Skip to main content

Overview

MediaStream uses Laravel Fortify to provide a robust, secure authentication system with support for standard login, user registration, and two-factor authentication (2FA). All authentication endpoints use session-based authentication with CSRF protection. API clients must include a valid CSRF token with requests that modify data.

Authentication Features

User Registration

Create new user accounts with email and password

Login

Authenticate users with email and password

Two-Factor Authentication

Enhanced security with TOTP-based 2FA

Session Management

Automatic session handling and token rotation

Security Features

Rate Limiting

Authentication endpoints are protected by rate limiting to prevent brute-force attacks:
  • Login: 5 attempts per minute per email and IP address combination
  • Two-Factor Challenge: 5 attempts per minute per session
After exceeding the rate limit, clients will receive a 429 Too Many Requests response and must wait before retrying.

CSRF Protection

All authentication endpoints require CSRF token validation. The token must be:
  1. Retrieved from the /sanctum/csrf-cookie endpoint
  2. Included in the X-XSRF-TOKEN header for all subsequent requests

Password Requirements

Passwords must meet Laravel’s default password validation rules:
  • Minimum 8 characters
  • Must be confirmed (matching password_confirmation field)
  • Cannot be commonly used passwords

Base URL

All authentication endpoints are relative to your application’s base URL: 
https://your-domain.com
Fortify routes are registered with no prefix by default.

Authentication Flow

Standard Login Flow

Two-Factor Authentication Flow

Common Response Codes

200
OK
Authentication successful
401
Unauthorized
Invalid credentials or authentication required
422
Unprocessable Entity
Validation errors in request data
429
Too Many Requests
Rate limit exceeded

Error Response Format

Validation errors follow Laravel’s standard format: 
{
  "message": "The given data was invalid.",
  "errors": {
    "email": [
      "The email field is required."
    ],
    "password": [
      "The password field is required."
    ]
  }
}

Next Steps

Register Users

Create new accounts

Login

Authenticate users

Enable 2FA

Setup two-factor auth

Build docs developers (and LLMs) love

Get started for freeTalk to us