π Login Endpoint
β οΈ Token Policy
Each time a user logs in, all previous Bearer tokens are automatically invalidated. Only the most recent login remains active. This ensures that a cashier cannot stay logged in on multiple devices simultaneously.
The Login API authenticates cashiers or managers
and returns a Bearer token for subsequent authorized API requests.
βΉοΈ Description
- Authenticates a cashier or manager using
usernameandpassword. - Returns an access token to be used in the
Authorizationheader for future requests. - Includes timing metrics (fetch, process, total) in milliseconds.
- Rate limited (15 requests per minute per IP) to prevent brute-force attempts.
Endpoint
POST https://proapi.gapi.lol/api/cashier/loginRate Limit
15 requests per minute per IPRequest Body
Send the following fields as JSON in the request body:
{
"username": "cash100",
"password": "g1231231"
}Successful Response
{
"success": true,
"token": "86|9ILiHNup4rEJYdRb5MU0GX05HYNkCNY6ATg1sKPie052b194",
"user": {
"id": 5347,
"name": "Cashier 100",
"username": "cash100",
"balance": -20772,
"bonus": 2000,
"currency": "EUR",
"score": 111000,
"timezone": "UTC"
},
"timing": {
"fetch_ms": "37.07",
"process_ms": "26.08",
"total_ms": "65.91"
}
}Error Responses
401 Unauthorized β Wrong username or password:
{
"success": false,
"message": "Invalid credentials"
}403 Forbidden β Account suspended or disabled:
{
"success": false,
"message": "Account suspended"
}429 Too Many Requests β Rate limit exceeded:
{
"success": false,
"message": "Too many attempts. Try again later."
}Example Request (cURL)
curl -X POST "https://proapi.gapi.lol/api/cashier/login" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{
"username": "cash100",
"password": "g1231231"
}'Use the returned token in subsequent requests:
Authorization: Bearer <your_token>