Skip to content

Varmply Backend API (0.1.0)

Varmply API – MVP backend for campaigns, wallets, authentication, and influencer participation.

Error Messages

Common error codes: - NOT_FOUND - Resource not found (404) - VALIDATION_ERROR - Input validation failed (400) - PERMISSION_DENIED - User lacks permission (403) - CONFLICT - Resource conflict (409) - UNAUTHORIZED - Authentication required (401) - INTERNAL_SERVER_ERROR - Unexpected server error (500)

Download OpenAPI description
openapi.json
openapi.yaml
Languages
Servers
Mock server
https://docs-staging.varmply.com/_mock/openapi/
Local development server
http://localhost:3000/
Staging environment
https://api-staging.varmply.com/
Production environment
https://api.varmply.com/

Health

Health check endpoints

Operations

Authentication

User registration, authentication, and email verification

Operations

Register a new user

Request

Register a new user account with email and password. Returns JWT tokens upon successful registration.

Bodyapplication/jsonrequired
emailAddressstring(email)required

Valid email address

Example: "founder@example.com"
passwordstring(password)>= 12 charactersrequired

Password must be at least 12 characters and include uppercase, lowercase, number, and special character

Example: "StrongPass123!"
curl -i -X POST \
  https://docs-staging.varmply.com/_mock/openapi/auth/register \
  -H 'Content-Type: application/json' \
  -d '{
    "emailAddress": "founder@example.com",
    "password": "StrongPass123!"
  }'

Responses

User registered successfully

Bodyapplication/json
accessTokenstringrequired

JWT access token (expires in 15 minutes)

Example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
refreshTokenstringrequired

JWT refresh token (expires in 30 days)

Example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Response
application/json
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Login with email and password

Request

Authenticate an existing user and receive JWT tokens

Bodyapplication/jsonrequired
emailAddressstring(email)required

Registered email address

Example: "founder@example.com"
passwordstring(password)required

User password

Example: "StrongPass123!"
curl -i -X POST \
  https://docs-staging.varmply.com/_mock/openapi/auth/login \
  -H 'Content-Type: application/json' \
  -d '{
    "emailAddress": "founder@example.com",
    "password": "StrongPass123!"
  }'

Responses

Login successful

Bodyapplication/json
accessTokenstringrequired

JWT access token (expires in 15 minutes)

Example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
refreshTokenstringrequired

JWT refresh token (expires in 30 days)

Example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Response
application/json
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Refresh an access token

Request

Exchange a valid refresh token for a new access/refresh token pair.

Bodyapplication/jsonrequired
refreshTokenstringrequired

JWT refresh token issued by /auth/login or /auth/register

Example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
curl -i -X POST \
  https://docs-staging.varmply.com/_mock/openapi/auth/refresh \
  -H 'Content-Type: application/json' \
  -d '{
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }'

Responses

New session tokens issued

Bodyapplication/json
accessTokenstringrequired

New JWT access token

Example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
refreshTokenstringrequired

Rotated JWT refresh token

Example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Response
application/json
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Request email verification

Request

Request an email verification token to be sent to the authenticated user's email address. Returns success even if the email is already verified.

Security
bearerAuth
curl -i -X POST \
  https://docs-staging.varmply.com/_mock/openapi/auth/verify-email/request \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Verification email request processed successfully

Bodyapplication/json
okbooleanrequired
Example: true
Response
application/json
{
  "ok": true
}

Confirm email verification

Request

Confirm email verification using a token received via email. Does not require authentication (token is self-contained). Returns generic error to avoid leaking whether an email exists.

Bodyapplication/jsonrequired
tokenstringrequired

Verification token received via email

Example: "abc123xyz..."
userIdstring(uuid)

Optional user ID (can be extracted from token URL)

Example: "550e8400-e29b-41d4-a716-446655440000"
curl -i -X POST \
  https://docs-staging.varmply.com/_mock/openapi/auth/verify-email/confirm \
  -H 'Content-Type: application/json' \
  -d '{
    "token": "abc123xyz...",
    "userId": "550e8400-e29b-41d4-a716-446655440000"
  }'

Responses

Email verification confirmed successfully

Bodyapplication/json
okbooleanrequired
Example: true
Response
application/json
{
  "ok": true
}

Onboarding

User onboarding flow for all user types, including role assignment, profile setup (creator and sponsor), and settings configuration

Operations

Connections

Social media platform connection status and management

Operations

OAuth

Social media OAuth connection flows

Operations

Wallet

Wallet balance and operations

Operations

Campaigns

Campaign creation, management, and funding

Operations

Marketplace

Public marketplace for discovering and joining campaigns

Operations

Participation

Campaign participation and content submission (creator-focused)

Operations

Analytics

Analytics and reporting endpoints for campaigns, participations, and submissions

Operations

Metrics

Metrics ingestion and refresh endpoints for participations and campaigns

Operations

Notifications

User notification management endpoints

Operations

Dev

Development-only endpoints for testing (not available in production)

Operations