Cole uses Laravel Sanctum for API token authentication. Every authenticated request must include anDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/iamalexis689725/cole/llms.txt
Use this file to discover all available pages before exploring further.
Authorization: Bearer <token> header. Tokens are plain-text strings returned on registration and login. Cole enforces token rotation on login — all existing tokens for the user are deleted before a new one is issued, ensuring only one active session per user at a time.
POST /api/auth/register
Creates a new user account, assigns the specified role, and returns an API token. This endpoint is unauthenticated and is primarily used when you need to manually provision asuper-admin account. All other user types (directors, professors, students, parents) are created through their respective resource endpoints.
The
role value must already exist in the roles table. Valid roles are super-admin, director, profesor, estudiante, and padre. Attempting to register with an unknown role name returns a 422 validation error.Request body
Full display name of the user. Maximum 255 characters.
Email address. Must be unique across all users. Used as the login credential.
Plain-text password. Minimum 6 characters. Stored as a bcrypt hash.
Role to assign to the new user. Must match an existing role name in the
roles table. Example: "super-admin".Response 201 Created
Human-readable confirmation. Example:
"Usuario registrado correctamente".The newly created user record.
List of role names assigned to the user. Example:
["super-admin"].Plain-text Sanctum API token. Include this as
Authorization: Bearer <token> on subsequent requests.Example
POST /api/auth/login
Authenticates a user by email and password. All existing tokens for the user are deleted before a new token is issued — this means logging in invalidates any previous session tokens.Request body
The registered email address of the user.
The user’s password in plain text.
Response 200 OK
Confirmation string. Example:
"Login exitoso".The authenticated user record (same shape as registration response).
All roles assigned to the user.
Fresh plain-text API token. Use this for all subsequent authenticated requests.
Error 422 Unprocessable Entity
Returned when credentials do not match any user.
Example
POST /api/auth/logout
Revokes the current access token used in the request. Only the token included in theAuthorization header is deleted — no other tokens belonging to the user are affected.
Authentication required: Authorization: Bearer <token>
Response 200 OK
Confirmation string. Example:
"Logout correcto".Example
GET /api/auth/me
Returns the profile and roles of the currently authenticated user. Useful for bootstrapping a client session after login or verifying token validity. Authentication required:Authorization: Bearer <token>
Response 200 OK
The authenticated user record.
All roles currently assigned to the user.