Added responses to all API routes (either an error or a success message with the appropriate status code)
Disabled CSRF verification for API routes
Added JWT authentication with authentication routes similar to normal routes. Requests must be sent with the same content as normal registeration and login.
Edited middlewares, requests and services to adapt API requests.
Regarding JWT
For any request than needs authentication, a token must be attached in the header as x-access-token.
A token can be acquired during the login process. The response of a successful login request will contain this token.
The token will expire in 60 minutes. Token refreshment is missing.
NOTE all api requests must have a header accept: application/json
Regarding JWT
x-access-token
.NOTE all api requests must have a header
accept: application/json