']"
}{
"detail": "Resource not found"
}{
"detail": "Internal server error"
}API requests are rate-limited to prevent abuse:
- 100 requests per minute per IP
- 1000 requests per hour per user
Interactive API documentation available at:
- Swagger UI:
/api/docs - ReDoc:
/api/redoc - OpenAPI JSON:
/api/openapi.json