Dashboard
Authentication, authorization, and dashboard overview APIs.
Welcome to the EMS-UGC API documentation. This guide covers all available endpoints for managing students, staff, academic records, examinations, infrastructure, and more.
Base URL: http://192.168.100.250/
Dashboard
Authentication, authorization, and dashboard overview APIs.
Students
Student CRUD, creation, registration, and analytics reports.
Staff
Staff management and reporting endpoints.
Manage
Subjects, academic years, batches, permissions, and roles.
Settings
Campus, faculty programs, semesters, job structure, and EMIS.
Infrastructure
Physical infrastructure management and type definitions.
Graduation
Graduation records and analytics reports.
Examinations
Student registration, exam centres, external exams, and entrance.
All API requests (except /login and /csrf) require a valid session cookie. First authenticate via /login, then include the session cookie in subsequent requests.
Always include these headers in requests:
| Header | Value |
|---|---|
Accept |
application/json |
X-CSRF-TOKEN |
<csrf-token> |
Content-Type |
application/json |
Every state-changing request requires a CSRF token. Fetch it first:
GET /csrfAccept: application/jsonResponse:
{ "token": "abc123..."}Include this token in the X-CSRF-TOKEN header for POST/PUT/DELETE requests.
// 1. Get CSRF tokenconst csrfRes = await fetch('/csrf', { headers: { 'Accept': 'application/json' }});const { token } = await csrfRes.json();
// 2. Make authenticated requestconst res = await fetch('/your-endpoint', { method: 'POST', credentials: 'same-origin', headers: { 'Accept': 'application/json', 'Content-Type': 'application/json', 'X-CSRF-TOKEN': token }, body: JSON.stringify(data)});All responses use the ApiResponse envelope:
{ "success": true, "message": "Operation completed", "data": { ... }}Error response:
{ "success": false, "message": "Validation failed", "errors": { "field": ["Error message"] }}| Code | Meaning |
|---|---|
200 |
Success |
201 |
Created |
400 |
Bad request / validation error |
401 |
Unauthenticated |
403 |
Unauthorized (insufficient permissions) |
404 |
Resource not found |
429 |
Rate limit exceeded |
500 |
Server error |
Paginated endpoints return:
{ "current_page": 1, "per_page": 15, "last_page": 5, "total": 72, "data": [ ... ]}Use ?page=N query parameter to navigate pages.
Dates use Nepali (Bikram Sambat) format: YYYY-MM-DD (e.g., 2081-05-12).
For endpoints accepting file uploads, use multipart/form-data:
const formData = new FormData();formData.append('photo', fileInput.files[0]);formData.append('name', 'John');
await fetch('/endpoint', { method: 'POST', headers: { 'Accept': 'application/json', 'X-CSRF-TOKEN': token }, body: formData});Allowed file types: jpeg, jpg, png, pdf
Max file size: 2MB per file