Skip to main content

Obtaining a token

Make a POST request to the login endpoint: 
POST /v1/auth/login
Content-Type: application/json

{
  "email": "user@example.com",
  "password": "your_password"
}
Success response (200): 
{
  "success": true,
  "data": {
    "token": "1|abc123...",
    "user": {
      "id": 1,
      "name": "Jane Smith",
      "email": "user@example.com"
    }
  }
}
Failed authentication (401): 
{
  "success": false,
  "message": "Invalid credentials."
}

Using the token

Pass the token as a Bearer header on every protected request: 
GET /v1/user
Authorization: Bearer 1|abc123...

Token management

Tokens are scoped to a single device. Each login call creates a new token. Logout (current device): 
POST /v1/auth/logout
Authorization: Bearer {token}
Logout all devices: 
POST /v1/auth/logout-all
Authorization: Bearer {token}

Email verification

If email verification is enabled on your StartMyVPN installation, API users must verify their email before accessing protected endpoints. Resend verification email: 
POST /v1/auth/resend-verification
Authorization: Bearer {token}
Verify email with code: 
POST /v1/auth/verify-email
Content-Type: application/json

{
  "token": "verification_token_from_email"
}

Password reset

Request reset (sends email): 
POST /v1/auth/forgot-password
Content-Type: application/json

{
  "email": "user@example.com"
}
Submit new password: 
POST /v1/auth/reset-password
Content-Type: application/json

{
  "token": "reset_token_from_email",
  "email": "user@example.com",
  "password": "new_password",
  "password_confirmation": "new_password"
}