MENU navbar-image

Introduction

Resource planning and capacity management API

Authenticate by sending `Authorization: Bearer {access_token}` on protected endpoints.

Access tokens are valid for 60 minutes. Use `/api/auth/refresh` with your refresh token to obtain a new access token and refresh token pair.

Authenticating requests

To authenticate requests, include an Authorization header with the value "Bearer Bearer {token}".

All authenticated endpoints are marked with a requires authentication badge in the documentation below.

Get tokens from POST /api/auth/login, send access token as Bearer {token}, and renew with POST /api/auth/refresh before access token expiry.

Authentication

Endpoints for JWT authentication and session lifecycle.

Login and get tokens

requires authentication

Authenticate with email and password to receive an access token and refresh token.

Example request:
curl --request POST \
    "http://localhost/api/api/auth/login" \
    --header "Authorization: Bearer Bearer {token}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"email\": \"user@example.com\",
    \"password\": \"secret123\"
}"

const url = new URL(
    "http://localhost/api/api/auth/login"
);

const headers = {
    "Authorization": "Bearer Bearer {token}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "email": "user@example.com",
    "password": "secret123"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
    "refresh_token": "abc123def456",
    "token_type": "bearer",
    "expires_in": 3600,
    "user": {
        "id": "550e8400-e29b-41d4-a716-446655440000",
        "name": "Alice Johnson",
        "email": "user@example.com",
        "role": "manager"
    }
}

Example response (401):


{
    "message": "Invalid credentials"
}

Example response (403):


{
    "message": "Account is inactive"
}

Example response (422):


{
    "errors": {
        "email": [
            "The email field is required."
        ],
        "password": [
            "The password field is required."
        ]
    }
}

Request      

POST api/auth/login

Headers

Authorization        

Example: Bearer Bearer {token}

Content-Type        

Example: application/json

Accept        

Example: application/json

Body Parameters

email   string     

User email address. Example: user@example.com

password   string     

User password. Example: secret123

Refresh access token

requires authentication

Exchange a valid refresh token for a new access token and refresh token pair.

Example request:
curl --request POST \
    "http://localhost/api/api/auth/refresh" \
    --header "Authorization: Bearer Bearer {token}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"refresh_token\": \"abc123def456\"
}"

const url = new URL(
    "http://localhost/api/api/auth/refresh"
);

const headers = {
    "Authorization": "Bearer Bearer {token}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "refresh_token": "abc123def456"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
    "refresh_token": "newtoken123",
    "token_type": "bearer",
    "expires_in": 3600
}

Example response (401):


{
    "message": "Invalid or expired refresh token"
}

Request      

POST api/auth/refresh

Headers

Authorization        

Example: Bearer Bearer {token}

Content-Type        

Example: application/json

Accept        

Example: application/json

Body Parameters

refresh_token   string     

Refresh token returned by login. Example: abc123def456

Logout current session

requires authentication

Invalidate a refresh token and end the active authenticated session.

Example request:
curl --request POST \
    "http://localhost/api/api/auth/logout" \
    --header "Authorization: Bearer Bearer {token}" \
    --header "Content-Type: application/json" \
    --header "Accept: application/json" \
    --data "{
    \"refresh_token\": \"abc123def456\"
}"

const url = new URL(
    "http://localhost/api/api/auth/logout"
);

const headers = {
    "Authorization": "Bearer Bearer {token}",
    "Content-Type": "application/json",
    "Accept": "application/json",
};

let body = {
    "refresh_token": "abc123def456"
};

fetch(url, {
    method: "POST",
    headers,
    body: JSON.stringify(body),
}).then(response => response.json());

Example response (200):


{
    "message": "Logged out successfully"
}

Request      

POST api/auth/logout

Headers

Authorization        

Example: Bearer Bearer {token}

Content-Type        

Example: application/json

Accept        

Example: application/json

Body Parameters

refresh_token   string  optional    

Optional refresh token to invalidate immediately. Example: abc123def456