Overview
The DEVision Platform consists of two backend systems with distinct APIs:
Base URLs
JM Backend (Job Manager)
| Environment | Base URL |
|---|
| Production | https://sgjm-api.vohoangphuc.com |
| Development | http://localhost:8072 |
JA Backend (Job Applicant)
| Environment | Base URL |
|---|
| Production | https://sgja-api.vohoangphuc.com |
| Development | http://localhost:8888 |
JM Backend (Job Manager)
The JM Backend provides APIs for companies to manage their presence on the platform.
Authentication (/v1/auth)
| Method | Endpoint | Description |
|---|
| POST | /v1/auth/register | Register new company |
| POST | /v1/auth/login | Login with email/password |
| POST | /v1/auth/verify-account | Verify OTP and activate account |
| POST | /v1/auth/resend-otp | Resend OTP to email |
| GET | /v1/auth/google/redirect-url | Get Google OAuth URL |
| GET | /v1/auth/google/auth | Handle Google OAuth callback |
| POST | /v1/auth/google/register | Complete registration with Google |
Company Profile (/v1/profile)
| Method | Endpoint | Description |
|---|
| POST | /v1/profile | Create company profile |
| GET | /v1/profile/{id} | Get company profile by ID |
| PATCH | /v1/profile/{id} | Update company profile |
| DELETE | /v1/profile/{id} | Delete company profile |
| GET | /v1/profile/profiles | List all company profiles |
Search Profile (/v1/search-profile) - Premium
| Method | Endpoint | Description |
|---|
| POST | /v1/search-profile | Create search profile |
| GET | /v1/search-profile/{id} | Get search profile by ID |
| GET | /v1/search-profile/company/{companyId} | Get profiles by company |
| PUT | /v1/search-profile/{id} | Update search profile |
| DELETE | /v1/search-profile/{id} | Delete search profile |
JA Backend (Job Applicant)
The JA Backend provides APIs for job applicants to manage their profiles and applications.
Authentication (/auth)
| Method | Endpoint | Description |
|---|
| POST | /auth/register | Register new applicant |
| POST | /auth/login | Login with email/password |
| POST | /auth/oauth/google | Google OAuth login (PKCE) |
| POST | /auth/token/refresh | Refresh access token |
| POST | /auth/logout | Logout and revoke tokens |
| POST | /auth/resend-verification | Resend verification email |
| GET | /auth/verify-email | Verify email with token |
| GET | /auth/public-key | Get JWKS public key |
User Profile (/user-profile)
| Method | Endpoint | Description |
|---|
| POST | /user-profile/applicants/{id}/work-experiences | Add work experience |
| POST | /user-profile/applicants/{id}/educations | Add education |
| POST | /user-profile/applicants/{id}/portfolio | Upload portfolio file |
| GET | /user-profile/applicants/{id}/portfolio/all | Get all portfolio items |
| GET | /user-profile/health | Health check |
Authentication Methods
JM Backend - Cookie-based Auth
The JM Backend uses JWE tokens stored in HttpOnly cookies:
Cookie: auth_token=<jwe_access_token>
Cookie: refresh_token=<jwe_refresh_token>
JA Backend - Bearer Token Auth
The JA Backend uses JWT Bearer tokens:
Authorization: Bearer <jwt_access_token>
Both backends use a consistent error format:
{
"error": {
"code": "VALIDATION_ERROR",
"message": "Email format is invalid"
},
"timestamp": "2025-12-22T10:30:00Z",
"path": "/auth/register"
}
Error Codes
| Code | HTTP Status | Description |
|---|
VALIDATION_ERROR | 400 | Request validation failed |
UNAUTHORIZED | 401 | Invalid or expired token |
FORBIDDEN | 403 | Insufficient permissions |
NOT_FOUND | 404 | Resource not found |
CONFLICT | 409 | Resource already exists |
API Playground
Use the navigation menu to explore individual endpoints with interactive API playground.
Each endpoint includes request/response schemas and the ability to test directly.
