Authentication

Author: Josh S. Sakweli, Backend Lead Team
Last Updated: 2025-01-0205
Version: v1.0

Base URL: https://api.fursahub.com/api/v1

Short Description: ~~The~~ Authentication ~~API handles user authentication~~endpoints for Fursa Hub ~~using~~platform. ~~Firebase~~Handles ~~Authentication~~user asregistration/login via Firebase, token management, and session control. All new users start the ~~identity~~onboarding ~~provider.~~flow Itafter ~~supports Google Sign-In, Apple Sign-In, and Email/Password~~successful authentication. ~~After Firebase verification, the API issues custom JWT tokens (access and refresh tokens) for subsequent API calls.~~

Hints:

Firebase IDhandles ~~tokens~~the ~~expire~~actual ~~after~~sign-in 1(Google, ~~hour~~Apple, Email) - ~~always~~your ~~verify~~app ~~before~~gets ~~calling~~a ~~the~~Firebase ~~authenticate~~ID ~~endpoint~~token

Send that Firebase token to our backend to get Fursa Hub access tokens
Access tokens ~~are~~expire ~~valid for~~in 1 ~~hour;~~hour, use refresh ~~tokens~~token ~~are~~to ~~valid~~get ~~for~~new ~~30 days~~ones
~~New~~Pass ~~users~~preferredLanguage ~~are~~and ~~automatically~~theme ~~created on~~during first authentication ~~with onboarding status~~to set touser PENDING_PHONE_VERIFICATION

~~All protected endpoints require Bearer token authentication via the~~ Authorization ~~header~~

~~Supported authentication providers:~~ GOOGLE, APPLE, EMAIL

~~A unique username is auto-generated from the user's email on first registration~~preferences

Authentication Flow

~~Initial~~

┌─────────────────────────────────────────────────────────────────────────┐
Authentication│                        AUTHENTICATION FLOW                               │
├─────────────────────────────────────────────────────────────────────────┤
│                                                                          │
│  1. USER OPENS APP                                                       │
│     └── App shows language selector (Login/Register)

calls UnderstandingGET this/languages)              flow│
is│     critical└── User picks language (e.g., "sw" for frontendSwahili)                    integration:
│
│     User└── signsApp instores vialanguage Firebase+ (Google,theme Apple,preference orlocally                   Email)│
on│                                                                          the│
mobile/web│  client
2. USER SIGNS IN VIA FIREBASE                                          │
│     └── Google Sign-In / Apple Sign-In / Email+Password                 │
│     └── Firebase returns an ID tokenToken                                        │
│                                                                          │
│  3. APP SENDS TO FURSA HUB BACKEND                                      │
│     └── POST /auth/firebase/authenticate                                 │
│     └── Include: firebaseToken, preferredLanguage, theme                │
│                                                                          │
│  4. BACKEND RESPONSE                                                     │
│     ├── NEW USER: Creates account, returns tokens + onboarding status   │
│     └── EXISTING USER: Returns tokens + current onboarding status       │
│                                                                          │
│  5. CHECK ONBOARDING STATUS                                              │
│     └── onboarding.isComplete = false → Navigate to theonboarding client
flow     Client│
sends│     Firebase└── IDonboarding.isComplete token= true → Navigate to POSThome /api/v1/auth/firebase/authenticate
screen          Backend│
verifies│                                                                          Firebase│
token,│  creates6. userTOKEN ifMANAGEMENT                                                     new│
│     └── Store accessToken (or retrieves existing), and returns custom JWT tokens

Client stores tokens securely - access token for API calls,calls)                               refresh│
token│     └── Store refreshToken (for renewal
renewing CheckaccessToken)                   onboarding│
status│     in└── response to determine if user needs to complete onboarding steps


Token Refresh Flow


When access tokenaccessToken expires (you→ receive 401 UNAUTHORIZED), call POST /api/v1/auth/refresh                   │
│                                                                          │
└─────────────────────────────────────────────────────────────────────────┘

Backend validates refresh token and issues a new access token (same refresh token is returned)

Client updates stored access token and retries the failed request


Logout Flow


Client calls POST /api/v1/auth/logout with valid access token

Backend revokes all refresh tokens for the user

Client clears stored tokens locally



Standard Response Format

All API responses follow a consistent structure using our Globe Response Builder pattern:
Success Response Structure
{
  "success": true,
  "httpStatus": "OK",
  "message": "Operation completed successfully",
  "action_time": "2025-01-02T10:05T10:30:45",
  "data": {
    // Actual response data goes here }
}

Error Response Structure
{
  "success": false,
  "httpStatus": "BAD_REQUEST",
  "message": "Error description",
  "action_time": "2025-01-02T10:05T10:30:45",
  "data": "Error description"
}

Standard Response Fields




































Field Type Description
success boolean Always true for successful operations, false for errors
httpStatus string HTTP status name (OK, BAD_REQUEST, NOT_FOUND, etc.)
message string Human-readable message describing the operation result
action_time string ISO 8601 timestamp of when the response was generated
data object/string Response payload for success, error details for failures


Endpoints


1. Authenticate with Firebase
Purpose: Authenticate user withExchange Firebase ID token.token for Fursa Hub access tokens. Creates new user onif first login or returns existing user.time.
Endpoint: POST {base_url}/auth/firebase/authenticate
Access Level: 🌐 Public (No authentication required)
Authentication: None (Firebase token in body)
Request Headers:



Header
Type
Required
Description




Content-Type
string
Yes
Must be application/json



Request JSON Sample:
{
  "firebaseToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "preferredLanguage": "en"sw",
  "theme": "DARK",
  "deviceInfo": "iPhoneAndroid 1414, Pro,Samsung iOSGalaxy 17.2"S24"
}

Request Body Parameters:










Parameter
Type
Required
Description
Validation




firebaseToken
string
Yes
Firebase ID token obtained from Firebase Authclient SDK
Must not be blankvalid Firebase token


preferredLanguage
string
No
User's preferred language codepreference
Valid2-5 codes:chars (e.g., "en", "sw", "fr")
theme string No UI theme preference enum: enLIGHT, swDARK, fr, zh. Defaults to enSYSTEM


deviceInfo
string
No
Device information for securitysession tracking
Max 255 characterschars



Success Response JSON Sample:
{
  "success": true,
  "httpStatus": "OK",
  "message": "Authentication successful",
  "action_time": "2025-01-02T10:05T10:30:45",
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOiI1NTBl.eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refreshToken": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOiI1NTBl.eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "tokenType": "Bearer",
    "expiresIn": 3600,
    "user": {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "email": "john.doe@gmail.user@example.com",
      "username": "johndoe",
      "phoneNumber": null,
      "fullName": "John Doe",
      "profilePhotoUrl": "https://lh3.googleusercontent.com/a/photo.jpg"...",
      "isPhoneVerified": false,
      "isEmailVerified": true,
      "preferredLanguage": "en"sw",
      "theme": "DARK",
      "authProvider": "GOOGLE",
      "role": "ROLE_USER",
      "createdAt": "2025-01-02T10:05T10:30:45"
    },
    "onboarding": {
      "isComplete": false,
      "currentStep": "PENDING_PHONE_VERIFICATION"
    }
  }
}

Success Response Fields:











































Field
Description




accessToken
JWT access token for API authenticationrequests (validexpires forin 1 hour)


refreshToken
JWTToken refreshto token for obtainingget new access tokensaccessToken (validexpires forin 30 days)


tokenType
Token type, alwaysAlways "Bearer"


expiresIn
Access token expiration timelifetime in seconds


user.iduser
UniqueUser userprofile identifier (UUID)information


user.emailtheme
User's emailtheme addresspreference: fromLIGHT, FirebaseDARK, or SYSTEM


user.usernameonboarding.isComplete
Auto-generatedfalse unique= usernamemust complete onboarding, true = can access app


user.phoneNumber User's phone number (null until verified)
user.fullName User's display name from Firebase
user.profilePhotoUrl Profile photo URL from Firebase provider
user.isPhoneVerified Phone verification status
user.isEmailVerified Email verification status from Firebase
user.preferredLanguage User's language preference
user.authProvider Authentication provider: GOOGLE, APPLE, or EMAIL
user.role User's role in the system
user.createdAt Account creation timestamp
onboarding.isComplete Whether user has completed all onboarding steps
onboarding.currentStep
Current onboarding step the(see userOnboarding is ondocs)



Onboarding Status Values:































Status Description Next Action
PENDING_PHONE_VERIFICATION User needs to verify phone number Direct to phone verification screen
PENDING_PREFERENCES User needs to complete preference pages Direct to onboarding preferences
PENDING_PROFILE_COMPLETION User needs to complete profile Direct to profile completion
COMPLETED Onboarding complete Direct to home/dashboard

Error Response JSON Samples:

Invalid or Expired Firebase Token (401):

{
  "success": false,
  "httpStatus": "UNAUTHORIZED",
  "message": "Invalid or expired Firebase token",
  "action_time": "2025-01-02T10:30:45",
  "data": "Invalid or expired Firebase token"
}

Validation Error (422):

{
  "success": false,
  "httpStatus": "UNPROCESSABLE_ENTITY",
  "message": "Validation failed",
  "action_time": "2025-01-02T10:30:45",
  "data": {
    "firebaseToken": "Firebase token is required"
  }
}


2. Refresh Access Token
Purpose: ObtainGet a new access token using a valid refresh token.token when current one expires.
Endpoint: POST {base_url}/auth/refresh
Access Level: 🌐 Public (No authentication required, but requires valid refresh token in body)
Authentication: None (refresh token is passed in request body)

Request Headers:


















Header Type Required Description
Content-Type string Yes Must be application/json
Request JSON Sample:
{
  "refreshToken": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOiI1NTBl.eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Request Body Parameters:



Parameter
Type
Required
Description
Validation




refreshToken
string
Yes
Valid refreshRefresh token obtained from authentication
Must not be blankvalid, non-expired



Success Response JSON Sample:
{
  "success": true,
  "httpStatus": "OK",
  "message": "Token refreshed successfully",
  "action_time": "2025-01-02T11:05T11:30:45",
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOiI1NTBl.eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refreshToken": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOiI1NTBl.eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "tokenType": "Bearer",
    "expiresIn": 3600,
    "user": { "id": "550e8400-e29b-41d4-a716-446655440000",
      "email": "john.doe@gmail.com",
      "username": "johndoe",
      "phoneNumber": "+255712345678",
      "fullName": "John Doe",
      "profilePhotoUrl": "https://lh3.googleusercontent.com/a/photo.jpg",
      "isPhoneVerified": true,
      "isEmailVerified": true,
      "preferredLanguage": "en",
      "authProvider": "GOOGLE",
      "role": "ROLE_USER",
      "createdAt": "2025-01-02T10:30:45"... },
    "onboarding": { "isComplete": true,
      "currentStep": "COMPLETED"... }
  }
}

Success Response Fields:


































Field Description
accessToken New JWT access token (valid for 1 hour)
refreshToken Same refresh token (unchanged)
tokenType Token type, always "Bearer"
expiresIn Access token expiration time in seconds
user Current user profile data
onboarding Current onboarding status

Error Response JSON SamplesResponses:
Invalid Refresh Token (401):
{
  "success": false,
  "httpStatus": "UNAUTHORIZED",
  "message": "Invalid refresh token",
  "action_time": "2025-01-02T10:05T11:30:45",
  "data": "Invalid refresh token"
}

Expired Refresh Token (401):
{
  "success": false,
  "httpStatus": "UNAUTHORIZED",
  "message": "Refresh token expired",
  "action_time": "2025-01-02T10:05T11:30:45",
  "data": "Refresh token expired"
}

Account Inactive or Locked (401):

{
  "success": false,
  "httpStatus": "UNAUTHORIZED",
  "message": "Account is inactive or locked",
  "action_time": "2025-01-02T10:30:45",
  "data": "Account is inactive or locked"
}


3. Logout
Purpose: Logout user and revokeInvalidate all refresh tokens for the account.user, ending all sessions.
Endpoint: POST {base_url}/auth/logout
Access Level: 🔒 Protected (Requires valid access token)
Authentication: Bearer Token
Request Headers:



Header
Type
Required
Description




Authorization
string
Yes
Bearer token: Bearer {accessToken}



Request JSON Sample: No request body required
Success Response JSON Sample:
{
  "success": true,
  "httpStatus": "OK",
  "message": "Logged out successfully",
  "action_time": "2025-01-02T12:05T12:00:00",
  "data": null
}

Success Response Fields:














Field Description
data null (no data returned on logout)

Error Response JSON Samples:

Missing or Invalid Token (401):

{
  "success": false,
  "httpStatus": "UNAUTHORIZED",
  "message": "Token is missing or invalid",
  "action_time": "2025-01-02T10:30:45",
  "data": "Token is missing or invalid"
}

Expired Token (401):

{
  "success": false,
  "httpStatus": "UNAUTHORIZED",
  "message": "Token has expired",
  "action_time": "2025-01-02T10:30:45",
  "data": "Token has expired"
}


4. Get CurrentSupported UserLanguages
Purpose: RetrieveGet thelist currentlyof authenticatedsupported user'slanguages profilefor information.language selector screen.
Endpoint: GET {base_url}/auth/melanguages
Access Level: 🔒🌐 Protected (Requires valid access token)Public
Authentication: Bearer TokenNone

Request Headers:


















Header Type Required Description
Authorization string Yes Bearer token: Bearer {accessToken}
Success Response JSON Sample:
{
  "success": true,
  "httpStatus": "OK",
  "message": "UserLanguages retrieved successfully",
  "action_time": "2025-01-02T10:30:45"05T10:00:00",
  "data": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "john.doe@gmail.com",
    "username": "johndoe",
    "phoneNumber": "+255712345678",
    "fullName": "John Doe",
    "profilePhotoUrl": "https://lh3.googleusercontent.com/a/photo.jpg",
    "isPhoneVerified": true,
    "isEmailVerified": true,
    "preferredLanguage"code": "en",
      "authProvider"name": "GOOGLE"English",
      "role"nativeName": "ROLE_USER"English"
    },
    {
      "code": "sw",
      "createdAt"name": "2025-01-02T10:30:45"Swahili",
      "nativeName": "Kiswahili"
    },
    {
      "code": "fr",
      "name": "French",
      "nativeName": "Français"
    },
    {
      "code": "zh",
      "name": "Chinese",
      "nativeName": "中文"
    }
  ]
}

Success Response Fields:


























































Field Description
id Unique user identifier (UUID)
email User's email address
username Unique username
phoneNumber Verified phone number in E.164 format (e.g., +255712345678)
fullName User's display name
profilePhotoUrl URL to user's profile photo
isPhoneVerified Whether phone number is verified
isEmailVerified Whether email is verified (from Firebase)
preferredLanguage User's preferred language code
authProvider Original authentication provider
role User's role: ROLE_USER, ROLE_MODERATOR, ROLE_ADMIN, ROLE_SUPER_ADMIN
createdAt Account creation timestamp

Error Response JSON Samples:

Unauthorized (401):

{
  "success": false,
  "httpStatus": "UNAUTHORIZED",
  "message": "Token is missing or invalid",
  "action_time": "2025-01-02T10:30:45",
  "data": "Token is missing or invalid"
}


Standard Error Types

Application-Level Exceptions (400-499)














































Status Code HTTP Status When It Occurs
400 BAD_REQUEST General invalid request data, malformed JSON
401 UNAUTHORIZED Token empty, invalid, expired, or malformed; Firebase auth failed
403 FORBIDDEN Account locked, verification required
404 NOT_FOUND Requested resource does not exist
409 CONFLICT Resource already exists (duplicate)
422 UNPROCESSABLE_ENTITY Validation errors with detailed field information
429 TOO_MANY_REQUESTS Rate limit exceeded

Server-Level Exceptions (500+)
















Status Code HTTP Status When It Occurs
500 INTERNAL_SERVER_ERROR Unexpected server errors

Frontend Implementation Guide
TokenStep Storage1: Recommendations
First App Mobile (iOS/Android): Use secure storage (Keychain for iOS, EncryptedSharedPreferences for Android)

Web: Use httpOnly cookies or secure localStorage with proper XSS protection

Never store tokens in plain text or expose them in URLs


Handling Token ExpirationLaunch
1.Show Makelanguage APIselector requestscreen
with access token
2. If 401 UNAUTHORIZED received:
   a.├── Call GET /auth/refresh with refresh token
   b. If refresh successful: Update stored access token, retry original request
   c. If refresh fails (401): Clear all tokens, redirectlanguages to loginget 3.options
Continue├── withUser responseselects language
├── Store locally: selectedLanguage, theme (default: SYSTEM)
└── Navigate to sign-in screen

HandlingStep Onboarding2: StatusSign In
After
Firebase successfulSign-In
authentication,├── checkUse Firebase SDK (Google/Apple/Email)
├── On success, get Firebase ID token
└── Call POST /auth/firebase/authenticate with:
    - firebaseToken
    - preferredLanguage (from step 1)
    - theme (from step 1)
    - deviceInfo (optional)

Step 3: Handle Response

Check response.data.onboarding.currentStep:
isComplete
├── PENDING_PHONE_VERIFICATIONfalse → Navigate to phoneonboarding verificationflow
screen
│   PENDING_PREFERENCES└── Start at response.data.onboarding.currentStep
└── true → Navigate to preference selection screens

PENDING_PROFILE_COMPLETION → Navigate to profile completionhome screen

COMPLETED → Navigate to main app/dashboard



Quick Reference

Authentication Header Format

Authorization: Bearer eyJhbGciOiJIUzI1NiJ9...

SupportedStep Languages4: Store Tokens
Save 
securely:
├── accessToken → For Authorization header
├── refreshToken → For token renewal











Code Language
en English
sw Swahili
fr French
zh Chinese

User Roles











data→For










Role Description
ROLE_USER Standard└── user (default)  
  UI display

Step 5: API Calls

ROLE_MODERATORAll protected endpoints:
├── Add header: Authorization: Bearer {accessToken}
├── On 401 error → Try refresh token
│   ├── Success → Retry original request
│   └── Fail → Force re-login
└── Continue normal flow

Content moderator
ROLE_ADMIN Administrator
ROLE_SUPER_ADMIN Super administrator with full access

~~Field~~	~~Type~~	~~Description~~
`success`	~~boolean~~	~~Always~~ `true` ~~for successful operations,~~ `false` ~~for errors~~
`httpStatus`	~~string~~	~~HTTP status name (OK, BAD_REQUEST, NOT_FOUND, etc.)~~
`message`	~~string~~	~~Human-readable message describing the operation result~~
`action_time`	~~string~~	~~ISO 8601 timestamp of when the response was generated~~
`data`	~~object/string~~	~~Response payload for success, error details for failures~~

Field	Description
`accessToken`	JWT ~~access~~ token for API ~~authentication~~requests (~~valid~~expires ~~for~~in 1 hour)
`refreshToken`	~~JWT~~Token ~~refresh~~to ~~token for obtaining~~get new ~~access tokens~~accessToken (~~valid~~expires ~~for~~in 30 days)
`tokenType`	~~Token type, always~~Always "Bearer"
`expiresIn`	Access token ~~expiration time~~lifetime in seconds
`user.id`user	~~Unique~~User ~~user~~profile ~~identifier (UUID)~~information
`user.email`theme	User's ~~email~~theme ~~address~~preference: ~~from~~LIGHT, ~~Firebase~~DARK, or SYSTEM
`user.username`onboarding.isComplete	~~Auto-generated~~`false` ~~unique~~= ~~username~~must complete onboarding, `true` = can access app
`user.phoneNumber`	~~User's phone number (null until verified)~~
`user.fullName`	~~User's display name from Firebase~~
`user.profilePhotoUrl`	~~Profile photo URL from Firebase provider~~
`user.isPhoneVerified`	~~Phone verification status~~
`user.isEmailVerified`	~~Email verification status from Firebase~~
`user.preferredLanguage`	~~User's language preference~~
`user.authProvider`	~~Authentication provider:~~ `GOOGLE`, `APPLE`~~, or~~ `EMAIL`
`user.role`	~~User's role in the system~~
`user.createdAt`	~~Account creation timestamp~~
`onboarding.isComplete`	~~Whether user has completed all onboarding steps~~
`onboarding.currentStep`	Current onboarding step ~~the~~(see ~~user~~Onboarding ~~is on~~docs)

~~Status~~	~~Description~~	~~Next Action~~
`PENDING_PHONE_VERIFICATION`	~~User needs to verify phone number~~	~~Direct to phone verification screen~~
`PENDING_PREFERENCES`	~~User needs to complete preference pages~~	~~Direct to onboarding preferences~~
`PENDING_PROFILE_COMPLETION`	~~User needs to complete profile~~	~~Direct to profile completion~~
`COMPLETED`	~~Onboarding complete~~	~~Direct to home/dashboard~~

~~Field~~	~~Description~~
`accessToken`	~~New JWT access token (valid for 1 hour)~~
`refreshToken`	~~Same refresh token (unchanged)~~
`tokenType`	~~Token type, always "Bearer"~~
`expiresIn`	~~Access token expiration time in seconds~~
`user`	~~Current user profile data~~
`onboarding`	~~Current onboarding status~~

~~Field~~	~~Description~~
`id`	~~Unique user identifier (UUID)~~
`email`	~~User's email address~~
`username`	~~Unique username~~
`phoneNumber`	~~Verified phone number in E.164 format (e.g., +255712345678)~~
`fullName`	~~User's display name~~
`profilePhotoUrl`	~~URL to user's profile photo~~
`isPhoneVerified`	~~Whether phone number is verified~~
`isEmailVerified`	~~Whether email is verified (from Firebase)~~
`preferredLanguage`	~~User's preferred language code~~
`authProvider`	~~Original authentication provider~~
`role`	~~User's role:~~ `ROLE_USER`, `ROLE_MODERATOR`, `ROLE_ADMIN`, `ROLE_SUPER_ADMIN`
`createdAt`	~~Account creation timestamp~~

Parameter	Type	Required	Description	Validation
`firebaseToken`	string	Yes	Firebase ID token ~~obtained~~ from ~~Firebase Auth~~client SDK	Must ~~not~~ be ~~blank~~valid Firebase token
`preferredLanguage`	string	No	User's ~~preferred~~ language ~~code~~preference	~~Valid~~2-5 ~~codes:~~chars (e.g., "en", "sw", "fr")
theme	string	No	UI theme preference	enum: `enLIGHT`, `swDARK`, `fr`, `zh`~~. Defaults to~~ `enSYSTEM`
`deviceInfo`	string	No	Device information for ~~security~~session tracking	Max 255 ~~characters~~chars

~~Status Code~~	~~HTTP Status~~	~~When It Occurs~~
~~400~~	~~BAD_REQUEST~~	~~General invalid request data, malformed JSON~~
~~401~~	~~UNAUTHORIZED~~	~~Token empty, invalid, expired, or malformed; Firebase auth failed~~
~~403~~	~~FORBIDDEN~~	~~Account locked, verification required~~
~~404~~	~~NOT_FOUND~~	~~Requested resource does not exist~~
~~409~~	~~CONFLICT~~	~~Resource already exists (duplicate)~~
~~422~~	~~UNPROCESSABLE_ENTITY~~	~~Validation errors with detailed field information~~
~~429~~	~~TOO_MANY_REQUESTS~~	~~Rate limit exceeded~~

~~Role~~	~~Description~~
`ROLE_USER`	~~Standard~~└── user ~~(default)~~
UI display Step 5: API Calls `ROLE_MODERATORAll protected endpoints: ├── Add header: Authorization: Bearer {accessToken} ├── On 401 error → Try refresh token │ ├── Success → Retry original request │ └── Fail → Force re-login └── Continue normal flow`	~~Content moderator~~
`ROLE_ADMIN`	~~Administrator~~
`ROLE_SUPER_ADMIN`	~~Super administrator with full access~~

~~Code~~	~~Language~~
`en`	~~English~~
`sw`	~~Swahili~~
`fr`	~~French~~
`zh`	~~Chinese~~