06 - FE Integration Contracts
FE Runtime Topology
Base Contract
/api/v1Accept-Language: id|en?lang=id|enResponse Envelope
ApiResponse:success: booleancode: stringmessage: stringrequest_id: stringtimestamp: stringapi_version: stringdata: any (opsional)meta: object (opsional)errors: object|array (khusus error validasi)app/Http/Responses/ApiResponse.phpapp/Traits/HasApiResponse.phpAuth Headers
Authorization: Bearer <access_token>X-Tenant-ID: <uuid> (opsional; wajib match tenant dalam token jika dikirim)Token Ability Expectations
tenant:access atau platform:accessFE Auth Lifecycle (Recommended)
Critical Endpoints For FE
Auth
POST /auth/loginPOST /auth/refreshPOST /auth/select-tenantGET /auth/mePOST /auth/logoutdata.tenants[]), FE dapat memakai pivot.membership_type dan pivot.last_login_at untuk label peran serta informasi "terakhir login" per tenant.User Runtime
/user/security/*/user/sessions*/user/notifications*Tenant Runtime
/tenant/billing/*/tenant/integrations/*/tenant/master-data/taxonomies*GET /auth/me FE Shape
current_tenant.id|name|slug (nullable)authz.roles[]authz.permissions[]{
"success": true,
"code": "SUCCESS",
"data": {
"id": "...",
"name": "Super Admin",
"account": { "type": "platform_admin" },
"current_tenant": { "id": "...", "name": "Garment Indonesia", "slug": "garment-indonesia" },
"authz": {
"roles": ["owner", "ppic"],
"permissions": ["po.create", "po.approve", "mr.read"]
}
}
}Error Handling Contract
code dari response, bukan hanya HTTP status.FE Error Strategy (Practical)
401: clear access token, trigger refresh flow.401 setelah refresh gagal: logout lokal + redirect login.403: tampilkan forbidden/feature-denied sesuai code.422: tampilkan field-level validation dari errors.request_id untuk issue tracing ke BE logs.Diubah pada 2026-03-03 22:25:30