Version: 1.0.0 Category: Authentication
Examples of webapp authentication flows including login, authenticated requests, unauthorized handling, and logout.
Login to the webapp and receive a session cookie.
Request:
{
"method": "POST",
"url": "http://localhost:8080/api/auth/login",
"headers": {
"Content-Type": "application/json"
},
"body": {
"username": "player_username",
"password": "player_password"
}
}
Response (200):
{
"headers": {
"Set-Cookie": "PHPSESSID=abc123def456; Path=/; HttpOnly",
"Content-Type": "application/json"
},
"body": {
"success": true,
"message": "Login successful"
}
}
Next Steps:
session.cookie = 'PHPSESSID=abc123def456'GET /api/guild/this with Cookie header)Login failure with invalid credentials.
Request:
{
"method": "POST",
"url": "http://localhost:8080/api/auth/login",
"headers": {
"Content-Type": "application/json"
},
"body": {
"username": "invalid_user",
"password": "wrong_password"
}
}
Response (401):
{
"body": {
"success": false,
"message": "Invalid credentials"
}
}
Make an authenticated request using the session cookie obtained at login.
Request:
{
"method": "GET",
"url": "http://localhost:8080/api/guild/this",
"headers": {
"Cookie": "PHPSESSID=abc123def456",
"Accept": "application/json"
}
}
Response (200):
{
"guild": {
"id": "1",
"name": "My Guild"
}
}
Request made without authentication.
Request:
{
"method": "GET",
"url": "http://localhost:8080/api/guild/this",
"headers": {
"Accept": "application/json"
}
}
Response (401):
{
"error": "Unauthorized",
"message": "Authentication required"
}
Logout and clear the session.
Request:
{
"method": "GET",
"url": "http://localhost:8080/api/auth/logout",
"headers": {
"Cookie": "PHPSESSID=abc123def456"
}
}
Response (200):
{
"success": true,
"message": "Logged out successfully"
}
Next Steps:
session.cookie = null