Authentication

Builda uses **Laravel Sanctum** for token-based API authentication. All API requests (REST and GraphQL) require a valid Bearer token.

Authentication

Overview

Builda uses Laravel Sanctum for token-based API authentication. All API requests (REST and GraphQL) require a valid Bearer token.

Getting a Token

POST `/api/v1/login`

{
  "email": "your@email.com",
  "password": "your-password"
}

Response:

{
  "success": true,
  "data": {
    "token": "1|abc123...",
    "user": { ... }
  }
}

Using the Token

Include the token in the Authorization header of all subsequent requests:

Authorization: Bearer 1|abc123...

Logging Out

POST `/api/v1/logout`

Revokes the current token. Requires the Authorization header.

Token Expiry

Tokens do not expire by default but can be revoked via logout or by an admin. Contact the Builda team if you need token expiry configured for your instance.