REST API reference — all responses are JSON.
Authenticate a user and receive a Sanctum bearer token. Accepts either username or email.
| Field | Type | Required | Notes |
|---|---|---|---|
username |
string | optional* | Required if email is omitted |
email |
string | optional* | Required if username is omitted |
password |
string | required |
POST /api/auth/login
Content-Type: application/json
{
"username": "emilys",
"password": "emilyspass"
}
{
"id": 1,
"username": "Emily Smith",
"email": "emily.smith@example.com",
"firstName": "Emily",
"lastName": "Smith",
"role": "admin",
"token": "1|abc123..."
}
Register a new user account. Returns the created user without a token.
| Field | Type | Required | Notes |
|---|---|---|---|
firstName |
string | required | max 255 chars |
lastName |
string | required | max 255 chars |
email |
string | required | must be unique |
password |
string | required | min 6 chars |
{
"id": 42,
"username": "Jane Doe",
"email": "jane.doe@example.com",
"firstName": "Jane",
"lastName": "Doe",
"role": "user"
}
Returns the currently authenticated user's profile.
| Header | Value |
|---|---|
Authorization |
Bearer <token> |
{
"id": 1,
"username": "Emily Smith",
"email": "emily.smith@example.com",
"firstName": "Emily",
"lastName": "Smith",
"role": "admin"
}
Revokes the current bearer token (logs the user out).
| Header | Value |
|---|---|
Authorization |
Bearer <token> |
{
"message": "Logged out successfully."
}
Returns a paginated list of products. Supports full-text search and offset pagination.
| Parameter | Type | Default | Description |
|---|---|---|---|
limit |
integer | 30 | Number of products to return |
skip |
integer | 0 | Number of products to skip (offset) |
q |
string | — | Search term matched against title and description |
GET /api/products?limit=10&skip=0&q=laptop
{
"products": [
{
"id": 1,
"title": "Laptop Pro",
"description": "High-performance laptop",
"category": "laptops",
"price": 999.99,
"discountPercentage": 10,
"rating": 4.5,
"stock": 25,
"brand": "TechBrand",
"thumbnail": "https://example.com/thumb.jpg",
"images": ["https://example.com/img1.jpg"]
}
],
"total": 1,
"skip": 0,
"limit": 10
}
Returns a single product by its ID.
| Parameter | Type | Description |
|---|---|---|
id |
integer | Product ID |
GET /api/products/1
{
"id": 1,
"title": "Laptop Pro",
"description": "High-performance laptop",
"category": "laptops",
"price": 999.99,
"discountPercentage": 10,
"rating": 4.5,
"stock": 25,
"brand": "TechBrand",
"thumbnail": "https://example.com/thumb.jpg",
"images": ["https://example.com/img1.jpg"]
}
Creates a new product. Requires a valid admin bearer token.
| Header | Value |
|---|---|
Authorization |
Bearer <admin-token> |
Content-Type |
application/json |
| Field | Type | Required | Notes |
|---|---|---|---|
title |
string | required | max 255 chars |
description |
string | required | |
category |
string | required | max 100 chars |
price |
number | required | min 0 |
thumbnail |
string | required | URL string |
discountPercentage |
number | optional | 0–100 |
rating |
number | optional | 0–5 |
stock |
integer | optional | min 0 |
brand |
string | optional | max 100 chars |
images |
array | optional | array of URL strings |
{
"id": 101,
"title": "New Product",
"category": "electronics",
"price": 49.99,
...
}
Updates an existing product. Only included fields are changed.
| Parameter | Type | Description |
|---|---|---|
id |
integer | Product ID to update |
| Field | Type | Notes |
|---|---|---|
title |
string | max 255 chars |
description |
string | |
category |
string | max 100 chars |
price |
number | min 0 |
thumbnail |
string | URL string |
discountPercentage |
number | 0–100 |
rating |
number | 0–5 |
stock |
integer | min 0 |
brand |
string | max 100 chars |
images |
array | array of URL strings |
{
"id": 1,
"title": "Updated Title",
"price": 79.99,
...
}
Permanently deletes the specified product.
| Parameter | Type | Description |
|---|---|---|
id |
integer | Product ID to delete |
{
"isDeleted": true,
"id": 1,
"deletedOn": "2026-03-22T12:00:00.000000Z"
}