Skip to content

Auth

Base URL: http://192.168.100.250/


Method Endpoint Description
GET /csrf Get CSRF token
POST /login Authenticate user
POST /logout Logout user

GET /csrf
Accept: application/json

Response:

{
"token": "abc123def456..."
}

POST /login
Content-Type: application/json

Request Body:

{
"email": "admin@ems.edu.np",
"password": "secret123"
}

Response (200):

{
"success": true,
"message": "Login successful",
"data": {
"user": {
"id": 1,
"name": "Admin",
"email": "admin@ems.edu.np",
"role": "superadmin"
}
}
}

Error Response (401):

{
"success": false,
"message": "Invalid credentials"
}

Error Response (422):

{
"success": false,
"message": "Validation failed",
"errors": {
"email": ["The email field is required."],
"password": ["The password field is required."]
}
}

POST /logout
Accept: application/json
X-CSRF-TOKEN: <token>

Response (200):

{
"success": true,
"message": "Logged out successfully"
}

  • Session cookie is set on successful login — include it in all subsequent requests
  • Use credentials: 'same-origin' in fetch calls to send cookies
  • CSRF token must be refreshed after each page load