Version: Next

Telemetry MQTT

Device and position telemetry ingested over MQTT (not HTTP). Uses the same broker gate as SOS: MQTT_SOS_BROKER_URL must be non-empty. Set the legacy flat topic with MQTT_TEL_TOPIC (default tel/data). The API derives a prefix from that value (tel/data → prefix tel), then subscribes to the per-user wildcard tel/+/data and to the flat legacy topic tel/data so older publishers keep working. Clients should publish to tel/{external_user_id}/data where {external_user_id} is sdk_users.external_user_id encoded as a single URL path segment (same encoding as sos/events/{external_user_id}). JSON body matches SOSMQTTAlert / SDKTelemetryWriteRequest (required timestamp, latitude, longitude, altitude). QoS 1; retain false.

📄️Introduction

OpenAPI for app users and SDK integrators: `/v1/auth/*`, `/v1/sdk/*`, `/v1/public/*`, plus MQTT SOS and telemetry (`tel/*`) payload schemas.

📄️Acknowledge SOS incident by public token

Marks an active SOS as acknowledged for the emergency contact bound to this public token.

📄️Append telemetry history row

Persists one TEL row for the authenticated SDK user over HTTP. The JSON body is the same shape as MQTT telemetry (`SOSMQTTAlert`); see the Telemetry MQTT tag for `tel/{external_user_id}/data`, `MQTT_TEL_TOPIC`, and subscription filters.

📄️Authentication

Authentication

📄️Cancel open SOS

Idempotent; cancels the active or acknowledged incident if present. No request body.

📄️Change password

Changes the authenticated user's password. Requires the current password and a new password

📄️Create emergency contact

Create emergency contact

📄️Create or update a paired device

Registers a hardware device for the authenticated SDK user. Uses the same static HMAC identity as other SDK routes.

📄️Create or update open SOS

Creates an SOS incident or updates the existing open incident for this SDK user over HTTP. The JSON body is the same shape as MQTT SOS (`SOSMQTTAlert`); see the SOS MQTT tag for `MQTT_SOS_TOPIC`, `MQTT_SOS_EVENTS_TOPIC_PREFIX`, and ingest vs `sos/events` outbound topics.

📄️Delete a paired device

Deletes a device by backend-generated id. Returns 404 when the device does not exist or is not owned by this SDK user.

📄️Delete authenticated account

Permanently deletes the currently authenticated user account and revokes all active sessions.

📄️Delete emergency contact

Delete emergency contact

📄️Email verification

Email verification

📄️Generate SDK user hash

Generates the static `user_hash` used by the SDK authentication flow for a given app and user identity.

📄️Get authenticated user profile

Returns profile information for the currently authenticated user.

📄️Get device config by country

Resolves the LoRaWAN device configuration for the caller's country.

📄️Get open SOS

Returns the active or acknowledged incident, or `incident: null` when none.

📄️Get SDK user profile

Validates the static HMAC identity using `X-App-ID`, `X-User-ID`, and `Authorization: Bearer <user_hash>`.

📄️List emergency contacts

List emergency contacts

📄️List paired devices

Returns devices for the authenticated SDK user, newest `paired_at` first.

📄️Login with email/password

Authenticates with email and password. On success returns an access token (JWT) and a refresh token.

📄️Logout and revoke refresh token

Revokes the refresh token sent in the body. That token can no longer be used for POST /v1/auth/refresh.

📄️NanoMQ acl_req — per-publish/subscribe ACL check

Looks up cached `MQTTSession` from Redis by username. Derives permission from session type + topic:

📄️NanoMQ auth_req — validate MQTT CONNECT credentials

NanoMQ HTTP auth callback for the CONNECT phase. Three user types:

📄️NanoMQ super_req — check superuser status

Only the internal bridge user (`eixam-api-sos-internal`) is superuser (bypasses ACL).

📄️Password recovery

Password recovery

📄️Public

Public

📄️Register a new user

Creates a new user account with the given email and password. Password must be at least 8 characters.

📄️Replace emergency contact

Full replacement of name, phone, email, and priority.

📄️Request password reset

Requests a password reset for the given email. If the account exists, a 6-character alphanumeric

📄️Request verification email

Creates a new email verification code for the given email if the account exists and is not yet

📄️Reset password with one-time code

Sets a new password using the one-time reset code sent by email.

📄️Resolve open SOS

Idempotent; resolves the active or acknowledged incident if present. No request body.

📄️Rotate refresh token

Exchanges a valid refresh token for a new access token and refresh token. Use this before the access

📄️SDK

SDK

📄️SOS MQTT

SOS MQTT

📄️Telemetry MQTT

Telemetry MQTT

📄️Verify email with 6-character code

Marks the user's email as verified using the 6-character alphanumeric code (0-9, a-z) sent to the user's email.

📄️View SOS incident by public token

Resolves a contact-bound opaque public token for an SOS incident. Intended for emergency contacts