Overview The Viax API uses session-based authentication. After successful login, the API returns user information that should be stored and included in subsequent requests where required.
Currently, the API does not use JWT tokens or API keys. Authentication is managed through session data on the client side. Future versions may implement token-based authentication.
Authentication Flow
Register or Login
Create an account using /auth/register.php or login with /auth/login.php
Store User Data
Save the returned user object, including the id and uuid fields
Include User ID
Send the userId or conductor_id in requests that require authentication
Login Request To authenticate a user:
curl -X POST https://76.13.114.194/auth/login.php \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -d '{ "email": "[email protected] ", "password": "yourPassword123" }'
Login Response Successful authentication returns:
{ "success" : true , "message" : "Login exitoso" , "user" : { "id" : 123 , "uuid" : "550e8400-e29b-41d4-a716-446655440000" , "nombre" : "Juan" , "apellido" : "Pérez" , "email" : "[email protected] " , "telefono" : "+573001234567" , "tipo_usuario" : "pasajero" , "creado_en" : "2024-01-15T10:30:00.000Z" , "calificacion" : 4.8 , "location" : { "id" : 1 , "usuario_id" : 123 , "direccion" : "Calle 100 #15-20" , "ciudad" : "Bogotá" , "departamento" : "Cundinamarca" , "pais" : "Colombia" , "latitud" : 4.7110 , "longitud" : -74.0721 , "es_principal" : true } }, "token" : null , "token_expires_at" : null }
User Types The API supports different user types specified in the tipo_usuario field:
User role in the system Possible values:
pasajero - Regular passenger userconductor - Driver useradmin - Administrative userempresa - Company/fleet user Authenticated Requests Include the user ID in requests that require authentication:
As Query Parameter curl -X GET "https://76.13.114.194/auth/profile.php?userId=123" \ -H "Accept: application/json"
In Request Body curl -X POST https://76.13.114.194/viajes/create_trip.php \ -H "Content-Type: application/json" \ -d '{ "usuario_id": 123, "tipo_servicio": "motocicleta", "origen": {...}, "destino": {...} }'
Checking Authentication Status Verify if a user account exists:
curl -X POST https://76.13.114.194/auth/check_user.php \ -H "Content-Type: application/json" \ -d '{"email": "[email protected] "}'
Response:
Session Management The client application is responsible for managing user sessions. Store user data securely using:
Secure local storage
Encrypted shared preferences (mobile)
HTTP-only cookies (web)
Session Data Structure Store the following data from the login response:
class AuthSession { final User user; // Complete user object final String ? token; // Currently null, reserved for future use final DateTime ? tokenExpiresAt; final DateTime loginAt; // Timestamp of login }
Logout Currently, logout is handled client-side by clearing stored session data. No server-side logout endpoint is required.
To logout:
Clear stored user data from local storage
Clear any cached information
Redirect to login screen
Password Requirements Implement strong password requirements in your client application:
Minimum 8 characters
Mix of uppercase and lowercase
Include numbers
Include special characters
Security Best Practices
Use HTTPS Always use HTTPS in production to encrypt data in transit
Store Securely Never store passwords. Only store user IDs and non-sensitive data
Validate Input Validate all user input before sending to API
Handle Errors Properly handle authentication errors and timeouts
Common Authentication Errors Status Code Error Description 401 Unauthorized Invalid credentials 403 Forbidden User account is inactive or blocked 404 Not Found User does not exist 500 Server Error Internal server error
See Error Handling for more details.