Android API¶
File: android_api_routes.py
Purpose¶
The Android API exposes a set of JSON REST endpoints that the Lenzeye Android app consumes. All responses use consistent JSON structure. Authentication uses the same OTP system as the web platform, session state is managed via cookies.
Authentication Flow (Mobile)¶
flowchart TD
A[App sends email] --> B[POST /android/request-otp]
B --> C[OTP sent to email]
C --> D[User enters OTP in app]
D --> E[POST /android/verify-otp]
E --> F[Session cookie set]
F --> G[All subsequent requests
use session cookie]
Endpoint Groups¶
Authentication¶
| Endpoint | Method | Description |
|---|---|---|
/android/request-otp |
POST | Send OTP to provided email |
/android/verify-otp |
POST | Verify OTP, create session |
/android/logout |
POST | Clear session |
/android/check-session |
GET | Return current user info if logged in |
Storage & Files¶
| Endpoint | Method | Description |
|---|---|---|
/android/list-folders |
GET | List all folders in user's S3 prefix |
/android/list-files |
GET | List files in a specific folder |
/android/delete-file |
DELETE | Delete a file from S3 |
/android/delete-folder |
DELETE | Delete an entire folder from S3 |
/android/download-file |
GET | Get presigned download URL for a file |
Upload¶
| Endpoint | Method | Description |
|---|---|---|
/android/initiate-upload |
POST | Start multipart upload for a file |
/android/get-presigned-url |
GET | Get presigned URL for a part |
/android/complete-upload |
POST | Complete multipart upload |
Profile & Subscription¶
| Endpoint | Method | Description |
|---|---|---|
/android/profile |
GET | Return user profile data |
/android/update-profile |
POST | Update name, mobile, role, location |
/android/subscription-status |
GET | Return current plan and storage info |
Guest Upload¶
| Endpoint | Method | Description |
|---|---|---|
/android/guest-upload-link |
GET | Get the user's guest upload URL |
/android/download-links |
GET | List all generated download links |
Response Format¶
All endpoints return consistent JSON:
json
{
"success": true,
"data": { ... },
"message": "Optional message"
}
Error responses:
json
{
"success": false,
"message": "Error description"
}
Session Handling¶
- The Android app sends session cookies on every request (same as browser)
- Flask session is validated on every authenticated route via
@login_required_androiddecorator - Session lifetime: 23 hours (same as web)
TL;DR¶
What it does: REST JSON API for the Android app covering auth (OTP), file management, uploads, profile, and guest upload links.
Key techniques: Same OTP session auth as web platform, cookie-based sessions, consistent JSON response format, same multipart upload protocol as web (presigned URLs), @login_required_android decorator for route protection.