Authentication

All API calls require an X-User-Id header with the authenticated user's ID.

Call POST /api/auth/login with username and password
Receive user profile with id, role, warehouse_id
Use the returned id as the X-User-Id header in all subsequent requests

curl -X POST https://boxme-levelling.pages.dev/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"username": "admin", "password": "admin"}'

Response

{
  "success": true,
  "user": {
    "id": 1,
    "username": "admin",
    "role": "bod",
    "warehouse_id": null,
    "full_name": "System Admin",
    "warehouse_name": null
  },
  "token": "demo_token_1_bod"
}

Using the Auth Header

After login, include X-User-Id in all API requests:

curl https://boxme-levelling.pages.dev/api/employees?page=1&limit=10 \
  -H "X-User-Id: 1"

Demo Mode

In demo mode, any password is accepted for seeded accounts. Use the Demo Accounts page for available test credentials.

Error Responses

Status	Description
`401`	Invalid credentials or missing `X-User-Id` header
`403`	Insufficient permissions for the requested resource

Login Flow​

Login Request​

Response​

Using the Auth Header​

Error Responses​

Login Flow

Login Request

Response

Using the Auth Header

Error Responses