The Admisión Web API uses Laravel Sanctum for token-based authentication. When you successfully log in, Sanctum issues a plain-text personal access token that you include as a Bearer token on every subsequent request to a protected endpoint. Tokens are stored in the database and can be revoked at any time.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/ariellukezz/admision-web/llms.txt
Use this file to discover all available pages before exploring further.
Obtain a Token
Send aPOST request to /api/login with a JSON body containing the user’s email and password. Both fields are required; the request will be rejected with HTTP 400 if either is missing or malformed.
Request Fields
The user’s email address. Must be a valid email format and no longer than 100 characters.
The user’s password.
Successful response — HTTP 200
Response Fields
true when authentication succeeded.Human-readable confirmation message.
The authenticated user record from the
users table.The plain-text Sanctum personal access token. Include this value as
Bearer {token} in the Authorization header of subsequent requests.Validation error — HTTP 400
Invalid credentials — HTTP 401
Use the Token
Once you have a token, pass it in theAuthorization header as a Bearer token on every call to a Sanctum-protected endpoint.
Tokens do not have a built-in expiry time in the default Sanctum configuration. They remain valid until the user logs out (which deletes all tokens for that user) or an administrator revokes them manually. Rotate tokens periodically in long-lived integrations to reduce exposure risk.
Connection Code Lookup
GET /api/get-codigo-conexion/{codigoConexion} allows external systems to retrieve a connection code by passing a code identifier in the URL path. No Sanctum token is required.
Response — HTTP 200
Mobile App Authentication (/api/app)
The API exposes a dedicated authentication group for the mobile application at /api/app/login and /api/app/registro. These endpoints follow the same Sanctum token flow but validate email and password, revoke any previous tokens on login, and return a response envelope that uses success instead of status.