CareerTrack returns consistent JSON error responses for every failure scenario — whether that is a missing required field, an expired token, or a resource that does not exist. All responses use theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/ericcobasdev/careertrack-api/llms.txt
Use this file to discover all available pages before exploring further.
application/json content type, so clients never need to parse HTML error pages. This guide documents every status code the API uses, the exact response shapes, and the validation rules enforced on job application requests.
HTTP Status Codes
The following table covers every HTTP status code that CareerTrack endpoints can return:| Status Code | Meaning | When It Occurs |
|---|---|---|
200 OK | Success | Successful GET or PUT/PATCH request |
201 Created | Resource created | Successful POST that creates a new resource |
204 No Content | Resource deleted | Successful DELETE — response body is empty |
401 Unauthorized | Authentication required | Request is missing a token or the token is invalid/expired |
403 Forbidden | Access denied | The authenticated user is not allowed to perform the action |
404 Not Found | Resource missing | The requested resource does not exist |
422 Unprocessable Entity | Validation failure | One or more request fields failed validation rules |
500 Internal Server Error | Server error | An unexpected exception occurred on the server |
Validation Errors (422)
When a request fails validation, Laravel returns a422 Unprocessable Entity response. The body always contains a top-level message string (a human-readable summary of the first failure) and an errors object that maps each failing field name to an array of error strings.
The following example shows the response when both company_name and position_title are omitted from a create application request:
errors. Fields that pass are omitted from the object entirely.
Authentication Errors (401)
Requests to protected endpoints without a valid Sanctum bearer token receive a401 Unauthorized response:
POST /api/auth/login in the Authorization header of every subsequent request:
Login Credential Errors
When a client callsPOST /api/auth/login with an email or password that does not match any account, the API returns a 422 response with a field-level error on email:
Form Request Validation Rules
CareerTrack enforces input validation using two Laravel Form Request classes:StoreJobApplicationRequest— applied toPOST /api/applicationsUpdateJobApplicationRequest— applied toPUT /api/applications/{id}andPATCH /api/applications/{id}
| Field | Required on Create | Required on Update | Rules |
|---|---|---|---|
company_name | ✅ Yes | No (optional) | string, max 255 characters |
position_title | ✅ Yes | No (optional) | string, max 255 characters |
status | No | No | One of: applied, interview, offer, rejected |
source | No | No | string, max 255 characters |
source_url | No | No | Valid URL, max 255 characters |
salary_min | No | No | integer, min value 0 |
salary_max | No | No | integer, min value 0 |
location | No | No | string, max 255 characters |
notes | No | No | string, no length limit |
applied_at | No | No | Valid date (e.g., 2026-04-05) |
next_step_at | No | No | Valid date |
sometimes — meaning the rule only runs if the field is present in the request body. You may send a partial payload and only the included fields will be validated and updated.