This API provides endpoints to manage users in the system. Users can be created using the create endpoint, and existing users can log in using the login endpoint.
Authentication is required for all endpoints. The API uses JSON Web Tokens (JWT) for authentication. To authenticate, include the JWT token in the Authorization header of the request.
Use Bearer Token In Authorization Header
The base URL for all API endpoints is https://cyan-unusual-moose.cyclic.app/api.
- URL:
/user/create - Method: POST
- email (string, required): The email of the user.
- password (string, required): The password of the user.
- role (string, required): The role of the user. Possible values: 'super-admin'.
- schoolID (string, required for 'admin' role): The ID of the school associated with the user. Not required if the role is 'super-admin'.
- Status: 201 Created
- Body: The newly created user object.
- Error Responses:
- 400 Bad Request: If the request body is missing required fields or contains invalid data.
- 401 Unauthorized: If authentication is required but missing or invalid.
- 403 Forbidden: If the user does not have permission to create a user.
POST /api/user/create
{
"email": "[email protected]",
"password": "password123",
"role": "admin",
"schoolID": "1234567890"
}- URL:
/user/login - Method: POST
- email (string, required): The email of the user.
- password (string, required): The password of the user.
- Status: 201 Created
- Body: The newly created user object.
- Error Responses:
- 400 Bad Request: If the request body is missing required fields or contains invalid data.
POST /api/user/login
{
"email": "[email protected]",
"password": "password123",
}- URL:
/student/create - Method: POST
- Authentication Required: Yes
id (string, required): The ID of the student to update.
- name (string, required): The name of the student.
- age (number, required): The age of the student.
- classroomID (string, required): The ID of the classroom the student belongs to.
- Status: 201 Created
- Body: The newly created student object.
- Error Responses:
- 400 Bad Request: If the request body is missing required fields or contains invalid data.
- 401 Unauthorized: If authentication is required but missing or invalid.
- 403 Forbidden: If the user does not have permission to create a student.
- 404 Not Found: If the specified classroom does not exist.
POST /api/student/create
{
"name": "John Doe",
"age": 15,
"classroomID": "1234567890"
}- URL:
/student/update/:id - Method: PUT
- Authentication Required: Yes
- name (string, optional): The name of the student.
- age (number, optional): The age of the student.
- classroomID (string, optional): The ID of the classroom the student belongs to.
- Status: 200 OK
- Body: The updated student object.
- Error Responses:
- 400 Bad Request: If the request body is missing required fields or contains invalid data.
- 401 Unauthorized: If authentication is required but missing or invalid.
- 403 Forbidden: If the user does not have permission to update the student.
- 404 Not Found: If the specified student does not exist.
PUT /api/student/update/609be8f5c3f6826c398a304f
{
"age": 16
}
- URL:
/student/delete/:id - Method: DELETE
- Authentication Required: Yes
id (string, required): The ID of the student to delete.
- Status: 200 OK
- Body: The updated student object.
- Error Responses:
- 400 Bad Request: If the request body is missing required fields or contains invalid data.
- 401 Unauthorized: If authentication is required but missing or invalid.
- 403 Forbidden: If the user does not have permission to update the student.
- 404 Not Found: If the specified student does not exist.
DELETE /api/student/update/609be8f5c3f6826c398a304f
- URL:
/student/getByID/:id - Method: GET
- Authentication Required: Yes
- id (string, required): The ID of the student to retrieve.
- Status: 200 OK
- Body: The student object.
- 401 Unauthorized: If authentication is required but missing or invalid.
- 403 Forbidden: If the user does not have permission to retrieve the student.
- 404 Not Found: If the specified student does not exist.
This endpoint retrieves all students, optionally filtered by classroom ID.
- URL:
/student/getAll - Method: GET
- Authentication Required: Yes
- classroomID (string, optional): The ID of the classroom to filter students. If not provided, returns all students.
- Status: 200 OK
- Body: An array of student objects.
- 401 Unauthorized: If authentication is required but missing or invalid.
- 403 Forbidden: If the user does not have permission to retrieve students.
To perform any CRUD operation on a classroom, the user must have one of the following roles:
- Super Admin: Full access to all classrooms.
- Admin: Access limited to classrooms in the same school.
- URL:
/classroom/getAll - Method: GET
- Authentication Required: Yes
- Status: 200 OK
- Body: An array of classroom objects.
- 401 Unauthorized: If authentication is required but missing or invalid.
- 403 Forbidden: If the user does not have permission to retrieve classrooms.
- URL:
/classroom/getByID/:id - Method: GET
- Authentication Required: Yes
- id (string, required): The ID of the classroom to retrieve.
- Status: 200 OK
- Body: The classroom object.
- 401 Unauthorized: If authentication is required but missing or invalid.
- 403 Forbidden: If the user does not have permission to retrieve the classroom.
- 404 Not Found: If the specified classroom does not exist.
- URL:
/classroom/create - Method: POST
- Authentication Required: Yes
- name (string, required): The name of the classroom.
- schoolID (string, required): The ID of the school the classroom belongs to.
POST /api/classroom/create
{
"name": "Test Classroom",
"schoolID": "65f5d3f59a5ae2a9745f513f"
}- URL:
/classroom/update/:id - Method: PUT
- Authentication Required: Yes
id (string, required): The ID of the classroom to update.
- name (string, required): The name of the classroom.
POST /api/classroom/update/65f5e591356cbd0fc267c56c
{
"name": "Test Classroom 1",
}- URL:
/classrooms/delete/:id - Method: DELETE
- Authentication Required: Yes
id (string, required): The ID of the classroom to delete.
To perform any CRUD operation on a school, the user must have one of the following roles:
- Super Admin: Full access to all schools.
- URL:
/school/getAll - Method: GET
- Authentication Required: Yes
- Status: 200 OK
- Body: An array of classroom objects.
- 401 Unauthorized: If authentication is required but missing or invalid.
- 403 Forbidden: If the user does not have permission to retrieve schools.
- URL:
/school/getByID/:id - Method: GET
- Authentication Required: Yes
- id (string, required): The ID of the school to retrieve.
- Status: 200 OK
- Body: The school object.
- 401 Unauthorized: If authentication is required but missing or invalid.
- 403 Forbidden: If the user does not have permission to retrieve the school.
- 404 Not Found: If the specified School does not exist.
- URL:
/school/create - Method: POST
- Authentication Required: Yes
- name (string, required): The name of the school.
- address (string, required): The address of the school.
POST /api/school/create
{
"name": "Test School",
}- URL:
/school/update/:id - Method: PUT
- Authentication Required: Yes
id (string, required): The ID of the school to update.
- name (string, required): The name of the school.
- address (string, required): The address of the school.
POST /api/school/update/65f5d3f59a5ae2a9745f513f
{
"name": "Test School",
}- URL:
/school/delete/:id - Method: DELETE
- Authentication Required: Yes
id (string, required): The ID of the school to delete.