API reference - RKOrderSoft/server GitHub Wiki

API endpoint is ${server ip}/api/ All responses are of type application/json and contain:

• ordersoft_version: ordersoft server version

Authentication

test

POST

• Body params
  • test: true
• Response codes & params:
  • 200: accepted client
  • 400: not an accepted client, or malformed request
    • reason: reason for 400 code

login

POST

• Body params
  • username: username to log in with
  • password: password to log in with
• Response codes & params:
  • 200: login success
    • sessionId: new session ID to be sent back with each authenticated request (expires after 24 hours by default)
    • accessLevel: the access level of the user authenticated
  • 401: login failure (unauthenticated)
    • reason: reason for login failure (incorrect, etc.)
  • 400: malformed request or unaccepted client
    • reason: missing field or client error

Users

getCurrentUser

POST

Get the current user's user ID from session ID.

• Response codes / params
  • 200
    • userId: current user's userId
  • 401: unauthenticated

registerUser

POST

Register a new user given details - requires acclvl 20

• Body params
  • user: user obj containing required fields (see data dictionary)
• Response codes / params
  • 200: OK
  • 401: unauthenticated
  • 403: unauthorized - accessLevel too low
  • 400: malformed request
    • reason: reason for rejection

userDetails

POST

Get details of a user (ID, name, access level, etc)

• Body params
  • userId: id of user to find
• Reponse codes / params:
  • 200: OK
    • user: contains user info (see data dict) without password
  • 401: unauthenticated
  • 403: unauthorized - accessLevel too low
  • 400: malformed request
    • reason: reason for rejection

allUsers

POST

Gets a list of all users from database. Required accessLevel 20 (head chef or higher)

• Response codes and params
  • 200: OK
    • allUsers: array containing all user objects (excl. passwords)
  • 401: unauthenticated
  • 403: unauthorized - accessLevel too low

editUser

POST

Edits the user. Request user is similar to a user object, but instead of password, oldPassword and newPassword should be used. accessLevel must be >= 20

• Body params
  • user: user object (with changes listed above) (userId must be provided)
• Response codes and params
  • 200: OK (changes were made)
  • 401: unauthenticated - no sessionId sent, session expired or invalid
  • 403: unauthorized - accessLevel too low
    • reason: current user's access level and required access level
  • 404: not found - user ID likely does not exist
    • reason: reason for not found

removeUser

POST

Removes user - requires access level 20

• Body params
  • userId: userId to be removed
• Response codes and params
  • 200: OK (changes were made)
  • 401: unauthenticated - no sessionId sent, session expired or invalid
  • 403: unauthorized - accessLevel too low
    • reason: current user's access level and required access level
  • 404: not found - user ID likely does not exist
    • reason: reason for not found

Orders

getOrder

POST

• Body params
  • orderId: order ID (optional)
  • tableNumber: table number of order (optional (either this or orderId must be provided)) (will return the unpaid order with corresponding tableNumber)
• Response codes and params:
  • 401: unauthenticated - no sessionId sent, session expired or invalid
  • 403: unauthorized - accessLevel too low
    • reason: current user's access level and required access level
  • 404: not found - order ID likely does not exist
    • reason: reason for not found
  • 400: malformed request
    • reason: missing fields, reason
  • 200: OK
    • order: order object (see data/initDb.sql)

getOrderIds

POST

Retrieve all orders matching set criteria

• Body params
  • isComplete: boolean indicating whether to find complete orders or not
  • isPaid: boolean indicating whether or not to find paid orders (if this is true, isComplete must be true)
  • paidAfter: date (see data dict, modified ISO8601) the order was paid after - only checked if isPaid is true
  • paidBefore: date (as above) the order was paid before - isPaid must be true
• Response codes and params:
  • 200: OK
    • results: array of orderIds matching criteria
  • 401: no sessionId sent, session expired or invalid
  • 403: unauthorized - accessLevel too low
    • reason: current user's access level and required access level
  • 400: malformed request
    • reason: missing fields, additional fields, reason

setOrder

POST

• Body params
  • order: order object with changes (see data/initDb.sql) (only changed fields are required; others need not be re-sent)
    • if an orderId is present, the record will be updated; otherwise a new record will be created
• Response codes and params:
  • 200: OK
    • orderId: order ID of changed or new order
  • 401: no sessionId sent, session expired or invalid
  • 403: unauthorized - accessLevel too low
    • reason: current user's access level and required access level
  • 404: not found - order ID likely does not exist
    • reason: reason for not found
  • 400: malformed request
    • reason: missing fields, additional fields, reason

openOrders

POST

Returns a list of orderIds whose orders are not complete

• Response codes and params:
  • 200: OK
    • openOrders: array of orderId (string) where orders are not yet complete
  • 401: no sessionId sent, session expired or invalid
  • 403: unauthorized - accessLevel too low
    • reason: current user's access level and required access level

unpaidOrders

POST

Returns a list of orderIds where orders are complete, but not paid

• Response codes and params:
  • 200: OK
    • unpaidOrders: array of orderId (string) where orders are not yet paid
  • 401: no sessionId sent, session expired or invalid
  • 403: unauthorized - accessLevel too low
    • reason: current user's access level and required access level

Dishes

getdishes

POST

Returns a list of dishes, with optional filter criteria May be slow if used with little criteria and a large database

• Request params
  • dishId (optional): ID of dish to retrieve
  • category (optional): category of dishes to retrieve
  • minPrice (optional): minimum price (float)
  • maxPrice (optional): maximum price (float)
• Response codes and params
  • 200: OK
    • results: array of dish objects matching criteria (see data dictionary)
  • 401: no sessionId sent, session expired or invalid
  • 403: unauthorized - accessLevel too low
    • reason: current user's access level and required access level
  • 400: malformed request
    • reason: missing fields, additional fields, reason

setdish

POST

Add or update information for a specific dish. Similar to setorder - only changed fields need to be sent, and a new order will be created if there is no dishId sent. required accesslevel 20

• Request params
  • dish - dish object (see data/initDb.sql)
• Response codes and params
  • 200: OK
  • 401: no sessionId sent, session expired or invalid
  • 403: unauthorized - accessLevel too low
    • reason: current user's access level and required access level
  • 404: not found - usually dishId not found
    • reason: reason for not found
  • 400: malformed request
    • reason: missing fields, additional fields, reason

removeDish

POST

Removes a dish given dishId. required access level 20

• Request params
  • dishId - id to be removed
• Response codes + params
  • 200: OK, dish was removed
  • 401: no sessionId sent, session expired or invalid
  • 403: unauthorized - accessLevel too low
    • reason: current user's access level and required access level
  • 404: not found - usually dishId not found
    • reason: reason for not found
  • 400: malformed request
    • reason: no dishId was sent

getCategories

POST

• Response codes + params
  • 200: OK
    • categories: array of category names (string)
  • 401: no sessionId sent, session expired or invalid
  • 403: unauthorized - accessLevel too low
    • reason: current user's access level and required access level