Backend API Routes - ariana2395/Python-Group-Project GitHub Wiki

API Documentation

USER AUTHENTICATION/AUTHORIZATION

All endpoints that require authentication All endpoints that require a current user to be logged in.

Request: endpoints that require authentication Error Response: Require authentication

Status Code: 401

Headers:

Content-Type: application/json

Body:

{

"message": "Authentication required"

} All endpoints that require proper authorization All endpoints that require authentication and the current user does not have the correct role(s) or permission(s).

Request: endpoints that require proper authorization Error Response: Require proper authorization

Status Code: 403

Headers:

Content-Type: application/json

Body:

{

"message": "Forbidden"

}

Get the Current User

Returns the information about the current user that is logged in.

Require Authentication: false

Request

Method: GET Route path: api/session Body: none

Successful Response when there is a logged in user

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"user": {

"id": 1,

"firstName": "John",

"lastName": "Smith",

"email": "[email protected]",

"username": "JohnSmith"

}

}

Successful Response when there is no logged in user

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"user": null

}

Log In a User

Logs in a current user with valid credentials and returns the current user's information.

Require Authentication: false

Request

Method: POST

Route path: /api/session

Headers:

Content-Type: application/json

Body:

{

"credential": "[email protected]",

"password": "secret password"

}

Successful Response

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"user": {

"id": 1,

"firstName": "John",

"lastName": "Smith",

"email": "[email protected]",

"username": "JohnSmith"

}

}

Error Response: Invalid credentials

Status Code: 401

Headers:

Content-Type: application/json

Body:

{

"message": "Invalid credentials"

}

Error response: Body validation errors

Status Code: 400

Headers:

Content-Type: application/json

Body:

{

"message": "Bad Request", // (or "Validation error" if generated by Sequelize),

"errors": {

"credential": "Email or username is required",

"password": "Password is required"

}

}

Sign Up a User

Creates a new user, logs them in as the current user, and returns the current user's information.

Require Authentication: false

Request

Method: POST

Route path: /api/users

Headers:

Content-Type: application/json

Body:

{

"firstName": "John",

"lastName": "Smith",

"email": "[email protected]",

"username": "JohnSmith",

"password": "secret password"

}

Successful Response

Status Code: 201

Headers:

Content-Type: application/json

Body:

{

"user": {

"id": 1,

"firstName": "John",

"lastName": "Smith",

"email": "[email protected]",

"username": "JohnSmith"

}

}

Error response: User already exists with the specified email or username

Status Code: 500

Headers:

Content-Type: application/json

Body:

{

"message": "User already exists",

"errors": {

"email": "User with that email already exists",

"username": "User with that username already exists"

}

}

Error response: Body validation errors

Status Code: 400

Headers:

Content-Type: application/json

Body:

{

"message": "Bad Request", // (or "Validation error" if generated by Sequelize),

"errors": {

"email": "Invalid email",

"username": "Username is required",

"firstName": "First Name is required",

"lastName": "Last Name is required"

}

}

Businesses

Get all Businesses

Returns all the businesses.

Require Authentication: false

Request

Method: GET Route path: /api/businesses Body: none

Successful Response

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"Businesses": [

{

  "id": 1,

  "ownerId": 1,

  "address": "123 Disney Lane",

  "city": "Los Angeles",

  "state": "California",

  "country": "United States of America",

  "zipCode": “90210”,

  "category": “Cafe”,

  "name": "Coder Cafe",

  "description": "Best coffee in town",

  "priceRange": $$,

  "createdAt": "2025-06-19 20:39:36",

  "updatedAt": "2025-06-19 20:39:36",

  "avgRating": 4.5,

  "previewImage": "image url"

}

]

}

Get all Businesses owned by the Current User

Returns all the businesses owned (created) by the current user.

Require Authentication: true

Request

Method: GET Route path: /api/businesses/current Body: none

Successful Response

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"Businesses": [

{

  "id": 1,

  "ownerId": 1,

  "address": “123 Disney Lane",

  "city": "Los Angeles",

  "state": "California",

  "country": "United States of America",

  "zipCode": “90210”,

  "category": “Cafe”,

  "name": "Coder Cafe",

  "description": "Best coffee in town",

  "priceRange": $$,

  "createdAt": "2025-06-19 20:39:36",

  "updatedAt": "2025-06-19 20:39:36",

  "avgRating": 4.5,

  "previewImage": "image url"

}

]

}

Get details of a Business from an id

Returns the details of a business specified by its id.

Require Authentication: false

Request

Method: GET Route path: /api/businesses/:businessId Body: none

Successful Response

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"id": 1,

"ownerId": 1,

"address": "123 Disney Lane",

"city": "Los Angeles",

"state": "California",

"country": "United States of America",

"zipCode": “90210”,

"category": “Cafe”,

"name": "Coder Cafe",

"description": "Best coffee in town",

"priceRange": $$,

"createdAt": "2025-06-19 20:39:36",

"updatedAt": "2025-06-19 20:39:36" ,

"numReviews": 5,

"avgStarRating": 4.5,

"BusinessImages": [

{

  "id": 1,

  "url": "image url",

  "preview": true

},

{

  "id": 2,

  "url": "image url",

  "preview": false

}

],

"Owner": {

"id": 1,

"firstName": "John",

"lastName": "Smith"

}

}

Error response: Couldn't find a Business with the specified id

Status Code: 404

Headers:

Content-Type: application/json

Body:

{

"message": "Business couldn't be found"

}

Create a Business

Creates and returns a new business.

Require Authentication: true

Request

Method: POST

Route path: /api/businesses

Headers:

Content-Type: application/json

Body:

{

"address": "123 Disney Lane",

"city": "Los Angeles",

"state": "California",

"country": "United States of America",

"zipCode": “90210”,

"category": “Cafe”,

"name": "Coder Cafe",

"description": "Best coffee in town",

"priceRange": “$$”

}

Successful Response

Status Code: 201

Headers:

Content-Type: application/json

Body:

{

"id": 1,

"ownerId": 1,

"address": "123 Disney Lane",

"city": "Los Angeles",

"state": "California",

"country": "United States of America",

"zipCode": “90210”,

"category": “Cafe”,

"name": "Coder Cafe",

"description": "Best Coffee in town",

"priceRange": “$$”,

"createdAt": "2025-06-19 20:39:36",

"updatedAt": "2025-06-19 20:39:36"

}

Error Response: Body validation errors

Status Code: 400

Headers:

Content-Type: application/json

Body:

{

"message": "Bad Request", // (or "Validation error" if generated by Sequelize),

"errors": {

"address": "Street address is required",

"city": "City is required",

"state": "State is required",

"country": "Country is required",

"zipCode": "Zip code is required",

"category": "Category is required",

"name": "Name must be less than 50 characters",

"description": "Description is required",

"priceRange": "Price range is required"

}

}

Add an Image to a Business based on the Business's id

Create and return a new image for a business specified by id.

Require Authentication: true

Require proper authorization: Business must belong to the current user

Request

Method: POST

Route path: /api/businesses/:businessId/images

Headers:

Content-Type: application/json

Body:

{

"url": "image url",

"preview": true

}

Successful Response

Status Code: 201

Headers:

Content-Type: application/json

Body:

{

"id": 1,

"url": "image url",

"preview": true

}

Error response: Couldn't find a Business with the specified id

Status Code: 404

Headers:

Content-Type: application/json

Body:

{

"message": "Business couldn't be found"

}

Edit a Business

Updates and returns an existing business.

Require Authentication: true

Require proper authorization: Business must belong to the current user

Request

Method: PUT

Route path: /api/businesses/:businessId

Headers:

Content-Type: application/json

Body:

{

"address": "123 Disney Lane",

"city": "Los Angeles",

"state": "California",

"country": "United States of America",

"zipCode": 90210,

"category": "Cafe",

"name": "Coder Cafe",

"description": "Best coffee in town",

"priceRange": "$$"

}

Successful Response

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"id": 1,

"ownerId": 1,

"address": "123 Disney Lane",

"city": "Los Angeles",

"state": "California",

"country": "United States of America",

"zipCode": 90210,

"category": "Cafe",

"name": "Coder Cafe",

"description": "Best coffee in town",

"priceRange": "$$",

"createdAt": "2025-06-19 20:39:36",

"updatedAt": "2025-06-20 10:06:40"

}

Error Response: Body validation errors

Status Code: 400

Headers:

Content-Type: application/json

Body:

{

"message": "Bad Request", // (or "Validation error" if generated by Sequelize),

"errors": {

"address": "Street address is required",

"city": "City is required",

"state": "State is required",

"country": "Country is required",

"zipCode": "zipCode is required",

"category": "Category is required",

"name": "Name must be less than 50 characters",

"description": "Description is required",

"priceRange": "Price range is required"

}

}

Error response: Couldn't find a Business with the specified id

Status Code: 404

Headers:

Content-Type: application/json

Body:

{

"message": "Business couldn't be found"

}

Delete a Business

Deletes an existing business.

Require Authentication: true

Require proper authorization: Business must belong to the current user

Request

Method: DELETE Route path: /api/businesses/:businessId Body: none

Successful Response

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"message": "Successfully deleted"

}

Error response: Couldn't find a Business with the specified id

Status Code: 404

Headers:

Content-Type: application/json

Body:

{

"message": "Business couldn't be found"

}

REVIEWS

Get all Reviews of the Current User

Returns all the reviews written by the current user.

Require Authentication: true

Request

Method: GET Route path: /api/user/:userId/reviews Body: none

Successful Response

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"Reviews": [

{

  "id": 1,

  "userId": 1,

  "businessId": 1,

  "review": "Loved the ice coffee!",

  "stars": 5,

  "createdAt": "2025-06-19 20:39:36",

  "updatedAt": "2025-06-19 20:39:36" ,

  "User": {

    "id": 1,

    "firstName": "John",

    "lastName": "Smith"

  },

  "Business": {

    "id": 1,

    "ownerId": 1,

    "address": "123 Disney Lane",

    "city": "Los Angeles",

    "state": "California",

    "country": "United States of America",

    "zipCode": 90210,

    "category": "Cafe",

    "name": "Coder Cafe",

    "priceRange": "$$",

    "previewImage": "image url"

  },

  "ReviewImages": [

    {

      "id": 1,

      "url": "image url"

    }

  ]

}

]

}

Get all Reviews by a Business's id

Returns all the reviews that belong to a business specified by id.

Require Authentication: false

Request

Method: GET Route path: /api/businesses/:businessId/reviews Body: none

Successful Response

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"Reviews": [

{

  "id": 1,

  "userId": 1,

  "businessId": 1,

  "review": "Loved the iced coffee!",

  "stars": 5,

  "createdAt": "2025-06-19 20:39:36",

  "updatedAt": "2025-06-19 20:39:36" ,

  "User": {

    "id": 1,

    "firstName": "John",

    "lastName": "Smith"

  },

  "ReviewImages": [

    {

      "id": 1,

      "url": "image url"

    }

  ],

}

]

}

Error response: Couldn't find a Business with the specified id

Status Code: 404

Headers:

Content-Type: application/json

Body:

{

"message": "Business couldn't be found"

}

Create a Review for a Business based on the Business's id

Create and return a new review for a business specified by id.

Require Authentication: true

Request

Method: POST

Route path: /api/businesses/:businessId/reviews

Headers:

Content-Type: application/json

Body:

{

"review": "Loved the iced coffee!",

"stars": 5,

}

Successful Response

Status Code: 201

Headers:

Content-Type: application/json

Body:

{

"id": 1,

"userId": 1,

"businessId": 1,

"review": "Loved the iced coffee!",

"stars": 5,

"createdAt": "2025-06-19 20:39:36",

"updatedAt": "2025-06-19 20:39:36"

}

Error Response: Body validation errors

Status Code: 400

Headers:

Content-Type: application/json

Body:

{

"message": "Bad Request", // (or "Validation error" if generated by Sequelize),

"errors": {

"review": "Review text is required",

"stars": "Stars must be an integer from 1 to 5",

}

}

Error response: Couldn't find a Business with the specified id

Status Code: 404

Headers:

Content-Type: application/json

Body:

{

"message": "Business couldn't be found"

}

Error response: Review from the current user already exists for the Business

Status Code: 500

Headers:

Content-Type: application/json

Body:

{

"message": "User already has a review for this business"

}

Add an Image to a Review based on the Review's id

Create and return a new image for a review specified by id.

Require Authentication: true

Require proper authorization: Review must belong to the current user

Request

Method: POST

Route path: /api/reviews/:reviewId/images

Headers:

Content-Type: application/json

Body:

{

"url": "image url"

}

Successful Response

Status Code: 201

Headers:

Content-Type: application/json

Body:

{

"id": 1,

"url": "image url"

}

Error response: Couldn't find a Review with the specified id

Status Code: 404

Headers:

Content-Type: application/json

Body:

{

"message": "Review couldn't be found"

}

Error response: Cannot add any more images because there is a maximum of 10 images per resource

Status Code: 403

Headers:

Content-Type: application/json

Body:

{

"message": "Maximum number of images for this resource was reached"

}

Edit a Review

Update and return an existing review.

Require Authentication: true

Require proper authorization: Review must belong to the current user

Request

Method: PUT

Route path: /api/reviews/:reviewId

Headers:

Content-Type: application/json

Body:

{

"review": "Fantastic iced coffee!",

"stars": 5,

}

Successful Response

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"id": 1,

"userId": 1,

"businessId": 1,

"review": "Loved the iced coffee!",

"stars": 5,

"createdAt": "2025-06-19 20:39:36",

"updatedAt": "2025-06-20 10:06:40"

}

Error Response: Body validation errors

Status Code: 400

Headers:

Content-Type: application/json

Body:

{

"message": "Bad Request", // (or "Validation error" if generated by Sequelize),

"errors": {

"review": "Review text is required",

"stars": "Stars must be an integer from 1 to 5",

}

}

Error response: Couldn't find a Review with the specified id

Status Code: 404

Headers:

Content-Type: application/json

Body:

{

"message": "Review couldn't be found"

}

Delete a Review

Delete an existing review.

Require Authentication: true

Require proper authorization: Review must belong to the current user

Request

Method: DELETE Route path: /api/reviews/:reviewId Body: none

Successful Response

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"message": "Successfully deleted"

}

Error response: Couldn't find a Review with the specified id

Status Code: 404

Headers:

Content-Type: application/json

Body:

{

"message": "Review couldn't be found"

}

IMAGES

Delete a Business Image

Delete an existing image for a Business.

Require Authentication: true

Require proper authorization: Business must belong to the current user

Request

Method: DELETE Route path: /api/business-images/:imageId Body: none

Successful Response

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"message": "Successfully deleted"

}

Error response: Couldn't find a Business Image with the specified id

Status Code: 404

Headers:

Content-Type: application/json

Body:

{

"message": "Business Image couldn't be found"

}

Delete a Review Image

Delete an existing image for a Review.

Require Authentication: true

Require proper authorization: Review must belong to the current user

Request

Method: DELETE Route path: /api/review-images/:imageId Body: none

Successful Response

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"message": "Successfully deleted"

}

Error response: Couldn't find a Review Image with the specified id

Status Code: 404

Headers:

Content-Type: application/json

Body:

{

"message": "Review Image couldn't be found"

} Add Query Filters to Get All Businesses Return businesses filtered by query parameters.

Require Authentication: false

Request

Method: GET Route path: /api/businesses Query Parameters page: integer, minimum: 1, default: 1 size: integer, minimum: 1, maximum: 20, default: 20 category: string, optional minRating: decimal, optional city: string, optional priceRange: string, optional Body: none

Successful Response

Status Code: 200

Headers:

Content-Type: application/json

Body:

{

"Businesses": [

{

  "id": 1,

  "ownerId": 1,

  "address": "123 Disney Lane",

  "city": "Los Angeles",

  "state": "California",

  "country": "United States of America",

  "zipCode": 90210,

  "category": "Cafe",

  "name": "Coder Cafe",

  "description": "Best coffee in town",

  "priceRange": "$$",

  "createdAt": "2025-06-19 20:39:36",

  "updatedAt": "2025-06-19 20:39:36",

  "avgRating": 4.5,

  "previewImage": "image url"

}

],

"page": 2,

"size": 20

}

Error Response: Query parameter validation errors

Status Code: 400

Headers:

Content-Type: application/json

Body:

{

"message": "Bad Request", // (or "Validation error" if generated by Sequelize),

"errors": {

"page": "Page must be greater than or equal to 1",

"size": "Size must be between 1 and 20",

"category": "Category is invalid",

"minRAting": "Minimum rating is invalid",

"priceRange": "Price range is invalid",

"city": "City is invalid"

}

}