📡 API Overview

Welcome to the Cardikit API documentation. This API powers the backend of Cardikit and is designed for use by frontend developers and backend integrators alike. It is session-based, uses CSRF protection, and enforces rate limiting to ensure secure and predictable behavior.

🌐 Base URL

Production: https://yourdomain.com/api/v1
Development: http://localhost/api/v1

All endpoints described in this documentation are relative to the base URL.

🔑 Authentication

Cardikit uses session-based authentication. Once a user logs in, the session cookie will be maintained across requests.

CSRF Protection: Required for all authenticated POST, PUT, and DELETE requests.
Rate Limiting: All auath-related endpoints are limited to 5 requests per minute over IP.
Session-based: Session cookies must be included with each request.

📄 see the full Authentication API documentation.

📦 Available Sections

Explore the following parts of the API:

🔐 Authentication - Register, login, and logout users.
👤 User Info - Get and update user information.

📄 Request/Response Format

All requests and responses are in JSON format.

✅ Success Example:

{
    "message": "Success",
    "data": {
        "id": 1,
        "name": "John Doe"
    }
}

❌ Error Example (Validation Failure):

{
    "message": "Validation Failed",
    "errors": {
        "email": ["The email field is required."]
    }
}

❌ Error Example (Unauthorized):

{
    "message": "Unauthenticated"
}

🛠️ Developer Tips

All requests should include the header:

Accept: application/json

For POST, PUT, and DELETE requests, include the CSRF header:

X-CSRF-TOKEN: your_csrf_token_here

Tools like Postman or Insomnia are recommended for testing.

🎉 Happy building!