Authentication
LuxMart API uses token-based authentication. After successful login, you receive an access token that must be included in subsequent requests.
Authentication Flow
Standard Flow
- Register a user or store account
- Verify OTP sent to your email
- Login with credentials to receive an access token
- Use the token in the Authorization header for protected endpoints
Google OAuth Flow (Users Only)
- Initiate OAuth - Redirect user to Google OAuth consent screen
- User authorizes - User grants permissions
- Receive code - Google redirects back with authorization code
- Exchange code - Send code to
/v1/accounts/login/google/to receive access token - Use the token - Use the token in the Authorization header for protected endpoints
See Login with Google OAuth for detailed documentation.
Using the Token
Include the token in the Authorization header with the format:
Example Request
curl -X GET "https://api.luxmart.site/v1/accounts/user/site/" \
-H "Authorization: Token your_access_token_here"
Token Expiration
Tokens expire after 30 days of inactivity. You'll need to login again to get a new token.
Role-Based Access
Different endpoints require different user roles:
- User (Role: "1"): Regular customer access
- Store (Role: "3"): Store owner access
- Admin (Role: "2"): Administrator access
Some endpoints are restricted to specific roles. Attempting to access restricted endpoints will return a 403 Forbidden error.
Error Responses
Missing Token
Status Code: 401 Unauthorized
Invalid Token
Status Code: 401 Unauthorized
Access Denied
Status Code: 403 Forbidden
Public Endpoints
The following endpoints do not require authentication:
- User/Store Registration
- Login endpoints (including Google OAuth)
- OTP verification
- Password reset
- Get all stores (public)
- Get all categories
- Get all brands
- Get site products (public)
- Get currencies (public)
- Get countries and cities
- Create contact form
- Create email subscription