Authentication
Following steps are included in the authentication process:
- Register
- Verify email (if required)
- Login
- Get authenticated user
- Save profile
- Change password
- Logout
- Send password reset link
- Reset password
Register
This API allows you to register a new user to the social network. It will return an error if the email already exists in the database. If the email verification is enabled from admin panel, then it will also sends an email to the provided email address to verify the email.
URL = http://localhost:8000/api/register
Method = POST
Headers
| Accept | application/json |
Parameters
| Key | Type | Required |
|---|---|---|
| name | string | Yes |
| string | Yes | |
| password | string | Yes |
Response
Status = 200
{
"status": "success",
"message": "Account has been created. Please login now.",
"verification": true
}
- If “verification” is true, then the verify-email API is required in the next step.
- If “verification” is false, goto login API.
Verify email
Verfies the user email if the “verification” from register API is true. Otherwise, you can skip this step.
URL = http://localhost:8000/api/verify-email
Method = POST
Headers
| Accept | application/json |
Parameters
| Key | Type | Required |
|---|---|---|
| string | Yes | |
| code | string | Yes |
- code: The email verification code you have recieved in your inbox.
Response
Status = 200
{
"status": "success",
"message": "Account has been verified. You can login now."
}
Login
Authenticates the user using his email and password. If the email verification is allowed and the user has not yet verifies his email, then it will return an error.
URL = http://localhost:8000/api/login
Method = POST
Headers
| Accept | application/json |
Parameters
| Key | Type | Required |
|---|---|---|
| string | Yes | |
| password | string | Yes |
Response
Status = 200
{
"status": "success",
"message": "Login successfully.",
"access_token": "4|aPee2JhDXFizoHLS0D7Ye6h7K3y3pRNnaG7HZvxd3f1ba673"
}
- Save “access_token” in your client application’s local storage. This will be used in headers of other APIs where authentication is required.
Get authenticated user
Return the authenticated user if logged-in. Otherwise, it will return status code = 401 Unuthorized. It will also return the number of unread messages user has. You will more about messages in Messages API section.
URL = http://localhost:8000/api/me
Method = POST
Headers
| Accept | application/json |
| Authorization | Bearer {access_token} |
Response
Status = 200
{
"status": "success",
"message": "Data has been fetched.",
"user": {
"id": 2,
"name": "Adnan Afzal",
"email": "support@adnan-tech.com",
"profile_image": "http://localhost:8000/storage/users/2/profile-1727853217-IMG_0025.JPG"
},
"new_messages": 0
}
- new_messages: Number of unread messages this user has. More on this in Message API section.
Save profile
Saves the user profile name and image (if provided). If user has provided a profile image, then it will delete the previous profile image of that user.
URL = http://localhost:8000/api/save-profile
Method = POST
Headers
| Accept | application/json |
| Authorization | Bearer {access_token} |
Parameters
| Key | Type | Required |
|---|---|---|
| string | Yes | |
| profile_image | file (image only) | No |
Response
Status = 200
{
"status": "success",
"message": "Profile has been saved."
}
Change password
Changes the password of the authenticated user. User must provide the current and the new password. It will first check if the current password is correct. If it is correct, then it will update the password. Otherwise, it will return an error.
URL = http://localhost:8000/api/change-password
Method = POST
Headers
| Accept | application/json |
| Authorization | Bearer {access_token} |
Parameters
| Key | Type | Required |
|---|---|---|
| current_password | string | Yes |
| new_password | string | Yes |
Response
Status = 200
{
"status": "success",
"message": "Password has been changed."
}
Logout
Logs out the current user. Basically, it deletes the user access token from database. It is recommended to remove the access token from local storage too from client application.
URL = http://localhost:8000/api/logout
Method = POST
Headers
| Accept | application/json |
| Authorization | Bearer {access_token} |
Response
Status = 200
{
"status": "success",
"message": "User has been logged-out."
}
Send password reset link
If you forgot your password, you can call this API to email you instructions to reset your password. Make sure you have set SMTP configurations from admin panel in order to send the email.
URL = http://localhost:8000/api/send-password-reset-link
Method = POST
Headers
| Accept | application/json |
Parameters
| Key | Type | Required |
|---|---|---|
| string | Yes |
Response
Status = 200
{
"status": "success",
"message": "Instructions to reset password has been sent."
}
Reset password
After clicking the link from email from previous step, you can call this API to reset your password. You need to provide your email and token you have received in your email. The token will be attached in the URL and will not be visible in the email. Then you must enter your password 2 times to reset it.
URL = http://localhost:8000/api/reset-password
Method = POST
Headers
| Accept | application/json |
Parameters
| Key | Type | Required |
|---|---|---|
| string | Yes | |
| token | string | Yes |
| password | string | Yes |
| password_confirmation | string | Yes (must be same as password) |
- token: This is the string passed in the email when you request to send a password reset link in the previous step.
Response
Status = 200
{
"status": "success",
"message": "Password has been reset."
}
