Authentication API

Dokumentasi API endpoints untuk autentikasi.

Base URL

/api/v1/auth

Endpoints

Melakukan autentikasi pengguna.

Endpoint: POST /api/v1/auth/login

Request Body:

{
    "no_pegawai": "string",
    "kata_sandi": "string"
}

Field	Type	Required	Description
`no_pegawai`	string	✅	Nomor pegawai
`kata_sandi`	string	✅	Password pengguna

Response Success (200):

{
    "code": 200,
    "status": true,
    "message": "Login berhasil",
    "data": {
        "token": "xxxeyJhbGciOiJIUzI1NiIs...xxxxx",
        "user": {
            "id": "550e8400-e29b-41d4-a716-446655440000",
            "no_pegawai": "123456",
            "nama": "John Doe",
            "email": "john@example.com",
            "tipe_pegawai": "pns",
            "hak_akses_id": "admin"
        }
    }
}

Response Error (401):

{
    "code": 401,
    "status": false,
    "message": "No pegawai atau password salah"
}

Response Password Expired (401):

{
    "code": 401,
    "status": false,
    "message": "Password expired",
    "data": {
        "requirePasswordReset": true
    }
}

Example Request:

curl -X POST http://localhost:8000/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "no_pegawai": "123456",
    "kata_sandi": "Password1!"
  }'

Logout

Logout pengguna (invalidate session).

Endpoint: POST /api/v1/auth/logout

Headers:

Header	Value	Required
`Authorization`	`xxxTOKENxxxxx`	✅

Response Success (200):

{
    "code": 200,
    "status": true,
    "message": "Logout berhasil"
}

Example Request:

curl -X POST http://localhost:8000/api/v1/auth/logout \
  -H "Authorization: xxxeyJhbGciOiJIUzI1NiIs...xxxxx"

Get Profile

Mendapatkan informasi pengguna yang sedang login.

Endpoint: GET /api/v1/auth/profile

Headers:

Header	Value	Required
`Authorization`	`xxxTOKENxxxxx`	✅

Response Success (200):

{
    "code": 200,
    "status": true,
    "message": "Success",
    "data": {
        "id": "550e8400-e29b-41d4-a716-446655440000",
        "no_pegawai": "123456",
        "nama": "John Doe",
        "email": "john@example.com",
        "tipe_pegawai": "pns",
        "hak_akses": {
            "id": "admin",
            "nama": "Administrator"
        }
    }
}

Example Request:

curl -X GET http://localhost:8000/api/v1/auth/profile \
  -H "Authorization: xxxeyJhbGciOiJIUzI1NiIs...xxxxx"

Change Password

Mengubah password pengguna yang sedang login.

Endpoint: PUT /api/v1/auth/change-password

Headers:

Header	Value	Required
`Authorization`	`xxxTOKENxxxxx`	✅

Request Body:

{
    "kata_sandi_lama": "string",
    "kata_sandi": "string",
    "konfirmasi_kata_sandi": "string"
}

Field	Type	Required	Description
`kata_sandi_lama`	string	✅	Password lama
`kata_sandi`	string	✅	Password baru
`konfirmasi_kata_sandi`	string	✅	Konfirmasi password baru

Password Requirements:

Minimal 8 karakter
Minimal 1 huruf kecil
Minimal 1 huruf besar
Minimal 1 angka
Minimal 1 karakter spesial

Response Success (200):

{
    "code": 200,
    "status": true,
    "message": "Password berhasil diubah"
}

Response Error (400):

{
    "code": 400,
    "status": false,
    "message": "Password baru tidak memenuhi kriteria"
}

Example Request:

curl -X PUT http://localhost:8000/api/v1/auth/change-password \
  -H "Content-Type: application/json" \
  -H "Authorization: xxxeyJhbGciOiJIUzI1NiIs...xxxxx" \
  -d '{
    "kata_sandi_lama": "OldPassword1!",
    "kata_sandi": "NewPassword1!",
    "konfirmasi_kata_sandi": "NewPassword1!"
  }'

Refresh Token

Mendapatkan token baru dengan token yang masih valid.

Endpoint: POST /api/v1/auth/refresh

Headers:

Header	Value	Required
`Authorization`	`xxxTOKENxxxxx`	✅

Response Success (200):

{
    "code": 200,
    "status": true,
    "message": "Token refreshed",
    "data": {
        "token": "xxxNEW_TOKENxxxxx"
    }
}

Example Request:

curl -X POST http://localhost:8000/api/v1/auth/refresh \
  -H "Authorization: xxxeyJhbGciOiJIUzI1NiIs...xxxxx"

Error Codes

Code	Status	Description
200	Success	Request berhasil
400	Bad Request	Input tidak valid
401	Unauthorized	Token tidak valid atau expired
403	Forbidden	Tidak memiliki akses
404	Not Found	Resource tidak ditemukan
500	Internal Error	Server error

Token Format

Token dikembalikan dan dikirim dengan format khusus:

xxx[ACTUAL_JWT_TOKEN]xxxxx

Prefix: xxx (3 karakter)
Suffix: xxxxx (5 karakter)

Security Notes

Token expired dalam 24 jam
Simpan token dengan aman (httpOnly cookie recommended)
Jangan expose token di URL
Selalu gunakan HTTPS

Base URL​

Endpoints​

Login​

Logout​

Get Profile​

Change Password​

Refresh Token​

Error Codes​

Token Format​

Security Notes​

Base URL

Endpoints

Login

Logout

Get Profile

Change Password

Refresh Token

Error Codes

Token Format

Security Notes