Documentation Index
Fetch the complete documentation index at: https://mintlify.com/AugustoMelara-Dev/Vito-Business-OS/llms.txt
Use this file to discover all available pages before exploring further.
Overview
The API uses Laravel Sanctum token-based authentication. Every protected endpoint requires a valid bearer token in theAuthorization request header.
auth:sanctum middleware return 401 Unauthenticated when no valid token is present.
Obtaining a token
You can get a token through two flows:Email / password registration
CallPOST /api/v1/register. On success the response includes an accessToken field. Store this token and attach it to subsequent requests.
OTP flow
- Call
POST /api/v1/otp/generatewith an email or phoneidentifier. Receives a UUID back. - Call
POST /api/v1/otp/verifywith that UUID and the 6-digit OTP code. Returns an access token on success.
Social login
CallPOST /api/v1/auth/social with an OAuth provider token. Returns an access token and a redirect hint.
See Auth endpoints for the full request/response details of each flow.
Example authenticated request
Token scopes
Sanctum tokens issued by this API do not use granular scopes. All tokens grant access to every endpoint the authenticated user is authorized to reach based on tenant ownership and role.| Token name | Issued by |
|---|---|
api-token | Email/password registration |
social-api-token | Social login (POST /api/v1/auth/social) |
Middleware reference
| Middleware | Purpose |
|---|---|
auth:sanctum | Requires a valid Sanctum bearer token. |
tenant.ownership | Ensures the authenticated user owns the resolved tenant. Applied to all protected tenant routes. |
Tokens do not expire automatically. Revoke them through the Sanctum token management interface or directly in the
personal_access_tokens table.