API

[AhmadElsagheer]

• Added responses to all API routes (either an error or a success message with the appropriate status code)
• Disabled CSRF verification for API routes
• Added JWT authentication with authentication routes similar to normal routes. Requests must be sent with the same content as normal registeration and login.
• Edited middlewares, requests and services to adapt API requests.

Regarding JWT

• For any request than needs authentication, a token must be attached in the header as x-access-token.
• A token can be acquired during the login process. The response of a successful login request will contain this token.
• The token will expire in 60 minutes. Token refreshment is missing.

NOTE all api requests must have a header accept: application/json