EMS-UGC API Documentation
General API notes, authentication, required headers, and important information
Base URL: http://192.168.100.250/
Authentication
All API requests (except /login and /csrf) require a valid session cookie. First authenticate via /login, then include the session cookie in subsequent requests.
Required Headers
Always include these headers in requests:
| Header | Value |
|---|---|
Accept | application/json |
X-CSRF-TOKEN | <csrf-token> |
Content-Type | application/json |
CSRF Token
Every state-changing request requires a CSRF token. Fetch it first:
GET /csrf
Accept: application/jsonResponse:
{
"token": "abc123..."
}Include this token in the X-CSRF-TOKEN header for POST/PUT/DELETE requests.
Example Request
// 1. Get CSRF token
const csrfRes = await fetch('/csrf', {
headers: { 'Accept': 'application/json' }
});
const { token } = await csrfRes.json();
// 2. Make authenticated request
const res = await fetch('/your-endpoint', {
method: 'POST',
credentials: 'same-origin',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
'X-CSRF-TOKEN': token
},
body: JSON.stringify(data)
});Response Format
All responses use the ApiResponse envelope:
{
"success": true,
"message": "Operation completed",
"data": { ... }
}Error response:
{
"success": false,
"message": "Validation failed",
"errors": {
"field": ["Error message"]
}
}Status Codes
| Code | Meaning |
|---|---|
200 | Success |
201 | Created |
400 | Bad request / validation error |
401 | Unauthenticated |
403 | Unauthorized (insufficient permissions) |
404 | Resource not found |
429 | Rate limit exceeded |
500 | Server error |
Pagination
Paginated endpoints return:
{
"current_page": 1,
"per_page": 15,
"last_page": 5,
"total": 72,
"data": [ ... ]
}Use ?page=N query parameter to navigate pages.
Date Format
Dates use Nepali (Bikram Sambat) format: YYYY-MM-DD (e.g., 2081-05-12).
File Uploads
For endpoints accepting file uploads, use multipart/form-data:
const formData = new FormData();
formData.append('photo', fileInput.files[0]);
formData.append('name', 'John');
await fetch('/endpoint', {
method: 'POST',
headers: {
'Accept': 'application/json',
'X-CSRF-TOKEN': token
},
body: formData
});Allowed file types: jpeg, jpg, png, pdf
Max file size: 2MB per file