API Documentation
Overview
Base URL: https://algomax-backend.vercel.app/api/v1
Global Headers
Content-Type: application/json Authorization: Bearer <token> (for protected routes)
Standard Response Format
{
"status": "success|fail",
"message": "string",
"data": {} | []
}
Database Schema
Please view the schema here.
Authentication
Register User
POST /api/v1/auth/register
Request Body:
{
"firebaseUid": "string (required)",
"name": "string (required)",
"email": "string (required)",
"role": "string (required)"
}
Success Response (201):
{
"status": "success",
"message": "User created successfully.",
"data": {
"user": {
// user details
},
"token": "JWT_TOKEN"
}
}
Error Responses:
// 400 Bad Request
{
"status": "fail",
"message": "All fields are required."
}
// 400 Bad Request
{
"status": "fail",
"message": "User already exists."
}
Login User
POST /api/v1/auth/login
Request Body:
{
"firebaseUid": "string (required)"
}
Success Response (200):
{
"status": "success",
"message": "Login successful.",
"data": {
"user": {
// user details
},
"token": "JWT_TOKEN"
}
}
Error Response (404):
{
"status": "fail",
"message": "User not found."
}
User Verification
Check User Authentication
GET /api/v1/checkUser
Success Response (200):
{
"status": "success",
"message": "User is authenticated",
"data": {
"firebaseUid": "string",
"role": "string",
"email": "string"
}
}
User Endpoints
Get All Events
GET /api/v1/user/events
Returns an array of all available events.
Get Event by ID
GET /api/v1/user/events/:id
Returns details for a specific event.
Book Event
POST /api/v1/user/book
Request Body:
{
"organizer_id": "string",
"event_id": "string",
"number_of_tickets": "number",
"amount": "number"
}
Get My Tickets
GET /api/v1/user/my-tickets
Returns all tickets for the authenticated user.
Get Single Ticket Details
GET /api/v1/user/my-tickets/:id
Returns details for a specific ticket.
Organizer Endpoints
Create Event
POST /api/v1/organizer/events
Request Body:
{
"title": "string",
"description": "string",
"location": "string",
"date": "string",
"time": "string",
"category": "string",
"ticket_price": "number",
"total_tickets": "number",
"image": "string (optional)"
}
Get Organizer's Events
GET /api/v1/organizer/events
Returns all events created by the authenticated organizer.
Get Single Event
GET /api/v1/organizer/event
Query Parameter: eventId=string
Update Event
PUT /api/v1/organizer/events
Request Body:
{
"eventId": "string",
"title": "string (optional)",
"description": "string (optional)",
"location": "string (optional)",
"date": "string (optional)",
"time": "string (optional)",
"category": "string (optional)",
"ticket_price": "number (optional)",
"total_tickets": "number (optional)",
"image": "string (optional)"
}
Payment Integration
Create Payment Order
POST /api/v1/user/create-order/:id
Provider: Cashfree Payment Gateway
Verify Payment Order
POST /api/v1/user/verify-order
Request Body:
{
"orderId": "string"
}
Security
Authentication Middleware
- JWT-based authentication
- Token format:
Bearer <token> - Token validation on protected routes
Role-Based Access Control
- Organizer role verification
- Protected routes for specific roles
- Role-specific endpoints
Rate Limiting
- Window: 15 minutes
- Max Requests: 100 per window
Additional Security Measures
- Helmet.js for security headers
- CORS protection
- Input validation
- Error handling
Error Codes
| Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 403 | Forbidden |
| 404 | Not Found |
| 500 | Internal Server Error |