BIO.RE

BIO.RE Developer Portal

Self-service API documentation for the BIO.RE platform — auth, content, payments, messaging, real-time, and more. Build frontends and mobile apps without asking the backend team.

The BIO.RE Developer Portal documents every public + user-authenticated + admin-managed endpoint of the BIO.RE creator monetization platform. It is the single source of truth for client-web, admin-v2, and mobile teams — every endpoint is verified against the live backend (5-source: controller + DTO + service + Prisma + live response).

Quick start

Authentication

Register, login, OAuth, 2FA, password reset, sessions — everything to get a user signed in.

Try it live

Each endpoint has a built-in interactive playground. Authenticate against staging and inspect real responses.

How the portal is organized

  • 🌐 Public — auth-free endpoints (register, content, discover, locales, legal, theme).
  • 🔑 User-auth — JWT bearer required (profile, wallet, messages, sessions, creator-only endpoints).
  • 👤 Admin — admin-managed surfaces (config, users, content authoring, providers, trust-safety) — exposed for transparency; client apps consume the public/user side, while admin tooling consumes admin endpoints.
  • 🧪 Dev tools — provider test endpoints (mail, SMS, push, captcha, KYC, payment) for staging-only debugging.
  • 🔌 WebSocket events — chat-service real-time event surface (typing, presence, message:new, read receipts).

Reading an endpoint page

Every endpoint page follows the same shape:

  1. Header — method + path + scope badge + rate limit + captcha note.
  2. Request — headers + body schema (with class-validator rules preserved).
  3. Response — success envelope + every error code with i18nKey.
  4. Side effects — DB writes, queued jobs, audit log entries, kill-switch checks.
  5. Code samplescurl + TypeScript fetch + TanStack Query hook (copy-paste ready).
  6. Try it — interactive playground with auto-generated cURL/JS/Go/Python/Java/C# samples.
  7. Sourcepath:line references back to the backend code (5-source verify).

Conventions

  • Response envelope — every successful response is { "success": true, "data": T }. Errors are { "success": false, "error": { code, message, i18nKey?, details?, correlationId } }.
  • Refresh tokens — set as httpOnly, secure, SameSite=Strict cookie scoped to .bio.re. Browsers send + receive automatically; mobile clients can pass via body.
  • Idempotency — mutating endpoints accept Idempotency-Key header (where supported); side effects table notes which writes are atomic.
  • Locales — 20 active locales (packages/i18n/locales/<locale>/*.json); error responses include i18nKey for UI mapping.
  • Admin-managed data — endpoints that read admin-configured values (i18n, content, providers, theme) are flagged at the top.
  • Admin-managed providers — every external integration (email, SMS, push, captcha, KYC, payment, OAuth, storage) is selected by admin at runtime. The portal never names the active vendor (e.g., "SendGrid" / "Twilio" / "Stripe"); endpoints reference the abstraction (external.email.active_provider, external.captcha.active_provider, etc.). Frontend reads the abstract token; the backend resolves to whichever vendor is currently active. Vendor today ≠ vendor tomorrow.

Where to start

If you are building...Start here
Sign-up + login flowRegisterVerify EmailLogin
Forgotten password flowForgot PasswordReset Password
Two-factor authenticationLogin with 2FA (rest of 2FA endpoints WIP)
Account dashboardCurrent User Identity, List Active Sessions, Change Password
Token rotationRefresh Access Token

More modules (content, discover, payments, messaging, creator, real-time) coming online as the portal expands.

Track Event

Authenticated event tracking — emits a FunnelEvent row tied to the current user. Killable via admin config. Validates JSON property payload size. Writes to the main Postgres database, not the Analytics DB.

On this page

Quick startHow the portal is organizedReading an endpoint pageConventionsWhere to start