Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/astrxnomo/tourify/llms.txt

Use this file to discover all available pages before exploring further.

Authentication is handled via Laravel Sanctum and uses opaque bearer tokens. On a successful register or login the API returns a plain-text token that must be included in the Authorization: Bearer <token> header for every protected request.

Register

POST /api/auth/register Creates a new user account and returns the newly created user object together with a Sanctum bearer token. New accounts are assigned the default role (role_id: 2). Authentication: Not required.

Request body

name
string
required
The user’s display name. Maximum 255 characters.
email
string
required
A valid, unique email address. Must not already exist in the users table.
password
string
required
Plain-text password. Minimum 8 characters. Must match password_confirmation.
password_confirmation
string
required
Must be identical to password. Used for server-side confirmation; not stored.

Response — 201 Created

user
object
The newly created user resource.
token
string
Plain-text Sanctum bearer token. Store this securely on the client and include it in subsequent authenticated requests as Authorization: Bearer <token>.
Example request
curl -X POST http://localhost:8000/api/auth/register \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "name": "Ada Lovelace",
    "email": "ada@example.com",
    "password": "secret1234",
    "password_confirmation": "secret1234"
  }'
Example response (201)
{
  "user": {
    "id": 42,
    "name": "Ada Lovelace",
    "email": "ada@example.com",
    "role_id": 2,
    "push_token": null,
    "created_at": "2026-05-15T10:30:00.000000Z",
    "updated_at": "2026-05-15T10:30:00.000000Z"
  },
  "token": "1|aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789"
}

Login

POST /api/auth/login Validates credentials and returns the authenticated user along with a fresh Sanctum bearer token. Authentication: Not required.

Request body

email
string
required
The email address of the registered account.
password
string
required
The plain-text password for the account.

Response — 200 OK

user
object
The authenticated user resource (same shape as the register response).
token
string
Plain-text Sanctum bearer token for subsequent authenticated requests.
If the email is not found or the password is incorrect, the API returns 422 Unprocessable Content with a validation error on the email field. The response intentionally does not distinguish between the two cases.
Example request
curl -X POST http://localhost:8000/api/auth/login \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "email": "ada@example.com",
    "password": "secret1234"
  }'
Example response (200)
{
  "user": {
    "id": 42,
    "name": "Ada Lovelace",
    "email": "ada@example.com",
    "role_id": 2,
    "push_token": null,
    "created_at": "2026-05-15T10:30:00.000000Z",
    "updated_at": "2026-05-15T10:30:00.000000Z"
  },
  "token": "2|xYzAbCdEfGhIjKlMnOpQrStUvWxYz9876543210"
}
Example response (422)
{
  "message": "Las credenciales no son correctas.",
  "errors": {
    "email": ["Las credenciales no son correctas."]
  }
}

Logout

POST /api/auth/logout Deletes the bearer token that was used to make this request, effectively ending the current session. Other active tokens belonging to the same user are not affected.
This endpoint requires authentication. Include your bearer token in the Authorization header.
Authentication: Required (auth:sanctum).

Response — 200 OK

message
string
A confirmation message indicating the session was closed successfully. Value: "Sesión cerrada correctamente."
Example request
curl -X POST http://localhost:8000/api/auth/logout \
  -H "Accept: application/json" \
  -H "Authorization: Bearer 2|xYzAbCdEfGhIjKlMnOpQrStUvWxYz9876543210"
Example response (200)
{
  "message": "Sesión cerrada correctamente."
}

Get Authenticated User

GET /api/auth/me Returns the currently authenticated user with the role relation eager-loaded.
This endpoint requires authentication. Include your bearer token in the Authorization header.
Authentication: Required (auth:sanctum).

Response — 200 OK

id
integer
The user’s ID.
name
string
The user’s display name.
email
string
The user’s email address.
role_id
integer
The foreign key referencing the user’s role.
push_token
string | null
Device push-notification token, if registered.
role
object
The user’s role resource, loaded via the BelongsTo relation.
created_at
string
ISO 8601 account creation timestamp.
updated_at
string
ISO 8601 last-update timestamp.
Example request
curl -X GET http://localhost:8000/api/auth/me \
  -H "Accept: application/json" \
  -H "Authorization: Bearer 2|xYzAbCdEfGhIjKlMnOpQrStUvWxYz9876543210"
Example response (200)
{
  "id": 42,
  "name": "Ada Lovelace",
  "email": "ada@example.com",
  "role_id": 2,
  "push_token": null,
  "role": {
    "id": 2,
    "name": "user"
  },
  "created_at": "2026-05-15T10:30:00.000000Z",
  "updated_at": "2026-05-15T10:30:00.000000Z"
}

Forgot Password

POST /api/auth/forgot-password Accepts an email address and, if an account with that address exists, generates a password-reset token stored in remember_token. The endpoint always returns 200 OK regardless of whether the email is registered.
To prevent user enumeration, the response is identical whether or not the provided email is associated with an account. No reset email is sent in the current implementation — the endpoint acknowledges the request only.
Authentication: Not required.

Request body

email
string
required
The email address for which to request a password reset. Must be a valid email format.

Response — 200 OK

message
string
A fixed acknowledgement message returned regardless of whether the email exists. Value: "Si el correo está registrado, recibirás instrucciones en breve."
Example request
curl -X POST http://localhost:8000/api/auth/forgot-password \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "email": "ada@example.com"
  }'
Example response (200)
{
  "message": "Si el correo está registrado, recibirás instrucciones en breve."
}

Build docs developers (and LLMs) love