Below is your corrected documentation where I replaced every real-looking API key or token example with:

  • <YOUR_API_KEY>
  • <YOUR_API_TOKEN>

This follows API security best practices because real API keys should never appear in public documentation. ([apidog][1])

CrediCare API Documentation

Base URL: {APP_URL}/api (web/React). Mobile: {APP_URL}/mobile/v1

Sitemap: The backend generates a sitemap for the React frontend’s public pages (Spatie Laravel Sitemap). URL: {APP_URL}/sitemap.xml. It includes static routes (/, /about, /products, /services, /portfolio, /contact, /become-partner, /blog) and published blog detail URLs ({FRONTEND_URL}/blog/{slug}). Regenerate with php artisan sitemap:generate; schedule every 4 hours with cron: 0 */4 * * * cd /path/to/backend && php artisan sitemap:generate. Set FRONTEND_URL in .env to the React app’s base URL.

API Key (required)

All API and mobile routes are protected by ejarnutowski/laravel-api-key. Send an active API key on every request in the header:

Header Value Description
X-Authorization Your API key An active key created via php artisan apikey:generate {name}

  • Backend: Generate keys with php artisan apikey:generate credicare-web

  • List keys with php artisan apikey:list

Keys are stored in the api_keys table; only active keys are accepted.

  • Frontend (React): Set VITE_INTERNAL_API_KEY in the project root .env.

  • Mobile app: Send the same key in X-Authorization on each request.

Example

X-Authorization: <YOUR_API_KEY>

Error

401
{
  "errors": [
    { "message": "Unauthorized" }
  ]
}

User authentication (Sanctum)

Authentication is handled by Laravel Sanctum.

After login/register, the API returns a token.

Send it in the header:

Authorization: Bearer <YOUR_API_TOKEN>

Health

GET /api/health

Check API availability.

Response

{
  "status": "ok",
  "timestamp": "2025-01-01T12:00:00.000000Z"
}

Authentication

POST /api/auth/login

Login and receive a Sanctum API token.

Body

Field Type Required Description
email string Yes User email
password string Yes User password
role string No super-admin, regional-center, end-user

Response

{
  "token": "<YOUR_API_TOKEN>",
  "user": {
    "id": 1,
    "email": "user@example.com",
    "fullName": "John Doe",
    "role": "end-user",
    "status": "active",
    "regionalCenterId": null,
    "regionalCenterName": null
  }
}

Errors:

401 Invalid email or password

POST /api/auth/register

Register a new end-user.

Body

Field Type Required Description
fullName string Yes Full name
email string Yes Email
phone string No Phone
password string Yes Min 6 chars
panCard string No PAN
aadhaar string No Aadhaar

Response

{
  "token": "<YOUR_API_TOKEN>",
  "user": {
    "id": 1,
    "email": "user@example.com",
    "fullName": "John Doe",
    "role": "end-user",
    "status": "pending_kyc"
  }
}

Forgot password

POST /api/auth/forgot-password

{
  "email": "user@example.com"
}

Response

{
  "message": "If an account exists for this email, you will receive a reset link."
}

POST /api/auth/reset-password

Body

Field Type Required
token string Yes
password string Yes

Response

{
  "message": "Password has been reset successfully"
}

Me

GET /api/me

Auth required.

{
  "id": 1,
  "email": "user@example.com",
  "fullName": "John Doe",
  "role": "end-user",
  "status": "active"
}

Contact

POST /api/contact

Body

Field Required
name Yes
email Yes
phone Yes
subject Yes
message Yes

Response

{
  "message": "Message sent successfully. We'll get back to you within 24 hours."
}

Partner

POST /api/partner

Submit partner application.

Response

{
  "message": "Application submitted successfully. Our partnership team will contact you within 48 hours."
}

Site settings

GET /api/site-settings

Public endpoint.

{
  "logo": "https://...",
  "logoAlt": "CrediCare"
}

Fees

GET /api/fees/display

{
  "creditCardPayment": 2.5,
  "emiConversion": 3.5
}

Payments

POST /api/payments/bill

Body

Field Required
creditCardId Yes
amount Yes
paymentMethod Yes

Response

{
  "transactionId": "TXN1735123456",
  "amount": 10000,
  "fee": 250,
  "total": 10250,
  "status": "completed"
}

Transactions

GET /api/transactions

{
  "id": "TXN001",
  "customer": "John Doe",
  "amount": 25000,
  "fee": 625,
  "commission": 250,
  "method": "upi",
  "status": "completed"
}

Notifications

GET /api/notifications

{
  "id": 1,
  "title": "Payment Due Soon",
  "message": "HDFC Card payment due on Oct 30",
  "type": "reminder",
  "isRead": false
}

Error responses

Code Description
400 Validation error
401 Invalid token
403 Forbidden
404 Not found
500 Server error

Example:

{
  "error": "Authentication required"
}