RegardingWork Hub API Documentation
Centralized authentication and Single Sign-On service for the RegardingWork ecosystem
🚨 DEVELOPERS: SSO vs OAuth Confusion Prevention
❌ Are you trying OAuth 2.0?
PKCE, authorization codes, complex flows?
✅ For RegardingWork mini-apps:
Use simple SSO - works in under 1 hour!
🎯 Quick Decision: Building a RegardingWork mini-app? Use SSO. External third-party app? Use OAuth.
Request SSO Access SSO Integration Guide OAuth Third-Party GuideOverview
Our RESTful API enables secure authentication and user management across all RegardingWork services (Game, Premium, Display).
Base URL:
https://hub.regardingwork.com/api
Authentication:
JWT Bearer tokens (24-hour expiration)Content-Type:
application/json
CORS:
Enabled for RegardingWork subdomains🎉 NEW: Complete Integration Guide
Addresses ALL common integration challenges! Includes SSO redirect loop prevention, standardized token storage, complete error handling, and production-ready examples.
✅ FIXES: Email field now included in validation • Standardized localStorage keys • SSO troubleshooting
Integration Participants
Choose your integration type and follow the appropriate process:
Quick Start
Ready to integrate authentication with RegardingWork Hub?
New to RegardingWork Hub?
Get your app integrated with Hub authentication in under 2 hours.
- Integration Participants
- Mini-App Integration (SSO)
- Third-Party Integration (OAuth)
- Quick Start Guide
- Choose Auth Method
- SSO Integration
- SSO Callback URLs
- SSO Workflow & Debugging
- SSO vs OAuth (For Agents)
Having Issues?
Fix common authentication problems with step-by-step solutions.
- Complete SSO Workflow
- SSO vs OAuth (For Agents)
- 400 Domain Errors
- 401 Login Failures
- 500 Token Exchange
API Reference
Detailed documentation for all endpoints and OAuth flows.
- Authentication API
- Teams API Reference
- JWT Validation Guide
- JWT Token Specification
- OAuth 2.0 Reference
- Endpoint List
Hub Authentication System Status: ✅ Operational
SSO domain validation fixed • OAuth token exchange working • Ready for all RegardingWork apps
janechen / jane123
Features
- JWT Authentication (24-hour tokens)
- Refresh token system (30-day)
- OAuth 2.0 Authorization Code Flow
- PKCE Security Extension
- Single Sign-On (SSO) integration
- User registration and management
- Profile management endpoints
- Team management with roles
- Team invitations system
- Secure password hashing (scrypt)
- Cross-domain CORS support
- Token blacklisting for security
Core API Endpoints
Authentication & User Management
| Endpoint | Method | Description |
|---|---|---|
/api/auth/register |
POST | Register new user account |
/api/auth/login |
POST | Authenticate user and get tokens |
/api/auth/logout |
POST | Logout user and blacklist tokens |
/api/auth/validate |
GET | Validate JWT token ⚠️ Critical for all mini-apps |
/api/auth/refresh |
POST | Refresh access token |
/api/auth/me |
GET | Get current user data |
OAuth 2.0 Endpoints
| Endpoint | Method | Description |
|---|---|---|
/api/oauth/authorize |
GET | OAuth 2.0 authorization endpoint |
/api/oauth/token |
POST | Exchange authorization code for tokens |
Single Sign-On (SSO)
| Endpoint | Method | Description |
|---|---|---|
/api/auth/sso/authorize |
GET | SSO authorization endpoint |
/api/auth/sso/token |
POST | Get SSO token for authenticated user |
Team Management APIs
| Endpoint | Method | Description |
|---|---|---|
/api/teams |
GET | List all teams (with pagination and filtering) |
/api/teams |
POST | Create a new team |
/api/teams/<slug> |
GET | Get team details by slug |
/api/teams/<slug>/members |
GET | List team members with roles |
/api/teams/<slug>/members |
POST | Add member to team |
/api/teams/<slug>/members/<username> |
PUT | Update member role in team |
/api/teams/<slug>/members/<username> |
DELETE | Remove member from team |
/api/user/teams |
GET | Get current user's teams |
/api/teams/<slug>/invite |
POST | Send team invitation |
/api/invitations/<token> |
POST | Accept team invitation |
/api/user/invitations |
GET | Get user's pending invitations |
Live API Demo
Test the API endpoints right here:
Health Check Test
Complete Documentation Index
🚀 Getting Started
- Integration Participants
Choose between Mini-App (SSO) vs Third-Party (OAuth 2.0) - Mini-App Integration Guide
For internal RegardingWork services using SSO - Third-Party Integration Guide
For external applications using OAuth 2.0 - Standardized Authentication Guide
Choose between Simple SSO vs OAuth 2.0 for your app - Quick Start Guide
Get up and running in minutes - SSO Integration Guide
Step-by-step SSO implementation
🛠️ Troubleshooting
- Complete Troubleshooting Guide
Fix domain errors, login failures, and token issues - Test Credentials & Debugging
Use janechen/jane123 for testing
📚 API Reference
- Authentication API
Login, register, validate endpoints - OAuth 2.0 Documentation
Authorization code flow with PKCE - OAuth Authorization Flow
Detailed OAuth implementation - PKCE Security Extension
Proof Key for Code Exchange
🔗 External Resources
- Test Hub Login
Try authentication with test credentials - SSO Domain Management
Admin panel for allowed domains
Need Help?
Start with the Standardized Authentication Guide to choose the right method for your app, then follow the specific implementation guide.
Having issues? Check the Troubleshooting Guide for solutions to common problems.