API documentation

Skill-Age ships a Laravel REST API under the /v1 prefix. The Next.js app exposes same-origin BFF routes (/api/…) that forward cookies or env tokens server-side — browsers never hold long-lived Laravel service keys when only staff login is used.

Environment (Next server)

Set one of these to the Laravel API root (include /api, no trailing slash):

Recommended for server-side fetches

LARAVEL_INTERNAL_API_URL=http://127.0.0.1:8000/api

# Fallback when internal URL unset:
NEXT_PUBLIC_LARAVEL_API_URL=http://127.0.0.1:8000/api

Optional automation: LARAVEL_API_TOKEN (Bearer) — used when no staff cookie is present. Operational sign-in prefers Laravel email/password via Admin login.

Canonical Laravel paths

Full URL shape: …/api/v1/…

Public (no Bearer required unless noted in routes)

GET  /v1/public/cycles/current
GET  /v1/public/leaderboard?page_size=&search=&sort=
POST /v1/public/competition/register
GET  /v1/public/careers/openings
GET  /v1/public/blog/posts
GET  /v1/public/honourees
GET  /v1/public/volunteers/opportunities
POST /v1/public/volunteers/apply
POST /v1/contact
POST /v1/public/payments/initialize
POST /v1/public/awards/nominations

Staff (Sanctum Bearer token — login response):

POST /v1/auth/login
POST /v1/auth/logout
GET  /v1/auth/me

GET  /v1/finance/ledger
POST /v1/finance/ledger
GET  /v1/finance/insights

GET  /v1/admin/metrics/overview
GET  /v1/admin/metrics/super-admin
…/v1/admin/… (blog, honourees, volunteers, careers, offline-manifests, etc.)

Paystack webhook (server-to-server):POST /api/webhooks/paystack— relative to the Laravel app's deployment root as configured on Paystack (not necessarily under v1).

Next.js BFF gateways

Prefer calling these from the browser so credentials stay on your site origin:

POST /api/public/competition/register — forwards body to Laravel public register (throttled upstream).
GET /api/public/honourees — laureates wall (featured + list payload for the public Honourees page).
GET|POST /api/finance/ledger,GET /api/finance/insights — require admin gate when ADMIN_SESSION_SECRET is set; forward staff Bearer.
/api/admin/bff/… — metrics, careers catch-all, offline manifests, blog, volunteers; same staff/env auth as forwarding layer.

Roles & super-admin routes

Laravel route middleware restricts each admin capability (e.g. finance, verifier, coordinator). Paths under Next /admin/super-admin/** additionally require API configuration, an active Sanctum staff token cookie, and super_admin (or is_super_admin) on GET /v1/auth/me.

Partner integrations

For quotas, SLA, alternate auth (OAuth clients, IP allowlisting), coordinate with Skill-Age operations — this page reflects the codebase as-implemented rather than contractual SLAs.

Request partner API access →

Canonical reference: Laravel route file api/routes/api.php in the API repository — treat it as the source of truth when this page and production diverge.

Loading…

chat

← Back to home