Startvex API

API-first application. This homepage is the live documentation hub and must stay aligned with every controller method annotated as an API endpoint.

Local Base URL http://127.0.0.1/API_STARTVEX/
Production Base URL https://api.startvex.com/
Activation Rule 6-digit code, expires in 15 minutes, delivered by email.

Endpoints

POST
/api/v1/auth/forgot-password

Request a password reset code

Receives an email address and sends an 8-character password reset code when the email belongs to an active account. The code expires in 15 minutes.

Show Details Hide Details

Request Fields

Field Type Required Description
email string Yes Registered user email address.

Responses

Status Description
200 Password reset request processed.
422 Validation failed for the submitted payload.
503 SMTP delivery failed.

Response Fields

Field Type Description
message string Operation result message.
reset_code_expires_in_minutes integer Password reset code validity in minutes.
POST
/api/v1/auth/login

Authenticate a user with email and password

Validates active user credentials, updates the last access information, resets the current invalid login streak, generates a new access token, and returns the user profile.

Show Details Hide Details

Request Fields

Field Type Required Description
email string Yes Registered user email address.
password string Yes User password.

Responses

Status Description
200 Authentication successful and user data returned.
401 Invalid email or password.
403 User exists but is not active.
422 Validation failed for the submitted payload.

Response Fields

Field Type Description
message string Operation result message.
access_token string Current authenticated session token.
access_token_expires_at string UTC expiration datetime for the access token.
user.id integer User identifier.
user.name string User full name.
user.username string|null User public username.
user.email string User email address.
user.profile_image_path string|null Server path for the user profile image.
user.country string|null User country.
user.timezone string|null User timezone.
user.wallet_address string|null User wallet address.
user.app_language string|null Preferred application language.
user.date_format_region string|null Preferred region for date formatting.
user.theme string|null Preferred application theme.
user.notify_mev_protection boolean Whether MEV protection notifications are enabled.
user.notify_bug_report boolean Whether bug report notifications are enabled.
user.notify_milestone_update boolean Whether milestone update notifications are enabled.
user.notify_governance_proposal boolean Whether new governance proposal notifications are enabled.
user.notify_team_changes boolean Whether team entry and exit notifications are enabled.
user.notify_price_alert boolean Whether price alert notifications are enabled.
user.notify_vesting_event boolean Whether vesting event notifications are enabled.
user.notify_investment_round boolean Whether new investment round notifications are enabled.
user.notify_assigned_task boolean Whether assigned task notifications are enabled.
user.notify_evidence_result boolean Whether evidence result notifications are enabled.
user.notify_deal_room_activity boolean Whether deal room activity notifications are enabled.
user.notify_two_factor_activation boolean Whether 2FA activation security notifications are enabled.
user.hide_public_profile boolean Whether the public profile is hidden.
user.hide_from_searches boolean Whether the user is hidden from searches.
user.anonymous_deal_room_mode boolean Whether anonymous mode is enabled in deal rooms.
user.hide_token_balance boolean Whether token balance is hidden.
user.hide_smart_company_participation boolean Whether SmartCompany participation is hidden.
user.registered_at string UTC registration datetime.
user.last_access_at string|null UTC datetime of the last valid login.
user.password_changed_at string|null UTC datetime of the last password change.
user.invalid_access_count_before_last_access integer Invalid login attempts counted immediately before the last successful login.
user.activated_at string|null UTC activation datetime.
user.status string User status.
POST
/api/v1/auth/logout

Invalidate the current authenticated token

Invalidates the informed access token and ends the authenticated session.

Show Details Hide Details

Request Fields

Field Type Required Description
access_token string Yes Current authenticated session token.

Responses

Status Description
200 Logout completed and token invalidated.
422 Validation failed for the submitted payload.
401 Missing, invalid, or expired token.

Response Fields

Field Type Description
message string Operation result message.
POST
/api/v1/auth/reset-password

Reset a forgotten password

Validates the 8-character password reset code and updates the password. When the password is changed, active sessions for the user are revoked.

Show Details Hide Details

Request Fields

Field Type Required Description
email string Yes Registered user email address.
reset_code string Yes 8-character password reset code received by email.
new_password string Yes New password to store securely.

Responses

Status Description
200 Password updated successfully and active sessions revoked.
422 Validation failed or reset code is invalid/expired.

Response Fields

Field Type Description
message string Operation result message.
POST
/api/v1/auth/validate-token

Validate the current authenticated token

Validates the informed access token and email. When both match the same active session, the API renews the session for another 15 minutes. If the token belongs to another email, the session is expired.

Show Details Hide Details

Request Fields

Field Type Required Description
email string Yes Email address that must belong to the token owner.
access_token string Yes Current authenticated session token.

Responses

Status Description
200 Token and email are valid; session renewed and user data returned.
422 Validation failed for the submitted payload.
401 Missing, invalid, expired token, or email mismatch.

Response Fields

Field Type Description
message string Operation result message.
access_token_expires_at string UTC expiration datetime after renewal.
user.id integer User identifier.
user.name string User full name.
user.username string|null User public username.
user.email string User email address.
user.profile_image_path string|null Server path for the user profile image.
user.country string|null User country.
user.timezone string|null User timezone.
user.wallet_address string|null User wallet address.
user.app_language string|null Preferred application language.
user.date_format_region string|null Preferred region for date formatting.
user.theme string|null Preferred application theme.
user.notify_mev_protection boolean Whether MEV protection notifications are enabled.
user.notify_bug_report boolean Whether bug report notifications are enabled.
user.notify_milestone_update boolean Whether milestone update notifications are enabled.
user.notify_governance_proposal boolean Whether new governance proposal notifications are enabled.
user.notify_team_changes boolean Whether team entry and exit notifications are enabled.
user.notify_price_alert boolean Whether price alert notifications are enabled.
user.notify_vesting_event boolean Whether vesting event notifications are enabled.
user.notify_investment_round boolean Whether new investment round notifications are enabled.
user.notify_assigned_task boolean Whether assigned task notifications are enabled.
user.notify_evidence_result boolean Whether evidence result notifications are enabled.
user.notify_deal_room_activity boolean Whether deal room activity notifications are enabled.
user.notify_two_factor_activation boolean Whether 2FA activation security notifications are enabled.
user.hide_public_profile boolean Whether the public profile is hidden.
user.hide_from_searches boolean Whether the user is hidden from searches.
user.anonymous_deal_room_mode boolean Whether anonymous mode is enabled in deal rooms.
user.hide_token_balance boolean Whether token balance is hidden.
user.hide_smart_company_participation boolean Whether SmartCompany participation is hidden.
user.registered_at string UTC registration datetime.
user.last_access_at string|null UTC datetime of the last valid login.
user.password_changed_at string|null UTC datetime of the last password change.
user.invalid_access_count_before_last_access integer Invalid login attempts counted immediately before the last successful login.
user.activated_at string|null UTC activation datetime.
user.status string User status.
GET
/api/v1/smart-companies

List visible SmartCompanies

Returns SmartCompany summaries visible to the requester without exposing private core data.

Show Details Hide Details

Request Fields

Field Type Required Description

Responses

Status Description

Response Fields

Field Type Description
POST
/api/v1/smart-companies

Create a SmartCompany

Creates a SmartCompany and registers the authenticated user as its founder member.

Show Details Hide Details

Request Fields

Field Type Required Description

Responses

Status Description

Response Fields

Field Type Description
GET
/api/v1/smart-companies/{id}

Retrieve SmartCompany context

Readable viewers receive the SmartCompany table data; founders also receive management sections.

Show Details Hide Details

Request Fields

Field Type Required Description

Responses

Status Description

Response Fields

Field Type Description
PATCH
/api/v1/smart-companies/{id}

Update SmartCompany core data

Only founder members can change SmartCompany core data.

Show Details Hide Details

Request Fields

Field Type Required Description

Responses

Status Description

Response Fields

Field Type Description
GET
/api/v1/smart-companies/{id}/dashboard

Retrieve SmartCompany dashboard projection

Returns only frontend-safe dashboard fields.

Show Details Hide Details

Request Fields

Field Type Required Description

Responses

Status Description

Response Fields

Field Type Description
GET
/api/v1/smart-companies/{id}/metrics

Retrieve SmartCompany metrics projection

Returns execution/evidence/validation/capital/impact/coordination metrics.

Show Details Hide Details

Request Fields

Field Type Required Description

Responses

Status Description

Response Fields

Field Type Description
POST
/api/v1/smart-companies/{id}/participants

Add SmartCompany participant

Only founder members can add participants.

Show Details Hide Details

Request Fields

Field Type Required Description

Responses

Status Description

Response Fields

Field Type Description
DELETE
/api/v1/smart-companies/{id}/participants/{participantId}

Remove SmartCompany participant

Only founder members can remove participants. The last founder cannot be removed.

Show Details Hide Details

Request Fields

Field Type Required Description

Responses

Status Description

Response Fields

Field Type Description
PATCH
/api/v1/smart-companies/{id}/participants/{participantId}

Update SmartCompany participant

Only founder members can update participants.

Show Details Hide Details

Request Fields

Field Type Required Description

Responses

Status Description

Response Fields

Field Type Description
GET
/api/v1/smart-companies/{id}/summary

Retrieve SmartCompany summary projection

Returns a public-safe SmartCompany summary.

Show Details Hide Details

Request Fields

Field Type Required Description

Responses

Status Description

Response Fields

Field Type Description
POST
/api/v1/uploads/image

Upload an image

Stores a JPG, PNG, or WEBP image and returns a public path for logo, cover, or profile image fields.

Show Details Hide Details

Request Fields

Field Type Required Description

Responses

Status Description

Response Fields

Field Type Description
POST
/api/v1/users/activate

Validate and activate a registered user

Validates the submitted 6-digit code. If the code is invalid or expired, the API generates and emails a fresh code automatically.

Show Details Hide Details

Request Fields

Field Type Required Description
email string Yes Registered user email address.
activation_code string Yes 6-digit activation code received by email.

Responses

Status Description
200 User activated successfully.
404 User not found for the given email.
409 User is already active.
422 Invalid or expired code; a new code is sent automatically.
503 SMTP delivery failed while resending the code.

Response Fields

Field Type Description
user_id integer User identifier.
username string|null User public username.
email string Registered user email address.
profile_image_path string|null Server path for the user profile image.
country string|null User country.
timezone string|null User timezone.
wallet_address string|null User wallet address.
status string Current user status.
activated_at string UTC activation datetime.
message string Operation result message.
POST
/api/v1/users/me

Retrieve the authenticated user profile data

Returns the full profile for the authenticated active user. The access token may be sent in the request body or in the Authorization Bearer header.

Show Details Hide Details

Request Fields

Field Type Required Description
access_token string No Current authenticated session token. Required when not sent in the Authorization header.

Responses

Status Description
200 User data returned successfully.
401 Missing, invalid, or expired token.
422 Validation failed for the submitted payload.

Response Fields

Field Type Description
message string Operation result message.
user.id integer User identifier.
user.name string User full name.
user.username string|null User public username.
user.email string User email address.
user.profile_image_path string|null Server path for the user profile image.
user.country string|null User country.
user.timezone string|null User timezone.
user.wallet_address string|null User wallet address.
user.app_language string|null Preferred application language.
user.date_format_region string|null Preferred region for date formatting.
user.theme string|null Preferred application theme.
user.notify_mev_protection boolean Whether MEV protection notifications are enabled.
user.notify_bug_report boolean Whether bug report notifications are enabled.
user.notify_milestone_update boolean Whether milestone update notifications are enabled.
user.notify_governance_proposal boolean Whether new governance proposal notifications are enabled.
user.notify_team_changes boolean Whether team entry and exit notifications are enabled.
user.notify_price_alert boolean Whether price alert notifications are enabled.
user.notify_vesting_event boolean Whether vesting event notifications are enabled.
user.notify_investment_round boolean Whether new investment round notifications are enabled.
user.notify_assigned_task boolean Whether assigned task notifications are enabled.
user.notify_evidence_result boolean Whether evidence result notifications are enabled.
user.notify_deal_room_activity boolean Whether deal room activity notifications are enabled.
user.notify_two_factor_activation boolean Whether 2FA activation security notifications are enabled.
user.hide_public_profile boolean Whether the public profile is hidden.
user.hide_from_searches boolean Whether the user is hidden from searches.
user.anonymous_deal_room_mode boolean Whether anonymous mode is enabled in deal rooms.
user.hide_token_balance boolean Whether token balance is hidden.
user.hide_smart_company_participation boolean Whether SmartCompany participation is hidden.
user.registered_at string UTC registration datetime.
user.last_access_at string|null UTC datetime of the last valid login.
user.password_changed_at string|null UTC datetime of the last password change.
user.invalid_access_count_before_last_access integer Invalid login attempts counted immediately before the last successful login.
user.activated_at string|null UTC activation datetime.
user.status string User status.
POST
/api/v1/users/register

Create a new user account

Registers an inactive user account, stores the password securely, and sends a 6-digit activation code by email.

Show Details Hide Details

Request Fields

Field Type Required Description
name string Yes User full name.
username string No User public username.
email string Yes Unique user email address.
profile_image_path string No Server path for the user profile image.
country string No User country.
timezone string No User timezone.
wallet_address string No User wallet address.
password string Yes Plain password; the API stores only a secure hash.

Responses

Status Description
201 User created successfully and activation code sent.
200 Inactive user updated and a fresh activation code sent.
409 An active user already exists for the given email.
409 Username is already in use by another user.
422 Validation failed for the submitted payload.
503 SMTP delivery failed.

Response Fields

Field Type Description
user_id integer User identifier.
username string|null User public username.
email string Registered user email address.
profile_image_path string|null Server path for the user profile image.
country string|null User country.
timezone string|null User timezone.
wallet_address string|null User wallet address.
status string Current user status.
activation_expires_at string UTC expiration datetime for the current activation code.
message string Operation result message.
POST
/api/v1/users/update

Update the authenticated user profile data

Updates editable profile fields for the authenticated active user. The access token may be sent in the request body or in the Authorization Bearer header.

Show Details Hide Details

Request Fields

Field Type Required Description
access_token string No Current authenticated session token. Required when not sent in the Authorization header.
name string No User full name.
username string No User public username. Send an empty string to clear it.
profile_image_path string No Server path for the user profile image. Send an empty string to clear it.
country string No User country. Send an empty string to clear it.
timezone string No User timezone. Send an empty string to clear it.
wallet_address string No User wallet address. Send an empty string to clear it.
app_language string No Preferred application language. Send an empty string to clear it.
date_format_region string No Preferred region for date formatting. Send an empty string to clear it.
theme string No Preferred application theme. Send an empty string to clear it.
notify_mev_protection boolean No Enable or disable MEV protection notifications.
notify_bug_report boolean No Enable or disable bug report notifications.
notify_milestone_update boolean No Enable or disable milestone update notifications.
notify_governance_proposal boolean No Enable or disable new governance proposal notifications.
notify_team_changes boolean No Enable or disable team entry and exit notifications.
notify_price_alert boolean No Enable or disable price alert notifications.
notify_vesting_event boolean No Enable or disable vesting event notifications.
notify_investment_round boolean No Enable or disable new investment round notifications.
notify_assigned_task boolean No Enable or disable assigned task notifications.
notify_evidence_result boolean No Enable or disable evidence result notifications.
notify_deal_room_activity boolean No Enable or disable deal room activity notifications.
notify_two_factor_activation boolean No Enable or disable 2FA activation security notifications.
hide_public_profile boolean No Hide or show the public profile.
hide_from_searches boolean No Hide or show the user in searches.
anonymous_deal_room_mode boolean No Enable or disable anonymous mode in deal rooms.
hide_token_balance boolean No Hide or show token balance.
hide_smart_company_participation boolean No Hide or show SmartCompany participation.

Responses

Status Description
200 User data updated successfully.
409 Username is already in use by another user.
401 Missing, invalid, or expired token.
422 Validation failed or no updatable field was sent.

Response Fields

Field Type Description
message string Operation result message.
user.id integer User identifier.
user.name string User full name.
user.username string|null User public username.
user.email string User email address.
user.profile_image_path string|null Server path for the user profile image.
user.country string|null User country.
user.timezone string|null User timezone.
user.wallet_address string|null User wallet address.
user.app_language string|null Preferred application language.
user.date_format_region string|null Preferred region for date formatting.
user.theme string|null Preferred application theme.
user.notify_mev_protection boolean Whether MEV protection notifications are enabled.
user.notify_bug_report boolean Whether bug report notifications are enabled.
user.notify_milestone_update boolean Whether milestone update notifications are enabled.
user.notify_governance_proposal boolean Whether new governance proposal notifications are enabled.
user.notify_team_changes boolean Whether team entry and exit notifications are enabled.
user.notify_price_alert boolean Whether price alert notifications are enabled.
user.notify_vesting_event boolean Whether vesting event notifications are enabled.
user.notify_investment_round boolean Whether new investment round notifications are enabled.
user.notify_assigned_task boolean Whether assigned task notifications are enabled.
user.notify_evidence_result boolean Whether evidence result notifications are enabled.
user.notify_deal_room_activity boolean Whether deal room activity notifications are enabled.
user.notify_two_factor_activation boolean Whether 2FA activation security notifications are enabled.
user.hide_public_profile boolean Whether the public profile is hidden.
user.hide_from_searches boolean Whether the user is hidden from searches.
user.anonymous_deal_room_mode boolean Whether anonymous mode is enabled in deal rooms.
user.hide_token_balance boolean Whether token balance is hidden.
user.hide_smart_company_participation boolean Whether SmartCompany participation is hidden.
user.registered_at string UTC registration datetime.
user.last_access_at string|null UTC datetime of the last valid login.
user.password_changed_at string|null UTC datetime of the last password change.
user.invalid_access_count_before_last_access integer Invalid login attempts counted immediately before the last successful login.
user.activated_at string|null UTC activation datetime.
user.status string User status.

Current documentation is generated by scanning PHP attributes on API controllers.