Skip to main content

Admin Authentication

The Admin API uses Bearer token authentication. Only users with administrative roles (Owner, Manager, Developer, Support, Marketing) can access these endpoints.

Login

To authenticate and receive an access token, send a POST request to the /admin/auth/login endpoint: 
POST /admin/auth/login
{
  "email": "[email protected]",
  "password": "your-password"
}
A successful response will include the user details and an access token: 
{
  "success": true,
  "data": {
    "user": {
      "id": 1,
      "first_name": "John",
      "last_name": "Doe",
      "email": "[email protected]",
      "role": {
        "id": 1,
        "name": "Owner",
        "permissions": ["users:list", "users:create", ...]
      }
    },
    "token": {
      "access_token": "1|abcdef123456...",
      "token_type": "Bearer",
      "expires_at": "2025-02-13T10:00:00Z"
    }
  }
}

Using the Token

Include the token in the Authorization header of all subsequent requests: 
Authorization: Bearer 1|abcdef123456...

Token Refresh

Tokens expire after 24 hours. To refresh an existing token before it expires, send a POST request to the /admin/auth/refresh endpoint: 
POST /admin/auth/refresh
Authorization: Bearer 1|abcdef123456...
The response will include a new token: 
{
  "success": true,
  "data": {
    "token": {
      "access_token": "2|ghijkl789012...",
      "token_type": "Bearer",
      "expires_at": "2025-02-14T10:00:00Z"
    }
  }
}

Current User

To get the current authenticated user’s details, send a GET request to the /admin/auth/me endpoint: 
GET /admin/auth/me
Authorization: Bearer 1|abcdef123456...
The response will include the user details and their role: 
{
  "success": true,
  "data": {
    "user": {
      "id": 1,
      "first_name": "John",
      "last_name": "Doe",
      "email": "[email protected]",
      "role": {
        "id": 1,
        "name": "Owner",
        "permissions": ["users:list", "users:create", ...]
      }
    }
  }
}

Password Reset

If you’ve forgotten your password, you can use the password reset flow: Send a POST request to initiate the password reset: 
POST /admin/auth/forgot-password
{
  "email": "[email protected]"
}
A password reset link will be sent to the provided email address.

2. Reset Password

After receiving the reset link, send a POST request to reset the password: 
POST /admin/auth/reset-password
{
  "token": "reset-token-from-email",
  "email": "[email protected]",
  "password": "new-password",
  "password_confirmation": "new-password"
}

Logout

To invalidate the current token, send a POST request to the /admin/auth/logout endpoint: 
POST /admin/auth/logout
Authorization: Bearer 1|abcdef123456...
This will revoke the current token, and it can no longer be used for authentication.