Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/ariellukezz/admision-web/llms.txt

Use this file to discover all available pages before exploring further.

The Admisión Web API uses Laravel Sanctum for token-based authentication. When you successfully log in, Sanctum issues a plain-text personal access token that you include as a Bearer token on every subsequent request to a protected endpoint. Tokens are stored in the database and can be revoked at any time.

Obtain a Token

Send a POST request to /api/login with a JSON body containing the user’s email and password. Both fields are required; the request will be rejected with HTTP 400 if either is missing or malformed.
curl -X POST https://your-domain.com/api/login \
  -H "Content-Type: application/json" \
  -d '{"email": "usuario@unap.edu.pe", "password": "yourpassword"}'

Request Fields

email
string
required
The user’s email address. Must be a valid email format and no longer than 100 characters.
password
string
required
The user’s password.

Successful response — HTTP 200

{
  "status": true,
  "message": "User logged in succesfully",
  "data": {
    "id": 42,
    "name": "Juan Quispe",
    "email": "usuario@unap.edu.pe",
    "id_rol": 1,
    "id_proceso": 9
  },
  "token": "1|abcdefghijklmnopqrstuvwxyz..."
}

Response Fields

status
boolean
true when authentication succeeded.
message
string
Human-readable confirmation message.
data
object
The authenticated user record from the users table.
token
string
The plain-text Sanctum personal access token. Include this value as Bearer {token} in the Authorization header of subsequent requests.

Validation error — HTTP 400

{
  "status": false,
  "errors": ["The email field is required."]
}

Invalid credentials — HTTP 401

{
  "status": false,
  "errors": ["Unauthorized"]
}
Store tokens securely — for example, in encrypted server-side session storage or a secure HTTP-only cookie. Never expose a Sanctum token in client-side JavaScript, browser local storage, or version-controlled source code.

Use the Token

Once you have a token, pass it in the Authorization header as a Bearer token on every call to a Sanctum-protected endpoint.
curl https://your-domain.com/api/get-ingresante/12345678/2024/1 \
  -H "Authorization: Bearer 1|abcdefghijklmnopqrstuvwxyz..."
Tokens do not have a built-in expiry time in the default Sanctum configuration. They remain valid until the user logs out (which deletes all tokens for that user) or an administrator revokes them manually. Rotate tokens periodically in long-lived integrations to reduce exposure risk.

Connection Code Lookup

GET /api/get-codigo-conexion/{codigoConexion} allows external systems to retrieve a connection code by passing a code identifier in the URL path. No Sanctum token is required.
curl https://your-domain.com/api/get-codigo-conexion/MY_CODE_HERE

Response — HTTP 200

{
  "status": true,
  "codigo_conexion": "8hIcptrxisoqUtpvU1YZa9eYaZgViuS0LqI0pq6RfmT3O1QJnyAqzwKQNjzr"
}

Mobile App Authentication (/api/app)

The API exposes a dedicated authentication group for the mobile application at /api/app/login and /api/app/registro. These endpoints follow the same Sanctum token flow but validate email and password, revoke any previous tokens on login, and return a response envelope that uses success instead of status.
curl -X POST https://your-domain.com/api/app/login \
  -H "Content-Type: application/json" \
  -d '{"email": "usuario@unap.edu.pe", "password": "yourpassword"}'

Mobile login response — HTTP 200

{
  "success": true,
  "token": "3|xyz...",
  "user": {
    "id": 42,
    "nombre": "Juan Quispe",
    "email": "usuario@unap.edu.pe",
    "id_rol": 8
  }
}

Mobile login — invalid credentials — HTTP 401

{
  "success": false,
  "message": "Credenciales inválidas"
}
The id_rol field in the user object determines which parts of the application the authenticated user can access. Role 1 is the administrator role; role 8 is the standard applicant-facing mobile role.

Build docs developers (and LLMs) love