Auth
Base URL: http://192.168.100.250/
Endpoints
Section titled “Endpoints”| Method | Endpoint | Description |
|---|---|---|
| GET | /csrf |
Get CSRF token |
| POST | /login |
Authenticate user |
| POST | /logout |
Logout user |
Get CSRF Token
Section titled “Get CSRF Token”GET /csrfAccept: application/jsonResponse:
{ "token": "abc123def456..."}POST /loginContent-Type: application/jsonRequest Body:
{ "email": "admin@ems.edu.np", "password": "secret123"}Response (200):
{ "success": true, "message": "Login successful", "data": { "user": { "id": 1, "name": "Admin", "email": "admin@ems.edu.np", "role": "superadmin" } }}Error Response (401):
{ "success": false, "message": "Invalid credentials"}Error Response (422):
{ "success": false, "message": "Validation failed", "errors": { "email": ["The email field is required."], "password": ["The password field is required."] }}Logout
Section titled “Logout”POST /logoutAccept: application/jsonX-CSRF-TOKEN: <token>Response (200):
{ "success": true, "message": "Logged out successfully"}- Session cookie is set on successful login — include it in all subsequent requests
- Use
credentials: 'same-origin'in fetch calls to send cookies - CSRF token must be refreshed after each page load