VieclamVang

API Developer Portal

Production-ready REST API

Build faster with the VieclamVang API Developer Portal.

Everything you need to integrate authentication, profile management, roles, files, settings, and dashboard data from the VieclamVang platform.

Authentication

Sanctum token flow, login, refresh, and Bearer usage.

API Endpoints

Public and protected route groups from `routes/api.php`.

Rate Limits

Token TTL and throttling values relevant to auth flows.

Error Handling

Standard error envelope and common status code responses.

Base URL

https://api.vieclamvang.com/api/v1

Authentication

The API uses Laravel Sanctum personal access tokens. Login returns an `access_token` and `refresh_token`. Send the access token in the Authorization header.

POST /auth/login

{
  "email": "dev@vieclamvang.com",
  "password": "your-password"
}

Success Response

{
  "success": true,
  "data": {
    "access_token": "1|...",
    "refresh_token": "2|...",
    "token_type": "Bearer",
    "expires_in": 300
  }
}

Authenticated Request Header

Authorization: Bearer {access_token}
Accept: application/json

API Endpoints

Primary endpoints from the core API route file. Protected routes require `auth:sanctum` + `abilities:access` and may require permission middleware.

Public Endpoints

POST/auth/login
POST/auth/register
POST/auth/refresh
POST/auth/forgot-password
POST/auth/verify-otp
POST/auth/reset-password
GET/system/health
GET/system/timezones
GET/settings/public

Protected Endpoints

POST/auth/logout
GET/profile, /profile/activities, /profile/sessions
PUT/profile, /profile/password, /users/{user}/password
DELETE/profile/avatar, /profile/sessions/{id}
RESOURCE/users, /roles, /files, /activities
GET/permissions, /dashboard, /dashboard/stats
PUT/dashboard/layout, /settings

Rate Limiting & Token Lifetime

300s

Access token TTL (`config('cms.access_token_ttl_seconds')`).

60m

Password reset token expiry (`config/auth.php`).

60s

Password reset token generation throttle (`config/auth.php`).

Error Handling

Error responses follow a consistent envelope with `success: false` and an `error` object containing `code`, `message`, and optional `errors` details.

HTTP	Error Code	Meaning
401	UNAUTHENTICATED / AUTH_INVALID_CREDENTIALS	Missing or invalid credentials/token.
422	VALIDATION_ERROR	Request validation failed.
401	AUTH_TOKEN_INVALID	Refresh token invalid or expired.

{
  "success": false,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "The email field is required.",
    "errors": {
      "email": ["The email field is required."]
    }
  }
}