The authentication endpoint requires username and password as a JSON payload. If username and password is validated the API will respond with a token, which you can use subsequentely as an access token for the other endpoints.

The token is valid for 24 hours.

Too many failed login attempts will be tracked and result in a lockout.

Method URI Headers
POST /api/auth Content-Type: application/json

Data Params

    "username" : "string|required",
    "password" : "string|required"

{success} Success Response

Code 200


   "expires_at" : "integer|timestamp",
   "token"      : "string|token"

{danger} Error Response

Code 401|422


    "errors": {
        "result": [
        "username": [
    "message": "Invalid username or password.",
    "status_code": 422