Skip to main content

API Authentication

Complete guide to authenticating with the Netasampark API.

Overview

The Netasampark API uses Bearer token authentication via Laravel Sanctum. All protected endpoints require a valid authentication token in the request headers.

Getting an Access Token

Login Endpoint

POST /api/auth/login
Content-Type: application/json

{
  "email": "user@example.com",
  "password": "SecurePassword123!"
}

Success Response (200):

{
  "success": true,
  "message": "Login successful",
  "data": {
    "user": {
      "id": 1,
      "name": "John Doe",
      "email": "user@example.com",
      "role": "politician"
    },
    "access_token": "1|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "token_type": "Bearer",
    "credits": {
      "sms_credits": 1000,
      "whatsapp_credits": 500,
      "email_credits": 2000
    }
  }
}

Error Response (401):

{
  "success": false,
  "error_code": "unauthorized",
  "message": "Invalid credentials"
}

Using the Token

Include the token in the Authorization header:

Authorization: Bearer 1|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Example Request

curl -X GET https://api.netasampark.com/api/user \
  -H "Authorization: Bearer 1|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json"

JavaScript Example

const token = '1|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

fetch('https://api.netasampark.com/api/user', {
  method: 'GET',
  headers: {
    'Authorization': `Bearer ${token}`,
    'Content-Type': 'application/json'
  }
})
.then(response => response.json())
.then(data => console.log(data));

Token Expiration

Tokens do not expire by default but can be revoked. To implement token expiration:

  1. Configure token expiration in Laravel Sanctum
  2. Implement refresh token mechanism
  3. Handle token expiration errors

Logout

Revoke the current token:

POST /api/auth/logout
Authorization: Bearer {token}

Response:

{
  "success": true,
  "message": "Logged out successfully"
}

OTP Authentication

Alternative authentication method using OTP:

Send OTP

POST /api/auth/send-otp
Content-Type: application/json

{
  "phone": "+919876543210"
}

Verify OTP

POST /api/auth/verify-otp
Content-Type: application/json

{
  "phone": "+919876543210",
  "otp": "123456"
}

Security Best Practices

  1. Store tokens securely - Never expose in client-side code
  2. Use HTTPS - Always use HTTPS in production
  3. Handle expiration - Implement token refresh logic
  4. Revoke on logout - Always revoke tokens on logout
  5. Rate limiting - Respect API rate limits

Error Handling

401 Unauthorized

Token is missing, invalid, or expired.

Response:

{
  "success": false,
  "error_code": "unauthorized",
  "message": "Authentication required to access this resource."
}

403 Forbidden

Token is valid but user lacks permissions.

Response:

{
  "success": false,
  "error_code": "forbidden",
  "message": "You do not have permission to perform this action."
}

Next Steps

Need help? Check the API Examples or Contact Support