http://localhost:5000/api
Authentication uses JWT tokens. Include the token in the Authorization header:
Authorization: Bearer <access_token>
- POST
/auth/register - Body:
{ "name": "string", "email": "string", "password": "string" } - Response: User object with accessToken and refreshToken
- POST
/auth/login - Body:
{ "email": "string", "password": "string" } - Response: User object with accessToken and refreshToken
- POST
/auth/refresh - Body:
{ "refreshToken": "string" } - Response: New accessToken
- GET
/auth/me - Auth: Required
- Response: Current user object
- GET
/products - Query Parameters:
category(optional): Filter by categorypage(optional): Page number (default: 1)limit(optional): Items per page (default: 20)
- Response: Array of product objects
- GET
/products/:id - Response: Product object with reviews
- POST
/products - Auth: Required (Admin only)
- Body:
{ "name": "string", "description": "string", "price": "number", "stock": "number", "category": "string", "images": ["string"] } - Response: Created product object
- PUT
/products/:id - Auth: Required (Admin only)
- Body: Partial product object
- Response: Updated product object
- DELETE
/products/:id - Auth: Required (Admin only)
- Response: Success message
- GET
/cart - Auth: Required
- Response: Cart object with items
- POST
/cart/items - Auth: Required
- Body:
{ "productId": "string", "quantity": "number" } - Response: Updated cart
- PUT
/cart/items/:itemId - Auth: Required
- Body:
{ "quantity": "number" } - Response: Updated cart
- DELETE
/cart/items/:itemId - Auth: Required
- Response: Updated cart
- DELETE
/cart - Auth: Required
- Response: Success message
- POST
/orders - Auth: Required
- Body:
{ "items": [ { "productId": "string", "quantity": "number" } ], "address": { "street": "string", "city": "string", "state": "string", "zipCode": "string", "country": "string" } } - Response: Created order object
- GET
/orders - Auth: Required
- Response: Array of user orders
- GET
/orders/:id - Auth: Required
- Response: Order object with items
- PUT
/orders/:id/status - Auth: Required (Admin only)
- Body:
{ "status": "PENDING|PROCESSING|SHIPPED|DELIVERED|CANCELLED" } - Response: Updated order object
- GET
/products/:productId/reviews - Response: Array of review objects
- POST
/products/:productId/reviews - Auth: Required
- Body:
{ "rating": "number (1-5)", "comment": "string" } - Response: Created review object
- PUT
/reviews/:id - Auth: Required
- Body:
{ "rating": "number", "comment": "string" } - Response: Updated review object
- DELETE
/reviews/:id - Auth: Required
- Response: Success message
All errors follow this format:
{
"success": false,
"error": "Error message"
}200- Success201- Created400- Bad Request401- Unauthorized403- Forbidden404- Not Found500- Internal Server Error
Paginated responses include:
{
"items": [],
"total": 100,
"page": 1,
"pageSize": 20
}- Auth endpoints: 5 requests per minute
- Other endpoints: 100 requests per minute
- Event:
charge.succeeded - Event:
charge.failed - Endpoint:
/api/webhooks/stripe
For more information, check the main README.md