# Task 09: API Authentication

## Files
- `app/Http/Controllers/Api/AuthController.php`
- All API Resources
- `routes/api.php`

## Steps
1. `php artisan install:api`
2. `AuthController`: `register()`, `login()`, `logout()`, `me()`
3. Resources: strict whitelisting — no `file_path`, no raw stock numbers in user resources
4. Routes: public (register/login) + `auth:sanctum` (everything else)