Cookbook API
Layman's summary
This page contains examples of the most frequently used APIs: login, create SPB, update PO, OTP membership, and FCM token.
Most Frequent API Flow Visuals
Sequence End-to-End API (Core)
1) Login API v1 (Sanctum)
curl -X POST 'https://<host>/api/v1/user/login' \
-H 'Content-Type: application/json' \
-d '{"username":"headm","password":"password"}'
Indicative response:
{
"data": {
"access_token": "1|xxxxx",
"user": {"id": 1, "role": "head_admin"}
}
}
2) Create SPB from API (Project)
curl -X POST 'https://<host>/api/v1/project/spb/0001-AJU-SPB(PROJ)I-2026' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"delivery_date": "2026-03-10",
"items": [
{"name":"Semen","quantity":50,"unit":"sak","notes":"Type A"}
]
}'
3) Update PO status from Project/SPV (received)
curl -X POST 'https://<host>/api/v1/project/spb/SPBNO/po/PONO' \
-H 'Authorization: Bearer <token>' \
-F 'status=received' \
-F 'notes=Barang sudah diterima'
4) OTP Request Membership
curl -X POST 'https://<host>/membership/otp/request' \
-H 'Content-Type: application/json' \
-d '{"email":"user@domain.com"}'
5) Save FCM Membership
curl -X PATCH 'https://<host>/membership/fcm' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{"token":"fcm-device-token"}'
Quick Visual Summary (Endpoint)
| Use cases | Endpoints | Method | Auth |
|---|---|---|---|
| Login | /api/v1/user/login | POST | No. |
| Create SPB | /api/v1/project/spb/{spbNo} | POST | Bearers |
| Update PO status | /api/v1/project/spb/{spbNo}/po/{poNo} | POST/PATCH (depending on route) | Bearers |
| OTP request | /membership/otp/request | POST | No. |
| Save FCM | /membership/fcm | PATCHES | Bearers |
Client implementation tips
- Save tokens per user-session.
- Handle 403 for role violations.
- For the
match(POST,PATCH)endpoint, ensure the role matches the action.
Verification Notes
- Status: Partial
- Scope: Login payload (
usernamevsemail) and membership URL prefix between environments. - Action: Direct validation of the request class + route configuration in the target environment before client implementation.