# Flowxi Docs ## Docs - [Login (email + password)](https://docs.flowxi.app/api-reference/auth/login-email-+-password.md): Strict anti-enumeration: unknown email, wrong password, non-active account => INVALID_CREDENTIALS (401). If 2FA enabled: returns a challenge (no token). If 2FA disabled: issues a token (1 token per device_id). - [Logout (current session)](https://docs.flowxi.app/api-reference/auth/logout-current-session.md): Deletes the current token only. - [List active devices](https://docs.flowxi.app/api-reference/devices/list-active-devices.md): Lists active tokens with device metadata (excludes legacy tokens without device_id). - [Logout a specific device](https://docs.flowxi.app/api-reference/devices/logout-a-specific-device.md): Revokes the token associated with a device_id. - [Health](https://docs.flowxi.app/api-reference/health/health.md): Healthcheck endpoint. - [Introduction](https://docs.flowxi.app/api-reference/introduction.md) - [Get current user profile](https://docs.flowxi.app/api-reference/me/get-current-user-profile.md): Returns the full profile of the authenticated user. - [Update current user profile](https://docs.flowxi.app/api-reference/me/update-current-user-profile.md): Updates basic profile fields. `country` and `nationality` are normalized to uppercase. - [Upload profile photo](https://docs.flowxi.app/api-reference/me/upload-profile-photo.md): Uploads a profile photo using multipart/form-data (Backblaze B2 S3-compatible). Database stores the object key only. - [Register (email OTP) - resend code](https://docs.flowxi.app/api-reference/registration/register-email-otp--resend-code.md): Resends a 6-digit OTP for a pending user. - [Register (email OTP) - send code](https://docs.flowxi.app/api-reference/registration/register-email-otp--send-code.md): Creates (or reuses) a pending user and sends a 6-digit OTP by email. - [Register (email OTP) - set password](https://docs.flowxi.app/api-reference/registration/register-email-otp--set-password.md): Validates OTP under lock, activates the user, deletes OTP row, and issues a token. - [Register (email OTP) - verify code](https://docs.flowxi.app/api-reference/registration/register-email-otp--verify-code.md): Verifies the OTP (hash match + not expired). Does not activate account yet. - [Register (magic link) - resend link](https://docs.flowxi.app/api-reference/registration/register-magic-link--resend-link.md): Resends a magic link for a pending user. Active users get 409. - [Register (magic link) - send link](https://docs.flowxi.app/api-reference/registration/register-magic-link--send-link.md): Creates (or reuses) a pending user and sends a single-use magic link email. - [Register (magic link) - set password](https://docs.flowxi.app/api-reference/registration/register-magic-link--set-password.md): Validates magic link token, sets password, activates account, and issues a token. - [2FA status (and enrollment info if disabled)](https://docs.flowxi.app/api-reference/two-factor-authentication/2fa-status-and-enrollment-info-if-disabled.md): If enabled: never returns secret nor otpauth_uri. If disabled: returns pending secret + otpauth_uri for enrollment (cache, not DB). - [Disable 2FA](https://docs.flowxi.app/api-reference/two-factor-authentication/disable-2fa.md): Verifies code against DB secret, disables 2FA (resets secret). - [Enable 2FA](https://docs.flowxi.app/api-reference/two-factor-authentication/enable-2fa.md): Verifies code against pending secret (cache), commits secret to DB, enables 2FA. - [Step-up verify 2FA](https://docs.flowxi.app/api-reference/two-factor-authentication/step-up-verify-2fa.md): Proves 2FA for sensitive actions. Does not issue a token. - [Verify login 2FA (step 2)](https://docs.flowxi.app/api-reference/two-factor-authentication/verify-login-2fa-step-2.md): Validates TOTP and issues a token (enforces 1 token/device). Challenge bound to IP + User-Agent + device_id. - [Two-factor authentication](https://docs.flowxi.app/auth/2fa.md) - [Login](https://docs.flowxi.app/auth/login.md) - [Overview](https://docs.flowxi.app/auth/overview.md) - [Registration](https://docs.flowxi.app/auth/registration.md) - [Errors](https://docs.flowxi.app/errors/index.md) - [Welcome](https://docs.flowxi.app/index.md) - [Introduction](https://docs.flowxi.app/introduction.md) - [Localization](https://docs.flowxi.app/localization/index.md) - [Me](https://docs.flowxi.app/user/me.md): Récupérer et mettre à jour le profil utilisateur connecté, y compris l’upload photo (Backblaze B2). ## OpenAPI Specs - [openapi](https://docs.flowxi.app/api-reference/openapi.yaml)