GET /health
Response:
{
"status": "ok",
"version": "0.1.0",
"server_ip": "192.168.1.100"
}POST /api/handshake
Content-Type: application/json
{
"ttl_seconds": 60,
"max_attempts": 3
}
Response:
{
"session_id": "uuid",
"qr_svg": "<svg>...</svg>",
"code": "1234",
"expires_at": "2026-06-20T12:00:00Z",
"server_ip": "192.168.1.100"
}POST /api/verify
Content-Type: application/json
{
"session_id": "uuid",
"code": "1234"
}
Success Response:
{
"success": true,
"access_token": "eyJ...",
"refresh_token": "eyJ...",
"message": "验证成功"
}Error Responses:
401 Unauthorized: Wrong code409 Conflict: Code already consumed410 Gone: Code expired or max attempts reached
POST /api/token/refresh
Content-Type: application/json
{
"refresh_token": "eyJ...",
"channel_hash": "base64..."
}
Response:
{
"access_token": "eyJ...",
"expires_in": 900
}GET /api/confirm
Returns an HTML page displaying the server IP and current verification code for visual confirmation.