API Docs

This page describes all the data types and the endpoints that the backend uses

Data Types

All data types are represented by JSON Objects. All of the endpoints require the Content-Type header to be application/json.

User

The id field is not required when creating a new user. However, it is returned by the server on a show user or a show all call. It is also required by the update call. Password is not a field stored in the database. However, setting that field updates related fields in the database. Secret Answer field basically behaves the same as password. Avatar URL is not directly set in the signup.

{"id":Integer, "email": String, "password": String, "fullName": String, "bio": String, "userType": Integer, "dietType": Integer, "secretQuestion": String, "secretAnswer": String, "avatarUrl": String, "isBanned": Boolean}

User Type Values

• 0 : Regular(default)
• 1 : Admin
• 2 : Food Server

Diet Type Values

• 0 : Omnivore(default)
• 1 : Egg+Diary vegetarian
• 2 : No mushroom or red meat
• 3 : Began
• 4 : Paleo

Access Token

Only returned by the login call. No need to post that.

{"accessToken": String, "userId": Integer, "creationTime": String, "lastAccessTime": String}

For the endpoints that require Authentication, you need to set the Authorization header to "Bearer $token" to authenticate.

Login Credentials

Only posted to the login call.

{"email": String, "password": String}

Endpoints

All endpoints start with /api/. POST calls that take an input require their input to be in the request body.

Signup

POST /api/user

Takes: User

Returns: The created User object, with the id set.

Update User

POST /api/user/update

Takes: User

Returns: The updated User

This call requires all the fields of the user be present in the request body. Returns a not authorized response if the token given is not valid. Doesn't modify the user object if the given token is for a different user.

List All Users

GET /api/user

Returns: A list of Users

Show one user

GET /api/user/:id

Returns: A user Object, if one with the given id exists. If not, a 404 response is returned.

Gets one user

POST /api/user/byEmail

Takes: A single JSON String, the email address Returns: A user object, just like getting one by id

Ban user

POST /api/user/ban/:id

Requires authorization. Checks if the logged in user is an admin, if it is, bans the user with the given id.

Takes and Returns: Nothing

Login

POST /api/session/login

Takes: Login Credentials Returns: Access Token if the attempt is successful. A Not Authorized (403, I think) response if it is unsuccessful.

Logout

POST /api/session/logout

Returns an empty response if the given access token is valid, and then deletes it. Returns a not authorized response if the given token is invalid.

##Show current user GET /api/session/currentUser

Returns the User object referenced by the current Access Token if it is valid. Can be used at startup to check if the token is valid.