[GP]247
Tiếng Việt
Overview
- Platform: GP247 is built on Laravel and uses Laravel Sanctum for authentication.
- Security: In addition to Sanctum access tokens, GP247 adds an extra security layer via the
apiconnection/apikeypair.
API Categories
- Front API: Public data, or data that requires a signed-in customer account.
- Core API: Administrative/management data, restricted to admin accounts with elevated authentication.
Authentication
- Access Token (Sanctum):
- Used by both front and core APIs to identify the customer/admin.
- Sent in the Authorization header as a Bearer token.
- Additional security (optional):
apiconnection/apikey:- An identifier/secret key pair used alongside the access token to increase security.
- Note: if enabled,
apiconnection/apikeyapplies to all endpoints.
Recommended HTTP Headers
Authorization: Bearerapiconnection: apikey:
Basic Authentication Flow
- Front API:
- The user signs in to obtain an
access_token(Sanctum). - Call the API with
Authorization: Bearer. - If the endpoint requires it, include
apiconnection/apikey.
- The user signs in to obtain an
- Core API:
- The admin signs in to obtain an
access_token(Sanctum). - Call the API with
Authorization: Bearerand, if configured, includeapiconnection/apikey(often required).
- The admin signs in to obtain an
Obtain access_token
- Customer (Front API):
- Method: POST
https://{domain}/api/front/login - Body (JSON):
email,password,remember_me(boolean, optional)
- Method: POST
- Admin (Core API):
- Method: POST
https://{domain}/api/core/login - Body (JSON):
username,password,remember_me(boolean, optional)
- Method: POST
Manage apiconnection security
- Navigate: Admin -> API Manager -> API Config
Disable API
- Configure in
.env:GP247_API_MODE=0
API sequence:
