Laravel REST API

Bearer Token Authentication, PDF Generation and ZUGFeRD 2.0 E-Invoicing

Authentication

Protected endpoints require a Bearer Token in the Authorization header.

Header Format
Authorization: Bearer YOUR_TOKEN Content-Type: application/json
GET Public

Health Check

/api/v1/health

Checks if the API is available.

Response
{"status": "healthy", "version": "v1"}
POST Public

Login

/api/v1/login

Authenticates a user and returns a Bearer Token.

Parameters
NameTypeDescription
email*stringEmail address
password*stringPassword
device_namestringOptional token name (default: "api-token")
expires_atstringOptional expiration date (e.g., "2025-12-31 23:59:59")
expires_in_daysintegerOptional days until expiration (1-365)
Response
{ "message": "Login successful", "user": {"id": 1, "name": "Test User", "email": "test@example.com"}, "token": "1|abc...", "token_type": "Bearer", "expires_at": "2025-12-31 23:59:59" }
GET Auth

User Info

/api/v1/user

Returns information about the authenticated user.

Response
{"user": {"id": 1, "name": "Test User", "email": "..."}}
POST Auth

Logout

/api/v1/logout

Invalidates the current token.

Response
{"message": "Logged out successfully"}
GET Auth

Ping

/api/v1/ping

Protected health check with user info.

Response
{"message": "pong", "user": {...}}
POST Auth

Create Personal Access Token

/api/v1/tokens

Creates a new personal access token with optional expiry date. Similar to GitHub's personal access tokens.

Parameters
NameTypeDescription
name*stringToken name/description (max 255 chars)
expires_atstringSpecific expiration date (e.g., "2025-12-31 23:59:59")
expires_in_daysintegerDays until expiration (1-365)
Note: Either expires_at or expires_in_days can be provided. If neither is provided, the token will not expire.
Request Example
{ "name": "My API Token", "expires_in_days": 30 }
Response
{ "message": "Token created successfully", "token": { "id": 1, "name": "My API Token", "token": "1|abc123...", "expires_at": "2025-12-31 23:59:59", "created_at": "2025-12-04 10:00:00" } }
GET Auth

List Personal Access Tokens

/api/v1/tokens

Returns all personal access tokens for the authenticated user.

Response
{ "tokens": [ { "id": 1, "name": "My API Token", "expires_at": "2025-12-31 23:59:59", "last_used_at": "2025-12-04 10:30:00", "created_at": "2025-12-04 10:00:00", "is_expired": false } ], "count": 1 }
DELETE Auth

Revoke Token

/api/v1/tokens/{tokenId}

Revokes (deletes) a specific personal access token by ID.

URL Parameters
NameTypeDescription
tokenId*integerToken ID to revoke
Response
{ "message": "Token revoked successfully" }
Revoke All Tokens
DELETE /api/v1/tokens

Revokes all personal access tokens for the authenticated user.

GET Auth

Standard PDF

/api/v1/test-pdf

Generates a test invoice as PDF.

Response
Content-Type: application/pdf
GET Auth ZUGFeRD

ZUGFeRD PDF

/api/v1/test-zugferd-pdf

ZUGFeRD 2.0 compliant e-invoice according to EN16931 with embedded XML.

Response
Content-Type: application/pdf (PDF/A-3 with XML)
GET Auth ZUGFeRD

ZUGFeRD XML

/api/v1/test-zugferd-xml

Returns only the ZUGFeRD XML.

Response
Content-Type: application/xml