Skip to content
Trakli Docs

Authentication

The Trakli API uses Laravel Sanctum token authentication. You obtain a bearer token by registering or logging in, then send it on every authenticated request.

Base URL and versioning

Section titled “Base URL and versioning”

Public, unauthenticated routes live at the root of /api. Authenticated resource routes live under /api/v1.

https://api.your-domain.example/api        # public routes
https://api.your-domain.example/api/v1     # authenticated routes

The response envelope

Section titled “The response envelope”

Every endpoint returns the same JSON envelope.

{
  "success": true,
  "message": "Operation successful",
  "data": {}
}

On failure, success is false and the body carries a message and, for validation errors, the offending fields.

{
  "success": false,
  "message": "The given data was invalid.",
  "errors": {
    "amount": ["The amount field is required."]
  }
}

List endpoints add pagination and sync metadata alongside data, including the last sync time and the page counters.

Get a token

Section titled “Get a token”

Register or log in on the public auth routes. These are provided by the authentication layer and do not require a token.

Terminal window
# Register
curl -X POST https://api.your-domain.example/api/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "you@example.com",
    "password": "your-password-here"
  }'


# Log in
curl -X POST https://api.your-domain.example/api/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "you@example.com",
    "password": "your-password-here"
  }'

A successful login returns a bearer token in the response data. Store it securely; treat it like a password.

Use the token

Section titled “Use the token”

Send the token in the Authorization header on every request to /api/v1.

Terminal window
curl https://api.your-domain.example/api/v1/user \
  -H "Authorization: Bearer your-token-here" \
  -H "Accept: application/json"

The middleware on these routes is auth:sanctum. A missing or invalid token returns 401 Unauthorized.

Other auth routes

Section titled “Other auth routes”

The authentication layer also provides:

  • POST /api/send-verification-code and POST /api/verify-code for email verification.
  • POST /api/password/reset-code and POST /api/password/reset for password resets.
  • POST /api/logout (authenticated) to revoke the current token.

Current user

Section titled “Current user”

To confirm a token works and to read the current account:

Terminal window
curl https://api.your-domain.example/api/v1/user \
  -H "Authorization: Bearer your-token-here"

HTTP status codes

Section titled “HTTP status codes”
CodeMeaning
200Success
201Created
401Missing or invalid token
404Not found
422Validation failed
500Server error