API Documentation (Legacy v1.0)

🚀 Switch to New Docs

Introduction

Welcome to the HR System API documentation. This API provides comprehensive access to all HR management features including employee management, attendance tracking, leave management, payroll, and more.

Base URL: http://127.0.0.1:8000/api
API Version: v1.0
Total Endpoints: 70+
Authentication: API Key + Bearer Token (Laravel Sanctum)

Authentication

All API requests require two layers of authentication:

1. API Key (Required for ALL requests)

Include the API key in the request header:

Header 
X-API-KEY: your-api-key-here

2. Bearer Token (Required for protected endpoints)

After login, include the bearer token:

Header 
Authorization: Bearer your-sanctum-token-here
⚠️ Rate Limiting:
• Public endpoints (register, login): 30 requests/minute
• Protected endpoints: 600 requests/minute

Authentication Endpoints

POST /api/auth/register Public

Register a new employee account with email or phone number.

Request Body:

JSON 
{
  "email": "employee@example.com",
  "phone": "+201234567890",
  "password": "Password123!",
  "password_confirmation": "Password123!"
}

Success Response (201):

JSON 
{
  "success": true,
  "message": "Registration successful. Please verify your OTP.",
  "data": {
    "user_id": 1,
    "email": "employee@example.com",
    "requires_verification": true
  }
}

cURL Example:

bash 
curl -X POST http://127.0.0.1:8000/api/auth/register \
  -H "X-API-KEY: your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "employee@example.com",
    "password": "Password123!",
    "password_confirmation": "Password123!"
  }'
POST /api/auth/verify-otp Public

Verify the OTP sent to email/phone after registration.

Request Body:

JSON 
{
  "identifier": "employee@example.com",
  "otp": "123456"
}

Success Response (200):

JSON 
{
  "success": true,
  "message": "OTP verified successfully.",
  "data": {
    "verified": true
  }
}
POST /api/auth/login Public

Authenticate user and receive access token.

Request Body:

JSON 
{
  "email": "employee@example.com",
  "password": "Password123!"
}

Success Response (200):

JSON 
{
  "success": true,
  "message": "Login successful.",
  "data": {
    "token": "1|abcdef123456...",
    "user": {
      "id": 1,
      "email": "employee@example.com",
      "role": "employee",
      "profile_complete": false
    }
  }
}
POST /api/auth/logout Employee

Logout current session (revoke current token).

Headers Required:

Headers 
X-API-KEY: your-api-key
Authorization: Bearer your-sanctum-token

Success Response (200):

JSON 
{
  "success": true,
  "message": "Logged out successfully."
}
POST /api/auth/forgot-password Public

Request OTP for password reset.

Request Body:

JSON 
{
  "identifier": "employee@example.com"
}
DELETE /api/auth/delete-account Employee

Permanently delete user account and all associated data.

Profile Management

GET /api/profile Employee

Get current user's employee profile.

POST /api/profile/complete Employee

Complete employee profile with required information.

Request Body:

JSON 
{
  "first_name": "Ahmad",
  "last_name": "Hassan",
  "date_of_birth": "1990-05-15",
  "gender": "male",
  "national_id": "12345678901234",
  "address": "123 Main St, Cairo",
  "department_id": 1,
  "position": "Software Engineer",
  "employment_date": "2024-01-01",
  "salary": 15000
}
PUT /api/profile Employee

Update employee profile information.

Departments

GET /api/departments Employee

Get list of all departments.

GET /api/departments/{id} Employee

Get specific department details.

POST /api/departments Admin Only

Create a new department.

Request Body:

JSON 
{
  "name": "Engineering",
  "description": "Software development team",
  "manager_id": 2
}
PUT /api/departments/{id} Admin Only

Update department information.

DELETE /api/departments/{id} Admin Only

Delete a department.

Attendance Management

Track employee check-in, check-out, and attendance history.

POST /api/attendance/check-in Employee

Check in for the current day.

POST /api/attendance/check-out Employee

Check out for the current day.

GET /api/attendance/today Employee

Get today's attendance record.

GET /api/attendance/history Employee

Get attendance history with pagination.

Query Parameters:

Parameter Type Description
start_date date Filter from date (YYYY-MM-DD)
end_date date Filter to date (YYYY-MM-DD)
page integer Page number for pagination
GET /api/attendance Manager

Get all employees' attendance records (Manager/Admin).

GET /api/attendance/report Manager

Generate attendance report for all employees.

Leave Management

GET /api/leaves/types Employee

Get available leave types (annual, sick, emergency, etc.).

POST /api/leaves Employee

Request a new leave.

Request Body:

JSON 
{
  "leave_type": "annual",
  "start_date": "2024-02-01",
  "end_date": "2024-02-05",
  "reason": "Family vacation"
}
GET /api/leaves/balance Employee

Get leave balance and quota.

GET /api/leaves/pending Manager

Get all pending leave requests for approval.

PUT /api/leaves/{id}/status Manager

Approve or reject leave request.

Request Body:

JSON 
{
  "status": "approved",
  "notes": "Approved for vacation"
}

Task Management

GET /api/tasks Employee

Get assigned tasks for the current employee.

POST /api/tasks Manager

Create and assign a new task.

Request Body:

JSON 
{
  "title": "Implement new feature",
  "description": "Add user authentication module",
  "assigned_to": 5,
  "due_date": "2024-02-15",
  "priority": "high",
  "status": "pending"
}
PUT /api/tasks/{id}/status Employee

Update task status (in_progress, completed, etc.).

POST /api/tasks/{id}/comments Employee

Add comment to a task.

POST /api/tasks/{id}/attachments Employee

Upload attachment to a task.

Payroll Management

GET /api/payroll Employee

Get employee's payroll history.

GET /api/payroll/{id} Employee

Get specific payslip details.

POST /api/payroll/generate Admin Only

Generate payroll for a specific month.

Request Body:

JSON 
{
  "month": "2024-01",
  "employee_ids": [1, 2, 3]
}

Internal Messaging

GET /api/messages/inbox Employee

Get inbox messages.

POST /api/messages Employee

Send a message to another employee.

Request Body:

JSON 
{
  "recipient_id": 3,
  "subject": "Project Update",
  "body": "The new feature is ready for testing."
}

Notifications

GET /api/notifications Employee

Get all notifications for the current user.

PUT /api/notifications/{id}/read Employee

Mark notification as read.

PUT /api/notifications/read-all Employee

Mark all notifications as read.

Dashboard & Analytics

GET /api/dashboard/employee Employee

Get employee dashboard statistics.

GET /api/dashboard/manager Manager

Get manager dashboard with team statistics.

GET /api/dashboard/admin Admin Only

Get admin dashboard with full company statistics.

GET /api/dashboard/burnout-stats Employee

Get employee burnout risk statistics.

Reports (Admin Only)

GET /api/reports/attendance Admin Only

Generate comprehensive attendance report.

GET /api/reports/leaves Admin Only

Generate leave usage report.

GET /api/reports/payroll Admin Only

Generate payroll summary report.

GET /api/reports/expenses Admin Only

Generate expense summary report.

Expense Management

POST /api/expenses Employee

Submit a new expense claim.

Request Body:

JSON 
{
  "amount": 500.00,
  "category": "travel",
  "description": "Client meeting transportation",
  "date": "2024-01-15",
  "receipt_url": "uploads/receipts/receipt123.pdf"
}
GET /api/expenses/pending Manager

Get pending expenses for approval.

PUT /api/expenses/{id}/status Manager

Approve or reject expense claim.

Office Assets

GET /api/assets/my Employee

Get assets assigned to the current employee.

POST /api/assets Admin Only

Add a new asset to the system.

Request Body:

JSON 
{
  "name": "MacBook Pro",
  "asset_id": "COMP-001",
  "category": "computer",
  "purchase_date": "2024-01-01",
  "value": 3000.00
}
POST /api/assets/{id}/assign Admin Only

Assign asset to an employee.

File Uploads

POST /api/uploads/profile-image Employee

Upload profile image.

Request (multipart/form-data):

Form Data 
image: [file]
POST /api/uploads/receipt Employee

Upload expense receipt.

POST /api/uploads/task-attachment Employee

Upload task attachment.

POST /api/uploads/multiple Employee

Upload multiple files at once.

DELETE /api/uploads Employee

Delete an uploaded file.

Error Handling

All API errors follow a consistent format:

JSON 
{
  "success": false,
  "message": "Error description",
  "errors": {
    "field_name": ["Validation error message"]
  }
}

Common HTTP Status Codes:

Code Meaning Description
200 OK Request successful
201 Created Resource created successfully
400 Bad Request Invalid request data
401 Unauthorized Authentication required or failed
403 Forbidden Insufficient permissions
404 Not Found Resource not found
422 Unprocessable Entity Validation errors
429 Too Many Requests Rate limit exceeded
500 Server Error Internal server error