Webkit API (1.0.0)

Authentication

This collection documents API endpoints for user authentication using tokens. The system supports both JSON Web Tokens (JWT), the industry standard for self-contained and verifiable authorization tokens, and Sanctum Opaque Tokens, Laravel's built-in lightweight solution. Both token types require a Bearer token format placed within the Authorization header of requests (format: Authorization: Bearer xyz).

Endpoint Description

This endpoint initiates the process of resending a verification email to a user's registered email address. The verification process is asynchronous, meaning the email delivery and user confirmation may take some time. Note: A successful response from this endpoint only guarantees the email resend request being queued, not immediate delivery.

Authentication

This collection documents API endpoints for user authentication using tokens. The system supports both JSON Web Tokens (JWT), the industry standard for self-contained and verifiable authorization tokens, and Sanctum Opaque Tokens, Laravel's built-in lightweight solution. Both token types require a Bearer token format placed within the Authorization header of requests (format: Authorization: Bearer xyz).

Endpoint Description

Request an Access Token (Login). The type of access token will depend on the route query paramater auth_type

This endpoint issues access tokens for API authorization. The token type (opaque or JWT) depends on the optional auth_type query parameter. By default (or if auth_type is missing), an opaque token using Sanctum is generated. The successful response includes the access token itself, its type, the expiration time, and the optionally the user's details.

Query Parameters

Key	Validation
?auth_type	`sanctum` or `jwt`, optional

Payload

Key	Validation
email	required if mobile_number is not provided unique, valid email format
mobile_number	required if email is not provided unique, valid PH mobile format (ex: +639064748992)
client_name	optional, string
with_user	optional, boolean

Additional Notes

If Multi-Factor Authentication is enabled, this endpoint will return mfa_token, mfa_token_expires_at, and mfa_steps data values instead of auth tokens. Only by completing the activated MFA steps will the auth token be returned

Authentication

This collection documents API endpoints for user authentication using tokens. The system supports both JSON Web Tokens (JWT), the industry standard for self-contained and verifiable authorization tokens, and Sanctum Opaque Tokens, Laravel's built-in lightweight solution. Both token types require a Bearer token format placed within the Authorization header of requests (format: Authorization: Bearer xyz).

Endpoint Description

This endpoint allows users to register for a new account. The type of access token issued upon successful registration depends on the optional auth_type query parameter. By default (or if auth_type is missing), an opaque token using Sanctum is generated. Alternatively, specifying auth_type=jwt in the request will result in a JSON Web Token (JWT) being issued.

Query Parameters

Key	Validation
?auth_type	`sanctum` or `jwt`, optional

Payload

key	validation
email	unique, valid email format
password	string, required
password_confirmation	string, required
first_name	string, required, max length of 255
last_name	string, required, max length of 255
ext_name	string, optional, max length of 255
middle_name	string, optional, max length of 255
mobile_number	unique, optional, valid PH mobile number format (ex. +63 906 474 8221)
telephone_number	optional, valid PH landline format (ex. +63 223 124 245)
sex	optional, `male` or `female`
birthday	optional, Y-m-d format (ex. 1997-01-04), value must be greater than the current date
home_address	optional, string, max lenght of 65,535
city_id	optional, valid ID
province_id	optional, valid ID
barangay_id	optional, valid ID
region_id	optional, valid ID
postal_code	optional, 4 digits
client_name	string, optional

Authentication

This collection documents API endpoints for user authentication using tokens. The system supports both JSON Web Tokens (JWT), the industry standard for self-contained and verifiable authorization tokens, and Sanctum Opaque Tokens, Laravel's built-in lightweight solution. Both token types require a Bearer token format placed within the Authorization header of requests (format: Authorization: Bearer xyz).

Endpoint Description

This endpoint triggers the asynchronous process of sending a password reset email to the user's registered email address. Note: A successful response only confirms the email resend request being queued, not immediate delivery. The email will contain instructions for resetting the password.

Authentication

This collection documents API endpoints for user authentication using tokens. The system supports both JSON Web Tokens (JWT), the industry standard for self-contained and verifiable authorization tokens, and Sanctum Opaque Tokens, Laravel's built-in lightweight solution. Both token types require a Bearer token format placed within the Authorization header of requests (format: Authorization: Bearer xyz).

Endpoint Description

This endpoint allows authenticated users to update their password. Users can submit a new password through this endpoint to enhance their account security. The URL, which includes the required token query paramater, is specified in the email the users will recieve after invoking the Forgot Password endpoint.

Payload

key	validation
token	string, required
email	string, required, valid email format
password	string, required, mixed case + numbers, min of 8, max 100, string
password_confirmation	string, required, matches the password field

Authentication

This collection documents API endpoints for user authentication using tokens. The system supports both JSON Web Tokens (JWT), the industry standard for self-contained and verifiable authorization tokens, and Sanctum Opaque Tokens, Laravel's built-in lightweight solution. Both token types require a Bearer token format placed within the Authorization header of requests (format: Authorization: Bearer xyz).

Authentication/Sanctum

This sub-collection focuses on functionalities specific to Laravel's Sanctum for token-based authentication. It allows secure token invalidation (revoking user access) and introspection (retrieving a list of currently active tokens for a user). These features enhance security and provide users with granular control over their active login mechanisms.

Endpoint Description

This endpoint allows users with valid Sanctum access tokens to revoke their current token, effectively logging them out. This functionality is currently limited to Sanctum tokens; JSON Web Tokens do not currently support individual token invalidation.

Authentication

This collection documents API endpoints for user authentication using tokens. The system supports both JSON Web Tokens (JWT), the industry standard for self-contained and verifiable authorization tokens, and Sanctum Opaque Tokens, Laravel's built-in lightweight solution. Both token types require a Bearer token format placed within the Authorization header of requests (format: Authorization: Bearer xyz).

Authentication/Sanctum

This sub-collection focuses on functionalities specific to Laravel's Sanctum for token-based authorization. It allows secure token invalidation (revoking user access) and introspection (retrieving a list of currently active tokens for a user). These features enhance security and provide users with granular control over their active login mechanisms.

Description

This endpoint allows authorized users to retrieve a list of access tokens currently issued to them. These tokens represent granted access to the system. Users can then manage these tokens (e.g., revoke access) using the "Revoke Access Tokens" endpoint (limited to Sanctum tokens). Note: Users can only see and manage their own tokens.

Authentication

This collection documents API endpoints for user authentication using tokens. The system supports both JSON Web Tokens (JWT), the industry standard for self-contained and verifiable authorization tokens, and Sanctum Opaque Tokens, Laravel's built-in lightweight solution. Both token types require a Bearer token format placed within the Authorization header of requests (format: Authorization: Bearer xyz).

Authentication/Sanctum

This sub-collection focuses on functionalities specific to Laravel's Sanctum for token-based authentication. It allows secure token invalidation (revoking user access) and introspection (retrieving a list of currently active tokens for a user). These features enhance security and provide users with granular control over their active login mechanisms.

Endpoint Description

This endpoint allows authenticated users to revoke access tokens, but only for tokens they themselves own. This functionality is currently limited to Sanctum tokens; JSON Web Tokens tokens do not support individual token invalidation.

Payload

key	validation	description
token_ids	array	array of token ids or "*" to purge everything eg. [1, 2, 3, 4] or ["*"]

Profile

This collection provides API endpoints for authenticated users to access and manage their own profile information. Users can retrieve their profile data, update specific details, change their password, and update their profile picture.

Endpoint Description

Get the profile information of the currently authenticated user

Profile

This collection provides API endpoints for users to access and manage their own profile information. Users can retrieve their profile data, update specific details, change their password, and update their profile picture.

Endpoint Description

This endpoint allows authenticated users to modify their own profile information. Users can submit changes through this endpoint to update their profile data within the system.

Payload

key	validation
email	optional, unique, valid email format
first_name	optional, string, max length of 255
last_name	optional, string, max length of 255
middle_name	optional, string, max length of 255
ext_name	optional, string, max length of 255
mobile_number	optional, mobile, internaltional format ex. +639064647223
telephone_number	optional, fixedLine, international format ex. +63272839123
sex	optional, `male` or `female`
birthday	optional, Y-m-d, date must be before or equal today ex. 1997-01-04
home_address	optional, string, max length of 65,535
barangay_id	optional, valid ID
city_id	optional, valid ID
province_id	optional, valid ID
region_id	optional, valid ID
postal_code	optional, 4 digits
profile_picture_path	optional, valid URL, max length 255

Profile

This collection provides API endpoints for users to access and manage their own profile information. Users can retrieve their profile data, update specific details, change their password, and update their profile picture.

Endpoint Description

This endpoint allows authenticated users to update their password. Users can submit a new password through this endpoint to enhance their account security.

Payload

key	validation
old_password	required, string
password	required, string, mixed case + numbers eg. Password123
password_confirmation	required, same as password

Profile

This collection provides API endpoints for users to access and manage their own profile information. Users can retrieve their profile data, update specific details, change their password, and update their profile picture.

Endpoint Description

This endpoint allows authenticated users to replace their current profile picture with a new image. Users can upload a new image through this endpoint to personalize their profile's visual representation.

Payload

key	validation
photo	Maxed size of 5MB, required, image

Users

This collection provides functionalities for authorized administrators and super users to manage user data within the system. These functionalities include retrieving detailed information about specific users, updating user profiles, creating new user accounts, and soft-deleting users (deactivating accounts while preserving data). Additionally, administrators and super users can search for users by name or email and retrieve paginated user lists for efficient browsing of large datasets.

Endpoint Description

Retrieve detailed information for a specific user by providing their unique identifier. Useful for viewing individual user profiles.

Route Parameters

key	value
api/v1/users/:id	ID of the user

Users

This collection provides functionalities for authorized administrators and super users to manage user data within the system. These functionalities include retrieving detailed information about specific users, updating user profiles, creating new user accounts, and soft-deleting users (deactivating accounts while preserving data). Additionally, administrators and super users can search for users by name or email and retrieve paginated user lists for efficient browsing of large datasets.

Endpoint Description

Modify the profile information of existing users. This allows for managing user data or making updates on their behalf

Parameter

key	value
api/v1/users/:id	ID of the user to be updated

Payload

key	validations
first_name	optional, string, max length of 255
last_name	optional, string, max length of 255
middle_name	optional, string, max length of 255
ext_name	optional, string, max length of 255
email	optional, valid email format, unique
mobile_number	optional, mobile, international format ex. ++639064748223
telephone_number	optional, fixedLine, international format ex. +63272839123
sex	optional, `male` or `female`
birthday	optional, Y-m-d, not greater than today ex. 1997-12-20
home_address	optional, string, max length of 65,535
barangay_id	optional, valid ID
city_id	optional, valid ID
province_id	optional, valid ID
region_id	optional, valid ID
profile_picture_path	optional, valid URL format, max length of 255
active	optional, boolean
email_verified	optional, boolean
roles	optional, array of Role IDsex. [1, 2, 3]
password	optional, mixed case + numbers, min of 8, max 100, string
password_confirmation	same as password

Users

This collection provides functionalities for authorized administrators and super users to manage user data within the system. These functionalities include retrieving detailed information about specific users, updating user profiles, creating new user accounts, and soft-deleting users (deactivating accounts while preserving data). Additionally, administrators and super users can search for users by name or email and retrieve paginated user lists for efficient browsing of large datasets.

Endpoint Description

Deactivate user accounts through a soft deletion process. Soft-deleted users are no longer active but their data remains retrievable in the database.

Parameter

key	value
api/v1/users/:id	ID of the user to be deleted

Users

This collection provides functionalities for authorized administrators and super users to manage user data within the system. These functionalities include retrieving detailed information about specific users, updating user profiles, creating new user accounts, and soft-deleting users (deactivating accounts while preserving data). Additionally, administrators and super users can search for users by name or email and retrieve paginated user lists for efficient browsing of large datasets.

Endpoint Description

Create new user accounts within the system. Crucial for user onboarding and system administration

Payload

key	validations
first_name	required, string, max length of 255
last_name	required, string, max length of 255
middle_name	optional, string, max length of 255
ext_name	optional, string, max length of 255
email	required, valid email format
mobile_number	optional, mobile, international format ex. +639064748223
telephone_number	optional, fixedLine, international format ex. +63272839123
sex	optional, `male` or `female`
birthday	optional, Y-m-d, not greater than today ex. 1997-12-20
home_address	optional, string, max length of 65,535
barangay_id	optional, valid ID
city_id	optional, valid ID
province_id	optional, valid ID
region_id	optional, valid ID
profile_picture_path	optional, valid URL, max length of 65,535
active	optional, boolean
email_verified	optional, boolean
roles	required, array of Role IDsex. [1, 2, 3]
password	required, mixed case + numbers, min of 8, max 100, string
password_confirmation	required, same as password

Users

This collection provides functionalities for authorized administrators and super users to manage user data within the system. These functionalities include retrieving detailed information about specific users, updating user profiles, creating new user accounts, and soft-deleting users (deactivating accounts while preserving data). Additionally, administrators and super users can search for users by name or email and retrieve paginated user lists for efficient browsing of large datasets.

Endpoint Description

Obtain a paginated list of all users within the system. Pagination allows for efficient browsing of large user bases.

Query Parameters

key	description
sort_by	The field that the user list should be sorted by Example: ?sort_by=email or ?sort_by=user_profile.last_name
sort	Set the sort order. Example: ?sort=asc or ?sort=desc
limit	The maximum amount of users that should be displayed per page Example: ?limit=10
page	The current offset of the pagination Example: ?page=1
role	Return users with the specified roles. The value of the query parameter should be the Role ID Example: ?role=1
verified	Filter users via their verification status. Example: ?verified=1 - ruturnes verified users ?verified=2- returns unverfied users
email	Filter users via the specific email provided. Note that you need to encode the email value to be URL safe Example: ?email=te@example.com

Users

This collection provides functionalities for authorized administrators and super users to manage user data within the system. These functionalities include retrieving detailed information about specific users, updating user profiles, creating new user accounts, and soft-deleting users (deactivating accounts while preserving data). Additionally, administrators and super users can search for users by name or email and retrieve paginated user lists for efficient browsing of large datasets.

Endpoint Description

Replace the profile picture of any user with a new image. This functionality can be helpful for managing user profiles or branding purposes

Parameters

Key	Description
/api/v1/users/:id	ID of the user

Payload

Key	Validation
photo	Maxed size of 5MB, required, valid image format

Users

This collection provides functionalities for authorized administrators and super users to manage user data within the system. These functionalities include retrieving detailed information about specific users, updating user profiles, creating new user accounts, and soft-deleting users (deactivating accounts while preserving data). Additionally, administrators and super users can search for users by name or email and retrieve paginated user lists for efficient browsing of large datasets.

Endpoint Description

Search for users based on their name or email address. This functionality facilitates efficient identification and management of users

Query Parameters

key	description
query	A string value that can be part of the user's name or email Example: ?query=Lastname ?query=email-2

Users

This collection provides functionalities for authorized administrators and super users to manage user data within the system. These functionalities include retrieving detailed information about specific users, updating user profiles, creating new user accounts, and soft-deleting users (deactivating accounts while preserving data). Additionally, administrators and super users can search for users by name or email and retrieve paginated user lists for efficient browsing of large datasets.

Endpoint Description

This endpoint allows you to activate a user account. Once activated, the user can access any authenticated endpoint within the system, provided they have the appropriate permissions assigned to their role.

Route Parameters

key	value
api/v1/users/:id/activate	ID of the user

Users

This collection provides functionalities for authorized administrators and super users to manage user data within the system. These functionalities include retrieving detailed information about specific users, updating user profiles, creating new user accounts, and soft-deleting users (deactivating accounts while preserving data). Additionally, administrators and super users can search for users by name or email and retrieve paginated user lists for efficient browsing of large datasets.

Endpoint Description

This endpoint allows you to deactivate a user account. A deactivated user will no longer be able to access any authenticated endpoints within the system, including logging in.

Route Parameters

key	value
api/v1/users/:id/deactivate	ID of the user

Description

This public endpoint allows verification of email address availability before registration, user creation/update by authorized admins, and user profile updates. This functionality helps prevent duplicate registrations and ensures data integrity within the system. Users can leverage this endpoint to avoid registration errors, while authorized admins can validate information during user management tasks.

Query Parameters

value	description
value	URL-safe email string
excluded_id	optional, valid User ID

Description

This public endpoint allows verification of mobile number availability before registration, user creation/update by authorized admins, and user profile updates. This functionality helps prevent duplicate registrations and ensures data integrity within the system. Users can leverage this endpoint to avoid registration errors, while authorized admins can validate information during user management tasks.

Query Parameters

value	description
value	URL-safe mobile number
excluded_id	optional, valid User ID

Address

This collection offers public API endpoints for verifying the availability of email addresses and mobile numbers. These checks can be performed during user registration to avoid duplicates, by authorized admins during user creation or update for data integrity, and by users themselves when updating their profiles. This functionality helps prevent duplicate registrations and ensures unique user data within the system.

Description

Retrieve a list of all Philippine regions

Query Parameters

Key	Value
code	The code_correnpondence of the region ex: ?code=123123123

Address

This collection offers public API endpoints for verifying the availability of email addresses and mobile numbers. These checks can be performed during user registration to avoid duplicates, by authorized admins during user creation or update for data integrity, and by users themselves when updating their profiles. This functionality helps prevent duplicate registrations and ensures unique user data within the system.

Endpoint Description

Retrieve a list of Philippine provinces. The region ID or code correspondence may be specified as query parameters.

Query Parameters

value	description
region	Region IDAdd this query param if you need to filter by region ex: ?region=12
code	The code_correnpondence of the province ex: ?code=123123123

Address

This collection offers public API endpoints for verifying the availability of email addresses and mobile numbers. These checks can be performed during user registration to avoid duplicates, by authorized admins during user creation or update for data integrity, and by users themselves when updating their profiles. This functionality helps prevent duplicate registrations and ensures unique user data within the system.

Endpoint Description

Retrieve a list of Philippine cities. The province ID or code correspondence may be specified as query parameters.

Query Parameters

value	description
province	Province IDAdd this query param if you need to filter by province ex: ?province=28
code	The code_correnpondence of the city ex: ?code=123123123
classification	Filter by municipal or city ex: ?classification=city