Skip to main content

Welcome

Fortro Engine exposes REST endpoints consumed by the ALV wallet, Issuer dashboard, and Verifier portal. This section summarizes the top-level concepts before diving into endpoint details.

Auth & DID

Challenge-based DID login, JWT issuance, and session renewal.

Wallet

Holder credential management, presentation approvals, consent APIs.

Issuer

Schema, template, offer, and credential issuance endpoints.

Verifier

Presentation request lifecycle, polling, and verification results.

Base URLs

Production: https://api.sphyre.tech
Staging:    https://staging-api.sphyre.tech (if enabled)
All endpoints live under /api/*. For example, the health check resides at GET https://api.sphyre.tech/api/health.

Authentication

Every request must include a JWT issued after the DID challenge/response flow: 
Authorization: Bearer <JWT_TOKEN>
X-User-DID: did:alyra:...
Issuer flows may also require the X-Issuer-DID header. JWTs expire after JWT_EXPIRATION seconds (default 86400); refresh via POST /api/auth/login.

Rate Limiting & Errors

  • Standard rate limit: 120 requests/minute per DID (subject to change). Exceeding limits returns HTTP 429 with Retry-After.
  • Errors follow the unified AppError schema:
{
  "error": {
    "message": "Validation error: Missing template_id",
    "code": 400
  }
}

Generating API Reference

  1. Export the latest OpenAPI spec from the backend (e.g., scripts/export_openapi.sh once available).
  2. Place the spec at docs/api-reference/openapi.json to power interactive playgrounds.
  3. For custom MDX pages, follow the structure under docs/api-reference/auth/*.
Legacy sample files (Plant Store) were replaced. Ensure no references to unrelated sample endpoints remain.