Skip to main content

Overview

The Ecom API uses Laravel Sanctum for authentication. After successful login or signup, you’ll receive an access token that must be included in subsequent API requests.

Authentication Flow

  1. User signs up or logs in
  2. API returns an access token
  3. Include token in Authorization header for protected endpoints

Register User

Request

name
string
required
User’s full name
email_or_phone
string
required
Email address or phone number (based on register_by)
register_by
string
required
Registration method: email or phone
password
string
required
Password (minimum 6 characters)
password_confirmation
string
required
Password confirmation (must match password)
g-recaptcha-response
string
reCAPTCHA response (if enabled)

Response

result
boolean
Success status
message
string
Success or error message
access_token
string
Bearer token for authentication
token_type
string
Token type (always “Bearer”)
user
object
User information

Example

curl -X POST https://your-domain.com/api/v2/auth/signup \
  -H "Content-Type: application/json" \
  -d '{
    "name": "John Doe",
    "email_or_phone": "[email protected]",
    "register_by": "email",
    "password": "password123",
    "password_confirmation": "password123"
  }'

Login

Request

email
string
required
Email address or phone number
password
string
required
User password
login_by
string
required
Login method: email or phone
user_type
string
User type: customer, seller, or delivery_boy
identity_matrix
string
Identity verification matrix

Response

Same structure as signup response.

Example

curl -X POST https://your-domain.com/api/v2/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "password123",
    "login_by": "email"
  }'

Social Login

Request

social_provider
string
required
Provider name: facebook, google, twitter, or apple
access_token
string
required
Access token from social provider
secret_token
string
Secret token (required for Twitter)
provider
string
required
Provider ID

Get User Info

Example

curl -X GET https://your-domain.com/api/v2/auth/user \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Logout

Response

{
  "result": true,
  "message": "Successfully logged out"
}

Email Verification

Resend Verification Code

Confirm Verification Code

verification_code
string
required
6-digit verification code

Password Reset

Request Password Reset

Confirm Reset

Resend Reset Code

Account Deletion

This action is irreversible and will delete all user data including cart items and customer products.

Get User by Access Token

access_token
string
required
User’s access token

Using the Access Token

Include the access token in the Authorization header for all protected endpoints: 
Authorization: Bearer YOUR_ACCESS_TOKEN
Example: 
curl -X GET https://your-domain.com/api/v2/cart-summary \
  -H "Authorization: Bearer 1|abc123def456..."

Build docs developers (and LLMs) love

Get started for freeTalk to us