Endpoints - 210419-Appian/Banking-API GitHub Wiki

Endpoints

The below endpoints generally follow a RESTful pattern. Where the URI describes the relevant resource and the HTTP Method describes the action to perform. Path variables (e.g. /:userId) are used to identify specific resources as part of the URI. These are placeholders, such as for a userId.

Security

Security is handled through session storage. If a user does not have permission to access a particular endpoint it will return the following:

Status Code: 401 UNAUTHORIZED Content:
```
{
  "message": "The requested action is not permitted"
}
```
Occurs if they do not have the appropriate permissions.

RPC Endpoints

These endpoints are not RESTful, but are included to more conveniently simulate user actions

Login

URL: /login
Method: POST

Request:

{
  "username": String,
  "password": String
}

Response:
```
User
```
Error Response:
- Status Code: 400 BAD REQUEST
```
{
  "message": "Invalid Credentials"
}
```

Logout

URL: /logout
Method: POST

Response:

{
  "message": "You have successfully logged out {username}"
}

Error Response:

Status Code: 400 BAD REQUEST

{
  "message": "There was no user logged into the session"
}

Register

URL: /register
Method: POST
Allowed Roles: Admin
Request: Note: All fields should be included and the userId should be zero
```
User
```
Response: Note: The userId should be updated
- Status Code: 201 CREATED
```
User
```
Error Response: Note: In case username or email is already used
- Status Code: 400 BAD REQUEST
```
{
  "message": "Invalid fields"
}
```

Withdraw

URL: /accounts/withdraw
Method: POST
Allowed Roles: Admin or if the account belongs to the current user

Request:

{
  "accountId": int,
  "amount": double
}

Response:

{
  "message": "${amount} has been withdrawn from Account #{accountId}"
}

Deposit

URL: /accounts/deposit
Method: POST
Allowed Roles: Admin or if the account belongs to the current user

Request:

{
  "accountId": int,
  "amount": double
}

Response:

{
  "message": "${amount} has been deposited to Account #{accountId}"
}

Transfer

URL: /accounts/transfer
Method: POST
Allowed Roles: Admin or if the source account belongs to the current user

Request:

{
  "sourceAccountId": int,
  "targetAccountId": int,
  "amount": double
}

Response:

{
  "message": "${amount} has been transferred from Account #{sourceAccountId} to Account #{targetAccountId}"
}

RESTful Endpoints

These endpoints are RESTful, and generally provide basic CRUD operations for Employees/Admins

Find Users

URL: /users
Method: GET
Allowed Roles: Employee or Admin
Response:
```
[
  User
]
```

Find Users By Id

URL: /users/:id
Method: GET
Allowed Roles: Employee or Admin or if the id provided matches the id of the current user
Response:
```
User
```

Update User

URL: /users
Method: PUT
Allowed Roles: Admin or if the id provided matches the id of the current user
Request: Note: All fields must be included
```
User
```
Response:
```
User
```

Find Accounts

URL: /accounts
Method: GET
Allowed Roles: Employee or Admin
Response:
```
[
  Account
]
```

Find Accounts By Id

URL: /accounts/:id
Method: GET
Allowed Roles: Employee or Admin or if the account belongs to the current user
Response:
```
Account
```

Find Accounts By Status

URL: /accounts/status/:statusId
Method: GET
Allowed Roles: Employee or Admin
Response:
```
[
  Account
]
```

Find Accounts By User

URL: /accounts/owner/:userId
Method: GET
Allowed Roles: Employee or Admin or if the id provided matches the id of the current user
Response:
```
[
  Account
]
```

Submit Account

URL: /accounts
Method: POST
Allowed Roles: Employee or Admin or if the account belongs to the current user
Request: The accountId should be 0
```
Account
```
Response:
- Status Code: 201 CREATED
```
Account
```

Update Account

URL: /accounts
Method: PUT
Allowed Roles: Admin
Request: Note: All fields must be included
```
Account
```
Response:
```
Account
```