Dashboard
Auth
Authentication & Authorization API
Base URL: http://192.168.100.250/
Endpoints
| Method | Endpoint | Description |
|---|---|---|
| GET | /csrf | Get CSRF token |
| POST | /login | Authenticate user |
| POST | /logout | Logout user |
Get CSRF Token
GET /csrf
Accept: application/jsonResponse:
{
"token": "abc123def456..."
}
Login
POST /login
Content-Type: application/jsonRequest Body:
{
"email": "admin@ems.edu.np",
"password": "secret123"
}Response (200):
{
"success": true,
"message": "Login successful",
"data": {
"user": {
"id": 1,
"name": "Admin",
"email": "admin@ems.edu.np",
"role": "superadmin"
}
}
}Error Response (401):
{
"success": false,
"message": "Invalid credentials"
}Error Response (422):
{
"success": false,
"message": "Validation failed",
"errors": {
"email": ["The email field is required."],
"password": ["The password field is required."]
}
}Logout
POST /logout
Accept: application/json
X-CSRF-TOKEN: <token>Response (200):
{
"success": true,
"message": "Logged out successfully"
}Notes
- Session cookie is set on successful login — include it in all subsequent requests
- Use
credentials: 'same-origin'in fetch calls to send cookies - CSRF token must be refreshed after each page load