# Super Admin Login API ## POST /api/admin/login Authenticate super admin and receive access token. ### Request **Headers:** ``` Content-Type: application/json ``` **Body:** ```json { "email": "admin@faceplatform.com", "password": "admin123" } ``` ### Success Response (200) ```json { "token": "1|XnT6VUl5ipL9bv7IHTpY2kCTCA5qrL5oQQRMCMiA14019818" } ``` ### Error Responses **401 Unauthorized - Invalid Credentials** ```json { "error": "Invalid credentials" } ``` **401 Unauthorized - Inactive Admin** ```json { "error": "Invalid credentials" } ``` **422 Validation Error** ```json { "message": "The email field is required.", "errors": { "email": ["The email field is required."] } } ``` ## Authentication Flow 1. Admin submits email and password 2. System validates input 3. System checks `admin_users` table 4. System verifies `is_active = true` 5. System verifies password using `Hash::check()` 6. System generates Sanctum token with 'admin' scope 7. System returns token ## Token Details - **Type:** Laravel Sanctum Personal Access Token - **Scope:** `admin` - **Format:** `{id}|{token}` - **Storage:** `personal_access_tokens` table ## Using the Token Include token in subsequent requests: ```bash curl -X GET http://127.0.0.1:8888/api/admin/protected \ -H "Authorization: Bearer 1|XnT6VUl5ipL9bv7IHTpY2kCTCA5qrL5oQQRMCMiA14019818" ``` ## Testing ### Valid Login ```bash curl -X POST http://127.0.0.1:8888/api/admin/login \ -H "Content-Type: application/json" \ -d '{ "email": "admin@faceplatform.com", "password": "admin123" }' ``` **Response:** ```json { "token": "1|XnT6VUl5ipL9bv7IHTpY2kCTCA5qrL5oQQRMCMiA14019818" } ``` ### Invalid Password ```bash curl -X POST http://127.0.0.1:8888/api/admin/login \ -H "Content-Type: application/json" \ -d '{ "email": "admin@faceplatform.com", "password": "wrongpassword" }' ``` **Response:** ```json { "error": "Invalid credentials" } ``` ### Invalid Email ```bash curl -X POST http://127.0.0.1:8888/api/admin/login \ -H "Content-Type: application/json" \ -d '{ "email": "notfound@example.com", "password": "admin123" }' ``` **Response:** ```json { "error": "Invalid credentials" } ``` ## Security Features ✅ **Password Hashing** - Passwords stored using bcrypt - Verified with `Hash::check()` ✅ **Active Status Check** - Only active admins can login - Inactive admins rejected with same error message ✅ **No Password Exposure** - Password never returned in responses - Hidden in AdminUser model ✅ **Token Scoping** - Tokens have 'admin' scope - Can be used for role-based access control ## Default Admin Credentials ``` Email: admin@faceplatform.com Password: admin123 ``` **⚠️ Change this password in production!** ## Postman Example **Method:** POST **URL:** `http://127.0.0.1:8888/api/admin/login` **Headers:** ``` Content-Type: application/json ``` **Body (raw JSON):** ```json { "email": "admin@faceplatform.com", "password": "admin123" } ``` **Save the token from response for authenticated requests!** ## Implementation Details **Controller:** `app/Http/Controllers/Api/Admin/AuthController.php` **Model:** `app/Models/AdminUser.php` (with `HasApiTokens` trait) **Route:** `routes/api.php` **Sanctum Configuration:** - Config: `config/sanctum.php` - Migration: `create_personal_access_tokens_table`