API Examples (Evidence-Labeled)
All examples on this page must have a source label:
- REAL-SANITIZED: derived from real source code/controller, sanitized.
- MOCK: format illustration, no runtime evidence yet.
RuntimeStatus
- The backend runtime has not been hit directly in this documentation session.
- So all examples currently have Partial status.
- The list of items that must be runtime verified is in Verification Matrix (
VM-002,VM-003,VM-004).
1) Auth
Login (API V1)
Source label: REAL-SANITIZED (code-derived)
Evidence: app/Http/Resources/API/V1/Auth/LoginResource.php
POST /api/v1/user/login
Content-Type: application/json
{
"credential": "head.admin",
"password": "***"
}
{
"access_token": "<sanitized-token>",
"role": "head_admin"
}
Logout (API V1)
Source label: REAL-SANITIZED (code-derived)
Evidence: app/Http/Controllers/API/V1/Auth/LoginController.php, SuccessResponseTrait.php
POST /api/v1/user/logout
Authorization: Bearer <token>
{
"data": {}
}
2) SPB
Get SPB Number
Source label: REAL-SANITIZED (code-derived)
Evidence: app/Http/Controllers/API/V1/SPB/PM/SPBController.php@getSPBNo
GET /api/v1/project/spb
Authorization: Bearer <token>
{
"no_spb": "<sanitized-spb-no>"
}
Create SPB (duplicate number case)
Source label: REAL-SANITIZED (code-derived)
Evidence: SPBController.php@create
POST /api/v1/project/spb/SPB-XXXX
Authorization: Bearer <token>
Content-Type: application/json
{
"delivery_date": "2026-03-15",
"items": [
{ "name": "Besi Beton 12mm", "quantity": 500, "unit": "batang", "notes": "urgent" }
]
}
{
"message": "Sudah ada SPB dengan nomor ini"
}
Update SPB when the status has been approved
Source label: REAL-SANITIZED (code-derived)
Evidence: SPBController.php@update
{
"error": {
"code": 403,
"title": "Perubahan Tidak Diizinkan",
"message": "SPB sudah disetujui, tidak dapat diubah.",
"errors": []
}
}
3) PO Payment Receipt
Calculate total PO nominal
Source label: REAL-SANITIZED (code-derived)
Evidence: app/Http/Controllers/API/V1/PO/POPaymentReceiptController.php@calculate
GET /api/v1/po-payment-receipt/calculate?pos[]=101&pos[]=102
{
"total_nominal_po": 38850000
}
Note: the final param query name in the client requires runtime verification (
VM-004).
4) Admin Payment Price Change
Create change price request
Source label: REAL-SANITIZED (code-derived)
Evidence: app/Http/Controllers/Admin/Payments/PriceChangeController.php@store
POST /admin/pembayaran/{po}/ubah-harga
Cookie: <session>
Content-Type: application/x-www-form-urlencoded
requested_nominal=15000000&reason=Koreksi+tagihan
{
"message": "Permintaan perubahan harga berhasil dikirim."
}
Update change price request
Source label: REAL-SANITIZED (code-derived)
Evidence: ControllerPriceChange.php@update
{
"message": "Perubahan nominal yang diajukan berhasil diperbarui."
}
5) MOCK example (no runtime proof yet)
Membership Register
Source label: MOCK (structure only)
Reason: route exists, but the final response format is not yet explicitly visible in the controller in this review.
POST /membership/register
Content-Type: application/json
{
"name": "Budi Santoso",
"phone": "6281234567890",
"password": "***",
"password_confirmation": "***"
}
{
"data": {
"user_id": 77
}
}
Verification Notes
- Status: Partial
- Scope: There is real API evidence from source code (sanitized), but there is no runtime request/response capture from staging/production.
- Action: Take 5 runtime samples (Auth, SPB, PO, Payment, Membership) then update the label from
PartialtoVerifiedper endpoint.