Skip to content

Android API

File: android_api_routes.py


Purpose

The Android API exposes a set of JSON REST endpoints that the Lenzeye Android app consumes. All responses use consistent JSON structure. Authentication uses the same OTP system as the web platform, session state is managed via cookies.


Authentication Flow (Mobile)

flowchart TD
    A[App sends email] --> B[POST /android/request-otp]
    B --> C[OTP sent to email]
    C --> D[User enters OTP in app]
    D --> E[POST /android/verify-otp]
    E --> F[Session cookie set]
    F --> G[All subsequent requests
use session cookie]

Endpoint Groups

Authentication

Endpoint Method Description
/android/request-otp POST Send OTP to provided email
/android/verify-otp POST Verify OTP, create session
/android/logout POST Clear session
/android/check-session GET Return current user info if logged in

Storage & Files

Endpoint Method Description
/android/list-folders GET List all folders in user's S3 prefix
/android/list-files GET List files in a specific folder
/android/delete-file DELETE Delete a file from S3
/android/delete-folder DELETE Delete an entire folder from S3
/android/download-file GET Get presigned download URL for a file

Upload

Endpoint Method Description
/android/initiate-upload POST Start multipart upload for a file
/android/get-presigned-url GET Get presigned URL for a part
/android/complete-upload POST Complete multipart upload

Profile & Subscription

Endpoint Method Description
/android/profile GET Return user profile data
/android/update-profile POST Update name, mobile, role, location
/android/subscription-status GET Return current plan and storage info

Guest Upload

Endpoint Method Description
/android/guest-upload-link GET Get the user's guest upload URL
/android/download-links GET List all generated download links

Response Format

All endpoints return consistent JSON: json { "success": true, "data": { ... }, "message": "Optional message" }

Error responses: json { "success": false, "message": "Error description" }


Session Handling

  • The Android app sends session cookies on every request (same as browser)
  • Flask session is validated on every authenticated route via @login_required_android decorator
  • Session lifetime: 23 hours (same as web)

TL;DR

What it does: REST JSON API for the Android app covering auth (OTP), file management, uploads, profile, and guest upload links.

Key techniques: Same OTP session auth as web platform, cookie-based sessions, consistent JSON response format, same multipart upload protocol as web (presigned URLs), @login_required_android decorator for route protection.