Authentication

  1. Home
  2. Authentication
Laravel Sanctum Token Authentication

ZingoDine API uses Laravel Sanctum for secure, token-based authentication. All API requests must include a valid bearer token.

Security Note: Never share your API tokens. Store them securely and use environment variables in production.
Login Endpoint

POST /api/v1/auth/login

Authenticate a user and receive an access token.

Request Body
{
  "email": "user@example.com",
  "password": "your-password"
}
Success Response (200 OK)
{
  "success": true,
  "data": {
    "token": "1|abc123def456...",
    "user": {
      "id": 1,
      "name": "John Doe",
      "email": "user@example.com",
      "tenant_id": 1
    }
  },
  "message": "Login successful"
}
Error Response (401 Unauthorized)
{
  "success": false,
  "error": {
    "code": "INVALID_CREDENTIALS",
    "message": "Invalid email or password"
  }
}
Using the Token

Include the token in the Authorization header of all subsequent requests:

GET /api/v1/pos/menu-items
Authorization: Bearer 1|abc123def456...
Accept: application/json
Logout Endpoint

POST /api/v1/auth/logout

Revoke the current access token.

Request Headers
Authorization: Bearer YOUR_TOKEN
Accept: application/json
Success Response (200 OK)
{
  "success": true,
  "message": "Logged out successfully"
}
Get Current User

GET /api/v1/auth/user

Retrieve authenticated user information.

Success Response (200 OK)
{
  "success": true,
  "data": {
    "id": 1,
    "name": "John Doe",
    "email": "user@example.com",
    "tenant_id": 1,
    "role": "admin"
  }
}
Code Examples
curl -X POST http://api.zingoapp.local/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "password"
  }'
$response = Http::post('http://api.zingoapp.local/api/v1/auth/login', [
    'email' => 'user@example.com',
    'password' => 'password'
]);

$token = $response->json()['data']['token'];
const response = await fetch('http://api.zingoapp.local/api/v1/auth/login', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Accept': 'application/json'
  },
  body: JSON.stringify({
    email: 'user@example.com',
    password: 'password'
  })
});

const data = await response.json();
const token = data.data.token;