Download OpenAPI specification:
REST API for Stedilica.
Protected endpoints require a JWT Bearer token (Lexik JWT Authentication Bundle).
Call POST /api/login_check with JSON {"username":"<email>","password":"<password>"}.
The username field is the user's email address.
Use the returned token value in the Authorization header:
Authorization: Bearer <token>
Endpoints under /api/public/* are anonymous. All other /api/* routes require a valid JWT unless noted otherwise.
Register a new account (POST /api/register) or obtain a JWT (POST /api/login_check) via email and password.
Authenticate with the user's email and password.
On success, returns a signed JWT. Send it on protected endpoints as:
Authorization: Bearer <token>
The username field must contain the account email address (see User entity).
| username required | string <email> User email address (json_login username field). |
| password required | string <password> |
{- "username": "user@example.com",
- "password": "secret"
}{- "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9..."
}Create a new account with email (username field) and password.
On success, a verification email is sent (same flow as the web registration page). The account must be verified before full access, depending on your app configuration.
| username required | string <email> Default: "" User email address (stored as User.email). |
| password required | string <password> [ 6 .. 4096 ] characters Default: "" |
{- "username": "user@example.com",
- "password": "secret12"
}{- "message": "Registration successful. Please check your email to verify your account.",
- "email": "user@example.com"
}