Api Documentation

I’ll provide you with a Postman API documentation for all the routes we’ve created in our Express.js authentication and permission system. This documentation will include the URL, HTTP method, required headers (including the token), and JSON payloads where applicable.

Here’s the Postman API documentation for your Express.js authentication and permission system:

1. User Registration
2. URL: http://localhost:3000/api/auth/register
3. Method: POST
4. Body (raw JSON):

{
  "username": "newuser",
  "email": "newuser@example.com",
  "password": "password123"
}

2. User Login
3. URL: http://localhost:3000/api/auth/login
4. Method: POST
5. Body (raw JSON):

{
  "username": "newuser",
  "password": "password123"
}

Get All Users

URL:
http://localhost:3000/api/admin/users

Method:
GET

Headers:
x-access-token: <your_jwt_token>

Get User by ID

URL:
http://localhost:3000/api/admin/users/:id

Method:
GET

Headers:
x-access-token: <your_jwt_token>

Update User

URL:
http://localhost:3000/api/admin/users/:id

Method:
PUT

Headers:
x-access-token: <your_jwt_token>

Body (raw JSON):

{
  "username": "updatedUsername",
  "email": "updatedEmail@example.com",
  "isActive": true,
  "isSuperuser": false
}

Delete User

URL:
http://localhost:3000/api/admin/users/:id

Method:
DELETE

Headers:
x-access-token: <your_jwt_token>

Bulk Assign Permissions to User

URL:
http://localhost:3000/api/admin/users/:userId/permissions/bulk-assign

Method:
POST

Headers:
x-access-token: <your_jwt_token>

Body (raw JSON):

{
  "permissionIds": [1, 2, 3]
}

Bulk Remove Permissions from User

URL:
http://localhost:3000/api/admin/users/:userId/permissions/bulk-remove

Method:
POST

Headers:
x-access-token: <your_jwt_token>

Body (raw JSON):

{
  "permissionIds": [1, 2, 3]
}

3. Create Group
4. URL: http://localhost:3000/api/admin/groups
5. Method: POST
6. Headers:
7. x-access-token: <your_jwt_token>
8. Body (raw JSON):

{
  "name": "Administrators"
}

4. Get All Groups
5. URL: http://localhost:3000/api/admin/groups
6. Method: GET
7. Headers:
8. x-access-token: <your_jwt_token>
9. Get Single Group
10. URL: http://localhost:3000/api/admin/groups/:id
11. Method: GET
12. Headers:
13. x-access-token: <your_jwt_token>
14. Update Group
15. URL: http://localhost:3000/api/admin/groups/:id
16. Method: PUT
17. Headers:
18. x-access-token: <your_jwt_token>
19. Body (raw JSON):

{
  "name": "Super Administrators"
}

7. Delete Group
8. URL: http://localhost:3000/api/admin/groups/:id
9. Method: DELETE
10. Headers:
11. x-access-token: <your_jwt_token>
12. Create Permission
13. URL: http://localhost:3000/api/admin/permissions
14. Method: POST
15. Headers:
16. x-access-token: <your_jwt_token>
17. Body (raw JSON):

{
  "name": "Can view users",
  "codename": "view_users"
}

9. Get All Permissions
10. URL: http://localhost:3000/api/admin/permissions
11. Method: GET
12. Headers:
13. x-access-token: <your_jwt_token>
14. Get Single Permission
15. URL: http://localhost:3000/api/admin/permissions/:id
16. Method: GET
17. Headers:
18. x-access-token: <your_jwt_token>
19. Update Permission
20. URL: http://localhost:3000/api/admin/permissions/:id
21. Method: PUT
22. Headers:
23. x-access-token: <your_jwt_token>
24. Body (raw JSON):

{
  "name": "Can edit users",
  "codename": "edit_users"
}

12. Delete Permission
13. URL: http://localhost:3000/api/admin/permissions/:id
14. Method: DELETE
15. Headers:
16. x-access-token: <your_jwt_token>
17. Assign Group to User
18. URL: http://localhost:3000/api/admin/users/:userId/groups
19. Method: POST
20. Headers:
21. x-access-token: <your_jwt_token>
22. Body (raw JSON):

{
  "groupId": 1
}

14. Remove Group from User
15. URL: http://localhost:3000/api/admin/users/:userId/groups/:groupId
16. Method: DELETE
17. Headers:
18. x-access-token: <your_jwt_token>
19. Assign Permission to Group
20. URL: http://localhost:3000/api/admin/groups/:groupId/permissions
21. Method: POST
22. Headers:
23. x-access-token: <your_jwt_token>
24. Body (raw JSON):

{
  "permissionId": 1
}

16. Remove Permission from Group
17. URL: http://localhost:3000/api/admin/groups/:groupId/permissions/:permissionId
18. Method: DELETE
19. Headers:
20. x-access-token: <your_jwt_token>
21. Assign Permission to User
22. URL: http://localhost:3000/api/admin/users/:userId/permissions
23. Method: POST
24. Headers:
25. x-access-token: <your_jwt_token>
26. Body (raw JSON):

{
  "permissionId": 1
}

18. Remove Permission from User
19. URL: http://localhost:3000/api/admin/users/:userId/permissions/:permissionId
20. Method: DELETE
21. Headers:
22. x-access-token: <your_jwt_token>
23. Public Route Example
24. URL: http://localhost:3000/api/example/public
25. Method: GET
26. Protected Route Example
27. URL: http://localhost:3000/api/example/protected
28. Method: GET
29. Headers:
30. x-access-token: <your_jwt_token>
31. Admin Route Example
32. URL: http://localhost:3000/api/example/admin
33. Method: GET
34. Headers:
35. x-access-token: <your_jwt_token>

To use these routes in Postman:

1. Create a new request for each route.
2. Set the HTTP method and URL as specified.
3. For routes requiring authentication, add the x-access-token header with the JWT token you received from the login route.
4. For POST and PUT requests, set the body to “raw” and select JSON format, then input the provided JSON payload.
5. Send the request and check the response.

Remember to replace :id, :userId, :groupId, and :permissionId with actual IDs when testing these routes. Also, make sure your server is running and the database is properly set up before testing these endpoints.