Login

curl --request POST \
  --url https://api.example.com/api/v1/auth/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "<string>",
  "phone": "<string>",
  "password": "<string>"
}
'

{
  "status": 123,
  "data": {
    "token": "<string>",
    "token_type": "<string>",
    "user": {
      "id": 123,
      "name": "<string>",
      "email": "<string>",
      "roles": [
        {
          "id": 123,
          "name": "<string>"
        }
      ],
      "permissions": [
        {
          "id": 123,
          "name": "<string>"
        }
      ]
    }
  }
}

POST

api

auth

curl --request POST \
  --url https://api.example.com/api/v1/auth/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "<string>",
  "phone": "<string>",
  "password": "<string>"
}
'

{
  "status": 123,
  "data": {
    "token": "<string>",
    "token_type": "<string>",
    "user": {
      "id": 123,
      "name": "<string>",
      "email": "<string>",
      "roles": [
        {
          "id": 123,
          "name": "<string>"
        }
      ],
      "permissions": [
        {
          "id": 123,
          "name": "<string>"
        }
      ]
    }
  }
}

Authentication

This endpoint does not require authentication.

Request Body

string

User’s email address. Required if phone is not provided.Validation: Must be a valid email format.Example: [email protected]

phone

string

User’s phone number. Required if email is not provided.Validation: Maximum 20 characters.Example: +525512345678

password

string

required

User’s password.Validation: Required string.Example: password123

You must provide either email or phone, but not both. The system will authenticate using whichever identifier is provided.

Response

status

integer

HTTP status code (200 for success)

data

object

Show data properties

token

string

OAuth2 access token for authenticating subsequent requestsExample: eyJ0eXAiOiJKV1QiLCJhbGc...

token_type

string

Token type, always “Bearer”

user

object

Show user properties

integer

User’s unique identifier

name

string

User’s full name

string

User’s email address

roles

array

Array of role objects assigned to the user

Show role object

integer

Role ID

name

string

Role name (e.g., “admin”, “super-admin”)

permissions

array

Array of permission objects assigned to the user

Show permission object

integer

Permission ID

name

string

Permission name (e.g., “view-items”, “create-inventory”)

Success Response Example

{
  "status": 200,
  "data": {
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiIxIiwianRpIjoiYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoiLCJpYXQiOjE3MDk4NTYwMDAsIm5iZiI6MTcwOTg1NjAwMCwiZXhwIjoxNzQxMzkyMDAwLCJzdWIiOiIxIiwic2NvcGVzIjpbXX0...",
    "token_type": "Bearer",
    "user": {
      "id": 1,
      "name": "John Doe",
      "email": "[email protected]",
      "roles": [
        {
          "id": 1,
          "name": "admin"
        }
      ],
      "permissions": [
        {
          "id": 5,
          "name": "view-items"
        },
        {
          "id": 12,
          "name": "create-inventory"
        }
      ]
    }
  }
}

Error Responses

Show 422 Unprocessable Entity - Invalid Credentials

{
  "message": "The provided credentials are incorrect.",
  "errors": {
    "email": [
      "The provided credentials are incorrect."
    ]
  }
}

Or when using phone:

{
  "message": "The provided credentials are incorrect.",
  "errors": {
    "phone": [
      "The provided credentials are incorrect."
    ]
  }
}

Show 422 Unprocessable Entity - Validation Error

{
  "message": "The given data was invalid.",
  "errors": {
    "email": [
      "Email is required when phone is not provided."
    ],
    "password": [
      "The password field is required."
    ]
  }
}

Show 500 Internal Server Error

{
  "status": 500,
  "message": "An unexpected error occurred"
}

Code Examples

curl -X POST https://api.sushigo.local/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "password123"
  }'

Usage Notes

Store the returned token securely (e.g., in localStorage or a secure cookie)
Include the token in subsequent API requests using the Authorization: Bearer {token} header
The token does not expire automatically but can be revoked via the logout endpoint
User roles and permissions are included in the response for client-side authorization checks

Logout

⌘I

Build docs developers (and LLMs) love

Get started for free Talk to us

Authentication

Inventory

Cash Operations

Employees

Operating Units

Authentication

Request Body

Response

Success Response Example

Error Responses

Code Examples

Usage Notes

Build docs developers (and LLMs) love

Authentication

Inventory

Cash Operations

Employees

Operating Units

​Authentication

​Request Body

​Response

​Success Response Example

​Error Responses

​Code Examples

​Usage Notes

Build docs developers (and LLMs) love

Authentication

Request Body

Response

Success Response Example

Error Responses

Code Examples

Usage Notes