http://localhost:8080
Interactive API docs are available at:
http://localhost:8080/swagger/index.html
To regenerate swagger docs after modifying annotations:
make swaggerMost /api/v1/ endpoints require a JWT token in the Authorization header:
Authorization: Bearer <token>
- Register or Login to get an access token and refresh token
- Use the access token in the
Authorizationheader for protected endpoints - When the access token expires, call
/auth/refreshwith the refresh token - Refresh tokens are single-use and stored in the database
| Token | Lifetime | Storage |
|---|---|---|
| Access Token | 15 minutes | Client (localStorage/cookie) |
| Refresh Token | 7 days | Database (opaque, hashed) |
{
"success": true,
"data": { ... }
}{
"success": false,
"error": {
"code": "ERROR_CODE",
"message": "Human readable message"
}
}GET /health
Response:
{"status": "ok"}GET /ready
Response:
{"status": "ready"}POST /api/v1/auth/register
Request:
{
"email": "user@example.com",
"password": "securepassword",
"name": "John Doe"
}Response (201):
{
"success": true,
"data": {
"access_token": "eyJ...",
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4",
"expires_in": 900,
"token_type": "Bearer"
}
}POST /api/v1/auth/login
Request:
{
"email": "user@example.com",
"password": "securepassword"
}Response (200):
{
"success": true,
"data": {
"access_token": "eyJ...",
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4",
"expires_in": 900,
"token_type": "Bearer"
}
}POST /api/v1/auth/refresh
Request:
{
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4"
}Response (200):
{
"success": true,
"data": {
"access_token": "eyJ...",
"refresh_token": "bmV3IHJlZnJlc2ggdG9rZW4",
"expires_in": 900,
"token_type": "Bearer"
}
}POST /api/v1/auth/logout
Request:
{
"refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4"
}Response (200):
{
"success": true,
"data": {
"message": "logged out successfully"
}
}GET /api/v1/auth/sessions/me
Requires Authorization: Bearer <token>.
Response (200):
{
"success": true,
"data": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"email": "user@example.com",
"name": "John Doe",
"is_active": true
}
}POST /api/v1/auth/sessions/logout-all
Requires Authorization: Bearer <token>.
Revokes all refresh tokens for the authenticated user.
Response (200):
{
"success": true,
"data": {
"message": "all sessions terminated"
}
}All todo endpoints require Authorization: Bearer <token>.
POST /api/v1/todos
Request:
{
"title": "Buy groceries",
"description": "Milk, eggs, bread"
}Response (201):
{
"success": true,
"data": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "Buy groceries",
"description": "Milk, eggs, bread",
"completed": false,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}
}GET /api/v1/todos?page=1&per_page=20
Response (200):
{
"success": true,
"data": {
"todos": [...],
"total": 100,
"page": 1,
"limit": 20
}
}GET /api/v1/todos/{id}
Response (200):
{
"success": true,
"data": {
"id": "...",
"title": "...",
"description": "...",
"completed": false,
"created_at": "...",
"updated_at": "..."
}
}PUT /api/v1/todos/{id}
Request:
{
"title": "Updated title",
"description": "Updated description"
}DELETE /api/v1/todos/{id}
Response (200):
{"success": true}PATCH /api/v1/todos/{id}/complete
GET /api/v1/todos/search?q=groceries&page=1&per_page=20
All authorization endpoints require Authorization: Bearer <token>.
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/v1/auth/roles | Create a role |
| GET | /api/v1/auth/roles | List roles |
| GET | /api/v1/auth/roles/{id} | Get a role |
| PUT | /api/v1/auth/roles/{id} | Update a role |
| DELETE | /api/v1/auth/roles/{id} | Delete a role |
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/v1/auth/permissions | Create a permission |
| GET | /api/v1/auth/permissions | List permissions |
| GET | /api/v1/auth/permissions/{id} | Get a permission |
| PUT | /api/v1/auth/permissions/{id} | Update a permission |
| DELETE | /api/v1/auth/permissions/{id} | Delete a permission |
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/v1/auth/users/{userId}/roles | Assign role to user |
| DELETE | /api/v1/auth/users/{userId}/roles/{roleId} | Remove role from user |
| GET | /api/v1/auth/users/{userId}/roles | Get user roles |
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/v1/auth/roles/{roleId}/permissions | Assign permission to role |
| DELETE | /api/v1/auth/roles/{roleId}/permissions/{permissionId} | Remove permission from role |
| GET | /api/v1/auth/roles/{roleId}/permissions | Get role permissions |
POST /api/v1/auth/check-permission
Request:
{
"resource": "todos",
"action": "create"
}Response (200):
{
"success": true,
"data": {
"allowed": true
}
}