Project

General

Profile

Actions
Copy link

User Story #1798

open

Epic #1602: Auth and Security API Integration

Integrate Secure Customer Username Check API with JWT & CSRF Validation

Added by Muhammad Fahad about 6 hours ago. Updated about 6 hours ago.

Status:
New
Priority:
Normal
Assignee:
Muhammad Fahad
Target version:
-
Start date:
04/17/2026
Due date:
% Done:

0%

Estimated time:
Story Points :

Description

Integrate the secure backend API to validate and retrieve customer details based on username. This endpoint requires full security implementation including JWT authentication and CSRF protection.

The API returns customer metadata such as email, phone, subscription status, and account flags, which will be used for validation and conditional flows in the application.

🔗 API Details:

Endpoint:
GET /api/customers/check-username/{username}

Example:
/api/customers/check-username/bmp_kfayy_6526

🔐 Required Headers:
Authorization: Bearer {{auth_token}}
x-csrf-token: {{csrf_token}}
x-username: {{username}}
Content-Type: application/json
locale: en
x-app-version
x-platform
x-app-payload
x-app-signature
📥 Expected Response:
{
"exists": true,
"hasCustomer": false,
"customerId": null,
"stripeCustomerId": null,
"email": "",
"phone": "+923185456266",
"subscriptionStatus": null,
"pinSet": false
}
🎯 Scope of Work:
Integrate API in frontend (Flutter / Web)
Pass JWT token in Authorization header
Include CSRF token in request
Include all required security headers
Handle response data for:
Existing user check
Customer profile state
Store/use response data in app flow
🛠️ Tasks:
Create API service method for username check
Inject JWT token into Authorization header
Attach CSRF token in request header
Pass dynamic username in URL
Handle success response parsing
Map response fields to model (User/Customer)
Implement error handling (401, 403, 500)
Add logging for debugging
Integrate into UI flow (registration/login validation)
✅ Acceptance Criteria:
API is called with all required headers
JWT and CSRF tokens are validated successfully
Correct response data is parsed and used
UI reacts correctly based on:
exists
hasCustomer
pinSet
Error scenarios are handled properly
No security header is missing in request
⚠️ Edge Cases:
Invalid / expired JWT → handle logout or refresh
Missing CSRF token → request should fail gracefully
User exists but incomplete profile → handle onboarding flow
API failure → show proper error message
🔄 Dependency:
JWT Token Generation API
CSRF Token API

Actions
Copy link

Also available in: Atom PDF