Authentication API — Login, Logout, and Me Endpoints

The LaraCopilot API uses server-side session authentication. Send credentials to the login endpoint to establish a session, then include the session cookie on all subsequent requests. Endpoints that require authentication return 401 Unauthorized when no valid session exists. The logout endpoint destroys the session, and GET /api/admin/me lets you inspect the currently authenticated user at any time.

Validates the provided credentials and creates a new admin session. Returns the authenticated user’s name, email, and role on success, or a 422 error when credentials do not match.

string

required

The email address of the admin account. Must be a valid email format.

password

string

required

The plaintext password for the account.

message

string

A human-readable status message. Value is "Login successful." on success.

data

object

The authenticated user object.

Show data fields

data.name

string

The display name of the authenticated user, e.g. "Admin User".

data.email

string

The email address of the authenticated user.

data.role

string

The role assigned to the user. One of admin, manager, or supervisor.

Error responses

Status	Condition
`422`	Credentials do not match any known user. Body: `{"message": "Invalid credentials."}`

curl -X POST https://your-instance.laracopilot.com/api/admin/login \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -c cookies.txt \
  -d '{
    "email": "admin@business.com",
    "password": "admin123"
  }'

POST /api/admin/logout

Destroys the current admin session. No request body is required. The endpoint always returns 200 regardless of whether a session was active.

message

string

Confirmation string. Value is "Logged out successfully.".

curl -X POST https://your-instance.laracopilot.com/api/admin/logout \
  -H "Accept: application/json" \
  -b cookies.txt

GET /api/admin/me

Returns the user data stored in the current session. Use this endpoint to verify that a session cookie is still valid or to retrieve the logged-in user’s identity without re-authenticating.

message

string

A human-readable status message. Value is "Authenticated user loaded." on success.

data

object

Session user data.

Show data fields

data.name

string

The display name stored in the session, e.g. "Admin User".

data.email

string

The email address stored in the session.

data.logged_in

boolean

Always true when the session is valid.

Error responses

Status	Condition
`401`	No active session found. Body: `{"message": "Unauthorized."}`

curl https://your-instance.laracopilot.com/api/admin/me \
  -H "Accept: application/json" \
  -b cookies.txt

​POST /api/admin/login

​POST /api/admin/logout

​GET /api/admin/me

POST /api/admin/login

POST /api/admin/logout

GET /api/admin/me