Authentication API - Pregnancy Food Tracker

✓ API Ready ⚙ Configuration Required

Quick Start

🧪 Test API Endpoints 📖 Main Documentation 👤 Profile API Docs 📝 View Code Examples

Setup Checklist

✅ Database structure imported (tritonba_PregnancyFoodTracker.sql)
⚙️ Configure database credentials in config/database.php
⚙️ Configure SMTP2GO API key in config/smtp.php
⚙️ Test endpoints using test.html

Authentication Endpoints

POST /api/check_user.php

Check if a user exists in the database by email address.

POST /api/register_user.php

Register a new user with email only. All other profile information is optional and can be added later.

POST /api/send_auth_code.php

Send a 2-digit authentication code to the user's email via SMTP2GO. Code expires in 10 minutes.

POST /api/verify_auth_code.php

Verify the authentication code entered by the user. Returns a session token on success.

Profile Management Endpoints

GET/POST /api/get_user_profile.php

Retrieve complete user profile information including pregnancy status and calculated pregnancy weeks.

POST /api/update_profile.php ⭐

Comprehensive profile update endpoint - Update ALL user fields (display_name, date_of_birth, phone_e164, due_date, months_before_due_at_intake, number_of_kids, is_pregnant). Requires authentication. Perfect for multi-page forms.

POST /api/update_pregnancy_info.php

Update pregnancy-specific fields only (is_pregnant, due_date, months_before_due_at_intake, number_of_kids). Alternative to update_profile.php for pregnancy-only updates.

POST /api/unlock_account.php

Unlock a user account that was automatically locked after 5 failed verification attempts. Admin/support use only.

Authentication Flow

Check User: Verify if email exists in database
Register (if new): Create user account if not found
Send Code: Email 2-digit authentication code to user
Verify Code: Validate code and receive session token
Access Granted: Use session token for authenticated requests

Security Features

✓ Email format validation
✓ 2-digit authentication codes
✓ 10-minute code expiration
✓ Maximum 5 verification attempts per code
✓ Automatic account locking after 5 failed attempts
✓ Admin unlock endpoint available
✓ SQL injection protection (PDO prepared statements)
✓ CORS headers for cross-origin requests

Requirements

PHP 7.4 or higher
MySQL/MariaDB database
cURL extension enabled
PDO MySQL extension
SMTP2GO account (free tier available at smtp2go.com)

Configuration

Before using the API, configure your settings:

Copy config/database.example.php to config/database.php
Copy config/smtp.example.php to config/smtp.php
Update both files with your actual credentials
Test the API using the test page

🔐 Authentication API