Authentication is handled via Laravel Sanctum and uses opaque bearer tokens. On a successful register or login the API returns a plain-text token that must be included in theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/astrxnomo/tourify/llms.txt
Use this file to discover all available pages before exploring further.
Authorization: Bearer <token> header for every protected request.
Register
POST/api/auth/register
Creates a new user account and returns the newly created user object together with a Sanctum bearer token. New accounts are assigned the default role (role_id: 2).
Authentication: Not required.
Request body
The user’s display name. Maximum 255 characters.
A valid, unique email address. Must not already exist in the
users table.Plain-text password. Minimum 8 characters. Must match
password_confirmation.Must be identical to
password. Used for server-side confirmation; not stored.Response — 201 Created
The newly created user resource.
Plain-text Sanctum bearer token. Store this securely on the client and include it in subsequent authenticated requests as
Authorization: Bearer <token>.Example request
Example response (201)
Login
POST/api/auth/login
Validates credentials and returns the authenticated user along with a fresh Sanctum bearer token.
Authentication: Not required.
Request body
The email address of the registered account.
The plain-text password for the account.
Response — 200 OK
The authenticated user resource (same shape as the register response).
Plain-text Sanctum bearer token for subsequent authenticated requests.
Example request
Example response (200)
Example response (422)
Logout
POST/api/auth/logout
Deletes the bearer token that was used to make this request, effectively ending the current session. Other active tokens belonging to the same user are not affected.
This endpoint requires authentication. Include your bearer token in the
Authorization header.auth:sanctum).
Response — 200 OK
A confirmation message indicating the session was closed successfully. Value:
"Sesión cerrada correctamente."Example request
Example response (200)
Get Authenticated User
GET/api/auth/me
Returns the currently authenticated user with the role relation eager-loaded.
This endpoint requires authentication. Include your bearer token in the
Authorization header.auth:sanctum).
Response — 200 OK
The user’s ID.
The user’s display name.
The user’s email address.
The foreign key referencing the user’s role.
Device push-notification token, if registered.
The user’s role resource, loaded via the
BelongsTo relation.ISO 8601 account creation timestamp.
ISO 8601 last-update timestamp.
Example request
Example response (200)
Forgot Password
POST/api/auth/forgot-password
Accepts an email address and, if an account with that address exists, generates a password-reset token stored in remember_token. The endpoint always returns 200 OK regardless of whether the email is registered.
To prevent user enumeration, the response is identical whether or not the provided email is associated with an account. No reset email is sent in the current implementation — the endpoint acknowledges the request only.
Request body
The email address for which to request a password reset. Must be a valid email format.
Response — 200 OK
A fixed acknowledgement message returned regardless of whether the email exists. Value:
"Si el correo está registrado, recibirás instrucciones en breve."Example request
Example response (200)