Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Jcofles/Proyecto-web/llms.txt

Use this file to discover all available pages before exploring further.

UniMaps uses a layered authentication system to keep your account and campus navigation data secure. Every request to protected features requires a valid session token, and you have multiple ways to prove your identity — even if you forget your password.

Authentication layers

UniMaps combines three independent mechanisms to protect your account:
LayerWhen it applies
Email + passwordStandard login for every session
Two-factor authentication (2FA)Optional second step via email code
Secure key (.jw file)Emergency access when email or password is unavailable
All three mechanisms are available at the login screen. You choose which one to use on any given sign-in.

How tokens work

After a successful login, the API issues a Laravel Sanctum Bearer token. UniMaps stores this token in localStorage under the key auth_token and attaches it to every subsequent API request as an Authorization header: 
Authorization: Bearer <your_token>
To obtain a token, send your credentials to: 
POST /api/auth/login
Content-Type: application/json

{
  "email": "tu@correo.com",
  "password": "tuContraseña"
}
A successful response returns the token in the token field. If 2FA is enabled, the response instead returns "two_factor_required": true and no token — you must complete the code verification step first.

Login flow

1

Enter your credentials

Go to the login page and provide your registered email address and password.
2

2FA check (if enabled)

If you have two-factor authentication enabled, UniMaps emails you a 12-character code. Enter it on the verification screen. The code expires in 3 minutes.
3

Token issued

On successful authentication, the API returns a Sanctum Bearer token. The frontend saves it to localStorage.
4

Authenticated requests

Every request to a protected endpoint automatically includes the Authorization: Bearer <token> header, granting access to the campus map, route planning, and your profile.

Account statuses

Your account can be in one of four states. Your ability to log in depends on which state you are in:
StatusWhat it means for you
activoYour account is verified and fully functional.
inactivoYour account exists but is not currently accessible. Contact support.
bloqueadoAccess has been suspended, usually after repeated failed login attempts or an admin action. You cannot log in while blocked.
eliminadoYour account has been soft-deleted and is no longer accessible.
Only accounts in the activo state can complete a login.

Brute-force protection

UniMaps limits incorrect login attempts to protect your account. After 5 consecutive failed attempts, your account is locked out for 15 minutes. During the lockout period the login button is disabled and a countdown timer is shown.
If you are locked out, wait for the countdown to expire or use the password recovery flow. Do not continue guessing — every failed attempt during a lockout extends the wait.

Where to go next

Create an Account

Learn how to register and verify your email address to activate your UniMaps account.

Two-Factor Authentication

Add an extra layer of security by requiring a time-limited email code on every login.

Secure Key Recovery

Download your .jw recovery file and learn how to use it if you ever lose access to your password or email.

Build docs developers (and LLMs) love

Get started for freeTalk to us