Skip to main content
POST
/
auth
/
login
Login
curl --request POST \
  --url https://api.example.com/auth/login
{
  "success": true,
  "message": "<string>",
  "data": {
    "user": {
      "id": 123,
      "role": "<string>",
      "name": "<string>",
      "email": "<string>",
      "phone": "<string>"
    },
    "token": "<string>",
    "expires_in": 123
  }
}

Endpoint

POST /auth/login
Authenticate a user with email and password credentials. Returns a JWT token on successful authentication.
This endpoint does not require authentication (unauthenticated).

Request Body

email
string
required
User’s email address. Must be a valid email format.Validation: required|string|email
password
string
required
User’s password. Minimum 8 characters.Validation: required|min:8

Response

success
boolean
required
Indicates if the request was successful
message
string
required
Human-readable success message
data
object
required
Contains user information and authentication token

Code Examples

curl -X POST "https://api.servitech.com/auth/login" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePass123"
  }'

Success Response

HTTP Status: 200 OK 
{
  "success": true,
  "message": "User logged in successfully",
  "data": {
    "user": {
      "id": 1,
      "role": "USER",
      "name": "John Doe",
      "email": "[email protected]",
      "phone": "+1234567890"
    },
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FwaS5zZXJ2aXRlY2guY29tIiwiaWF0IjoxNzA5OTEzNjAwLCJleHAiOjE3MDk5MTcyMDAsIm5iZiI6MTcwOTkxMzYwMCwianRpIjoiYTdiM2M5ZDFlNWYyIiwic3ViIjoxLCJwcnYiOiI4N2UwYWYxZTk1ODQzZjlhOGU3MTVjYzc3MTQzZjBhMGM3Yzk2Mjg3In0.rTCH9wnjKYY6F_xt0a5nNjPh2V_TkKJvZz9_xOqN1Yk",
    "expires_in": 3600
  }
}

Error Responses

Validation Error

HTTP Status: 422 Unprocessable Entity Returned when request data fails validation. 
{
  "success": false,
  "message": "The given data was invalid.",
  "errors": {
    "email": [
      "The email field is required."
    ],
    "password": [
      "The password must be at least 8 characters."
    ]
  }
}

User Not Found

HTTP Status: 400 Bad Request Returned when the email doesn’t exist in the database. Source: AuthController.php:83-88 
{
  "success": false,
  "message": "We can't find a user with that email address.",
  "errors": {
    "email": "We can't find a user with that email address."
  }
}

Invalid Password

HTTP Status: 401 Unauthorized Returned when the password is incorrect for the given email. Source: AuthController.php:94-98 
{
  "success": false,
  "message": "These credentials do not match our records.",
  "errors": {
    "password": "These credentials do not match our records."
  }
}

Implementation Details

The login process follows these steps (from AuthController.php:63-117):
  1. Validate Request - Validates email format and password length
  2. Attempt Authentication - Uses auth()->attempt($credentials) to verify credentials
  3. Check User Exists - If authentication fails, checks if user exists
  4. Return Appropriate Error - Returns specific error for user not found or invalid password
  5. Generate Token - On success, generates JWT token and calculates expiration
  6. Return Response - Returns user data, token, and expiration time
The API differentiates between “user not found” (400) and “invalid password” (401) errors. This could potentially be used for user enumeration. Consider returning a generic error message in production.

Using the Token

After successful login, include the JWT token in subsequent requests: 
Authorization: Bearer {token}
Example: 
curl -X GET "https://api.servitech.com/user/profile" \
  -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." \
  -H "Accept: application/json"

Logout

Endpoint

POST /auth/logout
Invalidate the current JWT token and log out the user.
This endpoint requires authentication. Include your JWT token in the Authorization header.

Request Headers

Authorization: Bearer {your-jwt-token}
Accept: application/json

Code Examples

curl -X POST "https://api.servitech.com/auth/logout" \
  -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." \
  -H "Accept: application/json"

Success Response

HTTP Status: 200 OK 
{
  "success": true,
  "message": "User logged out successfully"
}

Error Responses

Not Authenticated

HTTP Status: 401 Unauthorized Returned when no valid token is provided. 
{
  "success": false,
  "message": "Unauthenticated."
}

Already Logged Out

HTTP Status: 401 Unauthorized Returned when the user is already logged out. Source: AuthController.php:269-272 
{
  "success": false,
  "message": "User already logged out"
}

Implementation Details

The logout process (from AuthController.php:264-283):
  1. Check Authentication - Verifies user is currently authenticated
  2. Invalidate Token - Calls auth()->logout() to blacklist the token
  3. Return Success - Returns confirmation message
After logout, the token is added to the blacklist and cannot be reused. You must login again to receive a new token.

Register

Create a new user account

Password Reset

Reset forgotten password

JWT Tokens

Learn about token management

Build docs developers (and LLMs) love

Get started for freeTalk to us