Overview GIMA uses Laravel Sanctum for API authentication with token-based access control. All protected endpoints require a Bearer token in the Authorization header.
Authentication Flow
Register a new user
Create a new user account by providing name, email, and password.
Login to get access token
Submit credentials to receive a Bearer token for API access.
Include token in requests
Add the token to the Authorization header for all protected endpoints.
Access profile information
Retrieve your user profile and assigned roles.
Register New User Create a new user account in the GIMA system.
Endpoint POST /api/autenticacion/registrar
Request Body Full name of the user (max 255 characters)
Valid email address (must be unique in the system)
Password (minimum 8 characters)
Must match the password field
Example Request curl -X POST http://127.0.0.1:8000/api/autenticacion/registrar \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -d '{ "name": "Usuario Prueba", "email": "[email protected] ", "password": "secret123", "password_confirmation": "secret123" }'
Response 201 Created
422 Validation Error
{ "estado" : "exito" , "mensaje" : "Usuario registrado correctamente" , "data" : { "usuario" : "Usuario Prueba" , "email" : "[email protected] " } }
Newly registered users have no roles assigned by default. An administrator must assign roles (admin, tecnico, supervisor, reporter) through the role management system.
Login Authenticate with your credentials to receive an access token.
Endpoint POST /api/autenticacion/iniciar-sesion
Request Body Example Request curl -X POST http://127.0.0.1:8000/api/autenticacion/iniciar-sesion \ -H "Content-Type: application/json" \ -H "Accept: application/json" \ -d '{ "email": "[email protected] ", "password": "12345678" }'
Response 200 Success
401 Unauthorized
{ "estado" : "exito" , "mensaje" : "Login correcto" , "data" : { "usuario" : "Admin User" , "roles" : [ "admin" ], "token" : "1|abcdefghijklmnopqrstuvwxyz1234567890" } }
Store the access token securely. It provides full access to your account and should never be exposed in client-side code or version control.
Get User Profile Retrieve the authenticated user’s profile information and assigned roles.
Endpoint GET /api/autenticacion/perfil
Bearer token obtained from login Format: Bearer {token}
Example Request curl -X GET http://127.0.0.1:8000/api/autenticacion/perfil \ -H "Authorization: Bearer 1|abcdefghijklmnopqrstuvwxyz1234567890" \ -H "Accept: application/json"
Response { "estado" : "exito" , "data" : { "id" : 1 , "name" : "Admin User" , "email" : "[email protected] " , "email_verified_at" : null , "created_at" : "2024-01-15T10:30:00.000000Z" , "updated_at" : "2024-01-15T10:30:00.000000Z" }, "roles_asignados" : [ "admin" ] }
User Roles GIMA implements role-based access control with the following roles:
Available Roles Admin
Técnico
Supervisor
Reporter
Role: admin Permissions: - Full system access - User management - Role assignment - Access to all protected routes - Dashboard: /api/admin/dashboard
A user can have multiple roles. For example, a user with both tecnico and supervisor roles has combined permissions from both.
Protected Routes Example Here’s how to access role-protected endpoints:
Admin Dashboard
Technical Zone
Supervision Zone
Reports Zone
# Requires: admin role curl -X GET http://127.0.0.1:8000/api/admin/dashboard \ -H "Authorization: Bearer {admin_token}" \ -H "Accept: application/json" # Response 200: # {"mensaje": "Hola Admin, tienes control total."} # Response 403 (if not admin): # {"message": "Unauthorized"}
Error Codes Status Code Description 200 Success - Request completed successfully 201 Created - New user registered 401 Unauthorized - Invalid credentials or missing token 403 Forbidden - User lacks required role permissions 422 Validation Error - Invalid input data
Best Practices
Secure token storage
Store tokens securely using HttpOnly cookies or secure storage mechanisms. Never expose tokens in URLs or client-side JavaScript.
Handle token expiration
Implement token refresh logic or prompt users to re-authenticate when tokens expire.
Use HTTPS in production
Always use HTTPS in production to encrypt authentication credentials and tokens in transit.
Implement proper error handling
Handle 401 and 403 errors gracefully by redirecting to login or showing appropriate error messages.
