diff --git a/KTA_Digital.postman_collection.json b/KTA_Digital.postman_collection.json
new file mode 100644
index 0000000..851a18b
--- /dev/null
+++ b/KTA_Digital.postman_collection.json
@@ -0,0 +1,238 @@
+{
+	"info": {
+		"_postman_id": "kta-digital-api",
+		"name": "KTA Digital API",
+		"description": "Koleksi API untuk Project KTA Digital (Personel & Auth)",
+		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+	},
+	"item": [
+		{
+			"name": "Auth",
+			"item": [
+				{
+					"name": "Login Admin",
+					"request": {
+						"method": "POST",
+						"header": [],
+						"body": {
+							"mode": "urlencoded",
+							"urlencoded": [
+								{
+									"key": "username",
+									"value": "dhivaadmin",
+									"type": "text"
+								},
+								{
+									"key": "password",
+									"value": "dhivaadmin",
+									"type": "text"
+								}
+							]
+						},
+						"url": {
+							"raw": "{{baseUrl}}/auth",
+							"host": [
+								"{{baseUrl}}"
+							],
+							"path": [
+								"auth"
+							]
+						},
+						"description": "Login sebagai dhivaadmin. Response akan berisi Authorization & ClientSecret."
+					},
+					"response": []
+				},
+				{
+					"name": "Login User (NRP)",
+					"request": {
+						"method": "POST",
+						"header": [],
+						"body": {
+							"mode": "urlencoded",
+							"urlencoded": [
+								{
+									"key": "username",
+									"value": "83121540",
+									"type": "text"
+								},
+								{
+									"key": "password",
+									"value": "83121540",
+									"type": "text"
+								}
+							]
+						},
+						"url": {
+							"raw": "{{baseUrl}}/auth",
+							"host": [
+								"{{baseUrl}}"
+							],
+							"path": [
+								"auth"
+							]
+						}
+					},
+					"response": []
+				}
+			]
+		},
+		{
+			"name": "Personel",
+			"item": [
+				{
+					"name": "Get Profil (Plain NRP)",
+					"request": {
+						"method": "GET",
+						"header": [],
+						"url": {
+							"raw": "{{baseUrl}}/personel/profil?nrp=83121540",
+							"host": [
+								"{{baseUrl}}"
+							],
+							"path": [
+								"personel",
+								"profil"
+							],
+							"query": [
+								{
+									"key": "nrp",
+									"value": "83121540"
+								}
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Get Profil (Encrypted NRP)",
+					"request": {
+						"method": "GET",
+						"header": [],
+						"url": {
+							"raw": "{{baseUrl}}/personel/profil?nrp=ENCRYPTED_STRING_HERE",
+							"host": [
+								"{{baseUrl}}"
+							],
+							"path": [
+								"personel",
+								"profil"
+							],
+							"query": [
+								{
+									"key": "nrp",
+									"value": "ENCRYPTED_STRING_HERE",
+									"description": "Ganti dengan hasil dari generate-link"
+								}
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Get DRH (Riwayat Hidup)",
+					"request": {
+						"method": "GET",
+						"header": [],
+						"url": {
+							"raw": "{{baseUrl}}/personel/drh?nrp=83121540&otp=4444",
+							"host": [
+								"{{baseUrl}}"
+							],
+							"path": [
+								"personel",
+								"drh"
+							],
+							"query": [
+								{
+									"key": "nrp",
+									"value": "83121540"
+								},
+								{
+									"key": "otp",
+									"value": "4444"
+								}
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Generate Encrypted Link",
+					"request": {
+						"method": "POST",
+						"header": [
+							{
+								"key": "Authorization",
+								"value": "{{token}}",
+								"type": "text"
+							},
+							{
+								"key": "ClientSecret",
+								"value": "{{clientSecret}}",
+								"type": "text"
+							}
+						],
+						"body": {
+							"mode": "urlencoded",
+							"urlencoded": [
+								{
+									"key": "nrp",
+									"value": "83121540",
+									"type": "text"
+								}
+							]
+						},
+						"url": {
+							"raw": "{{baseUrl}}/personel/generate-link",
+							"host": [
+								"{{baseUrl}}"
+							],
+							"path": [
+								"personel",
+								"generate-link"
+							]
+						}
+					},
+					"response": []
+				}
+			]
+		}
+	],
+	"event": [
+		{
+			"listen": "prerequest",
+			"script": {
+				"type": "text/javascript",
+				"exec": [
+					""
+				]
+			}
+		},
+		{
+			"listen": "test",
+			"script": {
+				"type": "text/javascript",
+				"exec": [
+					""
+				]
+			}
+		}
+	],
+	"variable": [
+		{
+			"key": "baseUrl",
+			"value": "http://localhost:8080",
+			"type": "string"
+		},
+		{
+			"key": "token",
+			"value": "PASTE_TOKEN_HERE",
+			"type": "string"
+		},
+		{
+			"key": "clientSecret",
+			"value": "PASTE_CLIENT_SECRET_HERE",
+			"type": "string"
+		}
+	]
+}
diff --git a/app/Controllers/PersonelController.php b/app/Controllers/PersonelController.php
index 0b064be..89afd53 100644
--- a/app/Controllers/PersonelController.php
+++ b/app/Controllers/PersonelController.php
@@ -29,12 +29,12 @@ class PersonelController extends BaseController
         $nrp = $inputNrp;
         if (!is_numeric($inputNrp)) {
             try {
-                $nrp = DhivaAES::base64url_decode($inputNrp);
-                if (!$nrp) {
-                    $nrp = $inputNrp; // Fallback to original if decryption fails
+                $decrypted = DhivaAES::base64url_decode($inputNrp);
+                if ($decrypted !== false && !empty($decrypted)) {
+                    $nrp = $decrypted;
                 }
             } catch (\Exception $e) {
-                $nrp = $inputNrp;
+                // Keep original if crash
             }
         }
 
diff --git a/composer.json b/composer.json
index 285ce38..252dfad 100644
--- a/composer.json
+++ b/composer.json
@@ -12,6 +12,7 @@
 	"require": {
 		"php": "^7.4 || ^8.0",
 		"codeigniter4/framework": "^4.0",
+		"firebase/php-jwt": "^7.0",
 		"guzzlehttp/guzzle": "^7.10",
 		"mobiledetect/mobiledetectlib": "^4.8",
 		"ramsey/uuid": "^4.9",