diff --git a/16. `docs/api.md b/16. `docs/api.md
index af01cd4..1359335 100644
--- a/16. `docs/api.md	
+++ b/16. `docs/api.md	
@@ -1,5 +1,16 @@
 # API Documentation
 
+## Authentication
+
+### POST /api/login
+- **Description**: Authenticate a user and generate a token.
+- **Request Body**: JSON object with `email` and `password`.
+- **Response**: JSON object with the generated token.
+
+### POST /api/logout
+- **Description**: Logout the user and revoke the token.
+- **Response**: JSON object with a success message.
+
 ## Frontend API
 
 ### GET /api/frontend
diff --git a/app/Http/Controllers/Api/AuthController.php b/app/Http/Controllers/Api/AuthController.php
new file mode 100644
index 0000000..3233972
--- /dev/null
+++ b/app/Http/Controllers/Api/AuthController.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
+class AuthController extends Controller
+{
+    public function login(Request $request)
+    {
+        $credentials = $request->only('email', 'password');
+
+        if (Auth::attempt($credentials)) {
+            $user = Auth::user();
+            $token = $user->createToken('authToken')->plainTextToken;
+
+            return response()->json(['token' => $token], 200);
+        }
+
+        return response()->json(['error' => 'Unauthorized'], 401);
+    }
+
+    public function logout(Request $request)
+    {
+        $request->user()->tokens()->delete();
+
+        return response()->json(['message' => 'Logged out'], 200);
+    }
+}
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
new file mode 100644
index 0000000..e69de29