{"message":"Employee Attendance API with Universal Authentication","version":"3.0.0","authentication":{"employee_users":["1. POST /auth/send-otp - Send OTP to phone number (OTP method)","2. POST /auth/verify-otp-and-login - Verify OTP, get tokens (OTP method)","OR","1. POST /auth/user-login - Login with username/password","2. Use 'Authorization: Bearer <access_token>' for protected endpoints","3. POST /auth/refresh-token - Refresh expired access token"],"location_users":["1. POST /auth/user-login - Login with location credentials","2. Receive JWT token + all assigned employee data","3. Use 'Authorization: Bearer <access_token>' for protected endpoints","4. Legacy devices can still use default token"],"super_admin":["1. POST /auth/super-admin-login - Login with username/password","2. Use 'Authorization: Bearer <access_token>' for protected endpoints"]},"security_features":["JWT access tokens (15 min for employees, 24h for locations)","Refresh tokens (7 day expiry)","Role-based access control (RBAC)","Security event logging","Universal authentication (supports both employee and location users)","Legacy default token support","CORS restrictions","Security headers"],"key_endpoints":{"authentication":["POST /auth/user-login","POST /auth/send-otp","POST /auth/verify-otp-and-login","POST /auth/super-admin-login","GET /auth/me","GET /auth/validate-user-session"],"attendance":["POST /attendance-v2","GET /attendance-v2/{target_date}"],"locations":["GET /my-locations","POST /check-location","GET /work-locations"],"employee_data":["GET /employee-data","GET /location/assigned-employees"],"face_recognition":["POST /generate-embedding","POST /location/face-recognition","POST /compare-faces","POST /recognize-face"],"admin":["POST /admin/register-employee","POST /work-locations","POST /assign-employee-location","POST /admin/assign-super-admin-role"]}}