{ "info": { "name": "ImpAcc User Profile API", "description": "Authenticate against the ImpAcc user database and read user profile via Laravel Sanctum bearer tokens.\n\n**Setup:**\n1. Open the collection's *Variables* tab and set `citizen_id` and `password` to a real account.\n2. Run **Auth → Login** — the test script saves the returned token into the `token` variable automatically.\n3. The remaining requests use `{{token}}` in their Authorization header.", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "variable": [ { "key": "baseUrl", "value": "https://usr.impacc.work/api", "type": "string" }, { "key": "citizen_id", "value": "1234567890123", "type": "string" }, { "key": "password", "value": "user-secret", "type": "string" }, { "key": "device_name","value": "postman", "type": "string" }, { "key": "mToken", "value": "", "type": "string" }, { "key": "token", "value": "", "type": "string" } ], "item": [ { "name": "Auth", "item": [ { "name": "Login", "request": { "method": "POST", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{baseUrl}}/login", "host": ["{{baseUrl}}"], "path": ["login"] }, "body": { "mode": "raw", "raw": "{\n \"citizen_id\": \"{{citizen_id}}\",\n \"password\": \"{{password}}\",\n \"device_name\": \"{{device_name}}\"\n}" } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('200 OK', () => pm.response.to.have.status(200));", "const body = pm.response.json();", "pm.test('has token', () => pm.expect(body.token).to.be.a('string'));", "if (body.token) {", " pm.collectionVariables.set('token', body.token);", " console.log('Saved token:', body.token.substring(0, 12) + '...');", "}" ] } } ] }, { "name": "SSO exchange", "request": { "method": "POST", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{baseUrl}}/sso/exchange", "host": ["{{baseUrl}}"], "path": ["sso", "exchange"] }, "body": { "mode": "raw", "raw": "{\n \"mToken\": \"{{mToken}}\",\n \"device_name\": \"{{device_name}}\"\n}" } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('200 OK', () => pm.response.to.have.status(200));", "const body = pm.response.json();", "pm.test('has token', () => pm.expect(body.token).to.be.a('string'));", "if (body.token) pm.collectionVariables.set('token', body.token);" ] } } ] }, { "name": "Logout", "request": { "method": "POST", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{token}}" } ], "url": { "raw": "{{baseUrl}}/logout", "host": ["{{baseUrl}}"], "path": ["logout"] } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('200 OK', () => pm.response.to.have.status(200));", "pm.collectionVariables.set('token', '');" ] } } ] } ] }, { "name": "Profile", "item": [ { "name": "Get my profile", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{token}}" } ], "url": { "raw": "{{baseUrl}}/profile", "host": ["{{baseUrl}}"], "path": ["profile"] } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('200 OK', () => pm.response.to.have.status(200));", "const body = pm.response.json();", "pm.test('has user.citizen_id', () => pm.expect(body.user.citizen_id).to.be.a('string'));", "pm.test('has permissions block', () => pm.expect(body.user.permissions.applications).to.be.an('array'));" ] } } ] }, { "name": "Get my permissions", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer {{token}}" } ], "url": { "raw": "{{baseUrl}}/permissions", "host": ["{{baseUrl}}"], "path": ["permissions"] } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('200 OK', () => pm.response.to.have.status(200));", "const body = pm.response.json();", "pm.test('has group_ids', () => pm.expect(body.permissions.group_ids).to.be.an('array'));", "pm.test('has applications', () => pm.expect(body.permissions.applications).to.be.an('array'));" ] } } ] } ] } ] }