This method is made available for mod authors to * incorporate into their mods so that users can easily authenticate using their own API token. For typical API use, * you should log into the website, create an API token, and use that token for your API requests. * * @unauthenticated * * @group Authentication */ #[BodyParam('token_name', 'string', 'The name of the API token.', required: false, example: 'Dynamic API Token')] #[Response(['message' => 'authenticated', 'data' => ['token' => 'YOUR_API_KEY'], 'status' => 200], status: 200, description: 'Authenticated successfully')] #[Response(['message' => 'invalid credentials', 'status' => 401], status: 401, description: 'Invalid credentials')] #[ResponseField('token', description: 'The newly created read-only API token to use for future authenticated requests.')] public function login(LoginUserRequest $request): JsonResponse { $request->validated($request->all()); if (! Auth::attempt($request->only('email', 'password'))) { return $this->error(__('invalid credentials'), 401); } $user = User::firstWhere('email', $request->email); $tokenName = $request->token_name ?? __('Dynamic API Token'); return $this->success(__('authenticated'), [ // Only allowing the 'read' scope to be dynamically created. Can revisit later when writes are possible. 'token' => $user->createToken($tokenName, ['read'])->plainTextToken, ]); } /** * Logout * * Destroys the user's current API token, effectively logging them out. * * @group Authentication */ #[Response(['message' => 'success', 'status' => 200], status: 200, description: 'Token destroyed successfully')] public function logout(Request $request): JsonResponse { /** @var PersonalAccessToken $token */ $token = $request->user()->currentAccessToken(); $token->delete(); return $this->success(__('success')); } /** * Logout All * * Destroys all the user's API tokens, effectively logging everyone out of the account. * * @group Authentication */ #[Response(['message' => 'success', 'status' => 200], status: 200, description: 'Tokens destroyed successfully')] public function logoutAll(Request $request): JsonResponse { $request->user()->tokens()->delete(); return $this->success(__('success')); } }