Send a POST request to base_URL/api/signup where the request body looks like this:
{
"first": "John",
"last": "Doe",
"username": "johndoe46",
"email": "john@doe.com",
"password": "password",
"confirmpassword": "password"
}If the user already exists in the database (i.e. the username or e-mail already exists), the server will respond with status 400 and the following message:
{
"msg": "User Already Exists"
}The server will also respond with status 400 and corresponding message for the following error cases:
- E-mail not provided
- E-mail field was not a valid e-mail address
- First name not provided
- Last name not provided
- Username not provided
- Password not long enough
- "password" and "confirmpassword" properties do not match
Send a GET request to base_URL/api/login where the request header looks like this:
{
"Authorization": "Basic dXNlckQvbmUuY29tOnChc3N3b3Jk"
}The part of the authorization string following "Basic " is created by encoding the user's login credentials in base64. For example, to obtain the authorization string for a user with the following credentials:
- email: test@test.com
- password: password
one would perform base64 encoding on the following string: "test@test.com:password", followed by concatenating to the word "Basic" with a space in the middle.
If the login credentials match those of a user in the database, the server will respond with status 200 and the following JSON object:
{
"msg": "Logged in successfully!",
"token": login_token
}where the login_token is a unique string generated by the server for the user. The token can then be used to access all routes that require a logged in user.
The server responds with status 401 and the following messages if the user does not exist or if the user does exist but the password does not match:
{
"msg": "User Does Not Exist"
}
{
"msg": "Incorrect Password"
}All item routes are protected. A user must be logged in and attach their authorization token to the request header like this:
{
"token": authorization_token
}Send a POST request to base_URL/api/items where the request body looks like this (don't forget to assign the authorization token to the request header as shown above):
{
"description": "The Item Description",
"size": "small",
"color": "blue",
"imageUrl": "http://www.image.com/image.jpg"
}If successful, the server will respond with status 200 and the following:
{
"__v": 0,
"userId": "571fb27d04ca4f4e1b93a51a",
"description": "User One's Fourth Item",
"_id": "5721017d52d7ba40074c16a3"
}This is a protected route. Without a correct token, the server will respond with status 401 and the following message:
{
"msg": "Unable to decode token"
}Send a GET request to base_URL/api/items. Don't forget to assign the authorization token to the request header as shown above.
The server will respond with an array of JSON objects (or an empty array if the user has zero items). For example:
[
{
"_id": "571fb933c8b23e7a1fa6992f",
"userId": "571fb27d04ca4f4e1b93a51a",
"description": "User One's First Item",
"__v": 0
},
{
"_id": "571fb93bc8b23e7a1fa69930",
"userId": "571fb27d04ca4f4e1b93a51a",
"description": "User One's Second Item",
"__v": 0
},
{
"_id": "571fb93fc8b23e7a1fa69931",
"userId": "571fb27d04ca4f4e1b93a51a",
"description": "User One's Third Item",
"__v": 0
}
]Send a PUT request to base_URL/api/items/:id where the request body looks like this (don't forget to assign the authorization token to the request header as shown above):
{
"description": "The Updated Description",
"size": "updated size",
"color": "updated color",
"imageUrl": "http://www.image.com/update.jpg"
}If successful, the server will respond with status 200 and a simple success message. However, if the current logged in user is not the one who created the item, then the item is not updated and a status 401 message is returned:
{
msg: 'You are not authorized to update this item'
}Send a DELETE request to base_URL/api/items/:id. Don't forget to assign the authorization token to the request header as shown above.
If successful, the server will respond with status 200 and a simple success message. However, if the current logged in user is not the one who created the item, then the item is not updated and a status 401 message is returned:
{
msg: 'You are not authorized to delete this item'
}All connection routes are protected. A user must be logged in and attach their authorization token to the request header like this:
{
"token": authorization_token
}Send a POST request to base_URL/api/connections. Don't forget to assign the authorization token to the request header as shown above.
{
"userId": "571fb29204ca4f4e1b93a51b"
}Send a GET request to base_URL/api/pending. Don't forget to assign the authorization token to the request header as shown above.
Server responds with an array of Connection objects with an added property "username" indicating the username of the user who sent the invitation request.
[
{
"_id": "57278323e017a2de0430bc87",
"user2": "571fb29204ca4f4e1b93a51b",
"user1": "571fb27d04ca4f4e1b93a51a",
"__v": 0,
"accepted": false,
"username": "requester"
}
]Send a GET request to base_URL/api/connections. Don't forget to assign the authorization token to the request header as shown above.
Server responds with an array of Connection objects with the added property "username" indicating the username of the user who sent the invitation request.
[
{
"_id": "57278323e017a2de0430bc87",
"user2": "571fb29204ca4f4e1b93a51b",
"user1": "571fb27d04ca4f4e1b93a51a",
"__v": 0,
"accepted": true,
"username": "requester"
}
]Send a PUT request to base_URL/api/connections/:id where :id is the database id of the user that you want to accept a connection request from. Don't forget to assign the authorization token to the request header as shown above.
The server will respond with status 200 with the following message:
{
msg: 'Accepted connection'
}Send a DELETE request to base_URL/api/connections/:id where :id is the database id of the user that you want to disconnect from. Don't forget to assign the authorization token to the request header as shown above.
The server will respond with status 200 with the following message:
{
msg: 'Deleted connection'
}