Backend API Routes - ariana2395/Python-Group-Project GitHub Wiki
API Documentation
USER AUTHENTICATION/AUTHORIZATION
All endpoints that require authentication All endpoints that require a current user to be logged in.
Request: endpoints that require authentication Error Response: Require authentication
Status Code: 401
Headers:
Content-Type: application/json
Body:
{
"message": "Authentication required"
} All endpoints that require proper authorization All endpoints that require authentication and the current user does not have the correct role(s) or permission(s).
Request: endpoints that require proper authorization Error Response: Require proper authorization
Status Code: 403
Headers:
Content-Type: application/json
Body:
{
"message": "Forbidden"
}
Get the Current User
Returns the information about the current user that is logged in.
Require Authentication: false
Request
Method: GET Route path: api/session Body: none
Successful Response when there is a logged in user
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"user": {
"id": 1,
"firstName": "John",
"lastName": "Smith",
"email": "[email protected]",
"username": "JohnSmith"
}
}
Successful Response when there is no logged in user
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"user": null
}
Log In a User
Logs in a current user with valid credentials and returns the current user's information.
Require Authentication: false
Request
Method: POST
Route path: /api/session
Headers:
Content-Type: application/json
Body:
{
"credential": "[email protected]",
"password": "secret password"
}
Successful Response
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"user": {
"id": 1,
"firstName": "John",
"lastName": "Smith",
"email": "[email protected]",
"username": "JohnSmith"
}
}
Error Response: Invalid credentials
Status Code: 401
Headers:
Content-Type: application/json
Body:
{
"message": "Invalid credentials"
}
Error response: Body validation errors
Status Code: 400
Headers:
Content-Type: application/json
Body:
{
"message": "Bad Request", // (or "Validation error" if generated by Sequelize),
"errors": {
"credential": "Email or username is required",
"password": "Password is required"
}
}
Sign Up a User
Creates a new user, logs them in as the current user, and returns the current user's information.
Require Authentication: false
Request
Method: POST
Route path: /api/users
Headers:
Content-Type: application/json
Body:
{
"firstName": "John",
"lastName": "Smith",
"email": "[email protected]",
"username": "JohnSmith",
"password": "secret password"
}
Successful Response
Status Code: 201
Headers:
Content-Type: application/json
Body:
{
"user": {
"id": 1,
"firstName": "John",
"lastName": "Smith",
"email": "[email protected]",
"username": "JohnSmith"
}
}
Error response: User already exists with the specified email or username
Status Code: 500
Headers:
Content-Type: application/json
Body:
{
"message": "User already exists",
"errors": {
"email": "User with that email already exists",
"username": "User with that username already exists"
}
}
Error response: Body validation errors
Status Code: 400
Headers:
Content-Type: application/json
Body:
{
"message": "Bad Request", // (or "Validation error" if generated by Sequelize),
"errors": {
"email": "Invalid email",
"username": "Username is required",
"firstName": "First Name is required",
"lastName": "Last Name is required"
}
}
Businesses
Get all Businesses
Returns all the businesses.
Require Authentication: false
Request
Method: GET Route path: /api/businesses Body: none
Successful Response
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"Businesses": [
{
"id": 1,
"ownerId": 1,
"address": "123 Disney Lane",
"city": "Los Angeles",
"state": "California",
"country": "United States of America",
"zipCode": “90210”,
"category": “Cafe”,
"name": "Coder Cafe",
"description": "Best coffee in town",
"priceRange": $$,
"createdAt": "2025-06-19 20:39:36",
"updatedAt": "2025-06-19 20:39:36",
"avgRating": 4.5,
"previewImage": "image url"
}
]
}
Get all Businesses owned by the Current User
Returns all the businesses owned (created) by the current user.
Require Authentication: true
Request
Method: GET Route path: /api/businesses/current Body: none
Successful Response
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"Businesses": [
{
"id": 1,
"ownerId": 1,
"address": “123 Disney Lane",
"city": "Los Angeles",
"state": "California",
"country": "United States of America",
"zipCode": “90210”,
"category": “Cafe”,
"name": "Coder Cafe",
"description": "Best coffee in town",
"priceRange": $$,
"createdAt": "2025-06-19 20:39:36",
"updatedAt": "2025-06-19 20:39:36",
"avgRating": 4.5,
"previewImage": "image url"
}
]
}
Get details of a Business from an id
Returns the details of a business specified by its id.
Require Authentication: false
Request
Method: GET Route path: /api/businesses/:businessId Body: none
Successful Response
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"id": 1,
"ownerId": 1,
"address": "123 Disney Lane",
"city": "Los Angeles",
"state": "California",
"country": "United States of America",
"zipCode": “90210”,
"category": “Cafe”,
"name": "Coder Cafe",
"description": "Best coffee in town",
"priceRange": $$,
"createdAt": "2025-06-19 20:39:36",
"updatedAt": "2025-06-19 20:39:36" ,
"numReviews": 5,
"avgStarRating": 4.5,
"BusinessImages": [
{
"id": 1,
"url": "image url",
"preview": true
},
{
"id": 2,
"url": "image url",
"preview": false
}
],
"Owner": {
"id": 1,
"firstName": "John",
"lastName": "Smith"
}
}
Error response: Couldn't find a Business with the specified id
Status Code: 404
Headers:
Content-Type: application/json
Body:
{
"message": "Business couldn't be found"
}
Create a Business
Creates and returns a new business.
Require Authentication: true
Request
Method: POST
Route path: /api/businesses
Headers:
Content-Type: application/json
Body:
{
"address": "123 Disney Lane",
"city": "Los Angeles",
"state": "California",
"country": "United States of America",
"zipCode": “90210”,
"category": “Cafe”,
"name": "Coder Cafe",
"description": "Best coffee in town",
"priceRange": “$$”
}
Successful Response
Status Code: 201
Headers:
Content-Type: application/json
Body:
{
"id": 1,
"ownerId": 1,
"address": "123 Disney Lane",
"city": "Los Angeles",
"state": "California",
"country": "United States of America",
"zipCode": “90210”,
"category": “Cafe”,
"name": "Coder Cafe",
"description": "Best Coffee in town",
"priceRange": “$$”,
"createdAt": "2025-06-19 20:39:36",
"updatedAt": "2025-06-19 20:39:36"
}
Error Response: Body validation errors
Status Code: 400
Headers:
Content-Type: application/json
Body:
{
"message": "Bad Request", // (or "Validation error" if generated by Sequelize),
"errors": {
"address": "Street address is required",
"city": "City is required",
"state": "State is required",
"country": "Country is required",
"zipCode": "Zip code is required",
"category": "Category is required",
"name": "Name must be less than 50 characters",
"description": "Description is required",
"priceRange": "Price range is required"
}
}
Add an Image to a Business based on the Business's id
Create and return a new image for a business specified by id.
Require Authentication: true
Require proper authorization: Business must belong to the current user
Request
Method: POST
Route path: /api/businesses/:businessId/images
Headers:
Content-Type: application/json
Body:
{
"url": "image url",
"preview": true
}
Successful Response
Status Code: 201
Headers:
Content-Type: application/json
Body:
{
"id": 1,
"url": "image url",
"preview": true
}
Error response: Couldn't find a Business with the specified id
Status Code: 404
Headers:
Content-Type: application/json
Body:
{
"message": "Business couldn't be found"
}
Edit a Business
Updates and returns an existing business.
Require Authentication: true
Require proper authorization: Business must belong to the current user
Request
Method: PUT
Route path: /api/businesses/:businessId
Headers:
Content-Type: application/json
Body:
{
"address": "123 Disney Lane",
"city": "Los Angeles",
"state": "California",
"country": "United States of America",
"zipCode": 90210,
"category": "Cafe",
"name": "Coder Cafe",
"description": "Best coffee in town",
"priceRange": "$$"
}
Successful Response
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"id": 1,
"ownerId": 1,
"address": "123 Disney Lane",
"city": "Los Angeles",
"state": "California",
"country": "United States of America",
"zipCode": 90210,
"category": "Cafe",
"name": "Coder Cafe",
"description": "Best coffee in town",
"priceRange": "$$",
"createdAt": "2025-06-19 20:39:36",
"updatedAt": "2025-06-20 10:06:40"
}
Error Response: Body validation errors
Status Code: 400
Headers:
Content-Type: application/json
Body:
{
"message": "Bad Request", // (or "Validation error" if generated by Sequelize),
"errors": {
"address": "Street address is required",
"city": "City is required",
"state": "State is required",
"country": "Country is required",
"zipCode": "zipCode is required",
"category": "Category is required",
"name": "Name must be less than 50 characters",
"description": "Description is required",
"priceRange": "Price range is required"
}
}
Error response: Couldn't find a Business with the specified id
Status Code: 404
Headers:
Content-Type: application/json
Body:
{
"message": "Business couldn't be found"
}
Delete a Business
Deletes an existing business.
Require Authentication: true
Require proper authorization: Business must belong to the current user
Request
Method: DELETE Route path: /api/businesses/:businessId Body: none
Successful Response
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"message": "Successfully deleted"
}
Error response: Couldn't find a Business with the specified id
Status Code: 404
Headers:
Content-Type: application/json
Body:
{
"message": "Business couldn't be found"
}
REVIEWS
Get all Reviews of the Current User
Returns all the reviews written by the current user.
Require Authentication: true
Request
Method: GET Route path: /api/user/:userId/reviews Body: none
Successful Response
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"Reviews": [
{
"id": 1,
"userId": 1,
"businessId": 1,
"review": "Loved the ice coffee!",
"stars": 5,
"createdAt": "2025-06-19 20:39:36",
"updatedAt": "2025-06-19 20:39:36" ,
"User": {
"id": 1,
"firstName": "John",
"lastName": "Smith"
},
"Business": {
"id": 1,
"ownerId": 1,
"address": "123 Disney Lane",
"city": "Los Angeles",
"state": "California",
"country": "United States of America",
"zipCode": 90210,
"category": "Cafe",
"name": "Coder Cafe",
"priceRange": "$$",
"previewImage": "image url"
},
"ReviewImages": [
{
"id": 1,
"url": "image url"
}
]
}
]
}
Get all Reviews by a Business's id
Returns all the reviews that belong to a business specified by id.
Require Authentication: false
Request
Method: GET Route path: /api/businesses/:businessId/reviews Body: none
Successful Response
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"Reviews": [
{
"id": 1,
"userId": 1,
"businessId": 1,
"review": "Loved the iced coffee!",
"stars": 5,
"createdAt": "2025-06-19 20:39:36",
"updatedAt": "2025-06-19 20:39:36" ,
"User": {
"id": 1,
"firstName": "John",
"lastName": "Smith"
},
"ReviewImages": [
{
"id": 1,
"url": "image url"
}
],
}
]
}
Error response: Couldn't find a Business with the specified id
Status Code: 404
Headers:
Content-Type: application/json
Body:
{
"message": "Business couldn't be found"
}
Create a Review for a Business based on the Business's id
Create and return a new review for a business specified by id.
Require Authentication: true
Request
Method: POST
Route path: /api/businesses/:businessId/reviews
Headers:
Content-Type: application/json
Body:
{
"review": "Loved the iced coffee!",
"stars": 5,
}
Successful Response
Status Code: 201
Headers:
Content-Type: application/json
Body:
{
"id": 1,
"userId": 1,
"businessId": 1,
"review": "Loved the iced coffee!",
"stars": 5,
"createdAt": "2025-06-19 20:39:36",
"updatedAt": "2025-06-19 20:39:36"
}
Error Response: Body validation errors
Status Code: 400
Headers:
Content-Type: application/json
Body:
{
"message": "Bad Request", // (or "Validation error" if generated by Sequelize),
"errors": {
"review": "Review text is required",
"stars": "Stars must be an integer from 1 to 5",
}
}
Error response: Couldn't find a Business with the specified id
Status Code: 404
Headers:
Content-Type: application/json
Body:
{
"message": "Business couldn't be found"
}
Error response: Review from the current user already exists for the Business
Status Code: 500
Headers:
Content-Type: application/json
Body:
{
"message": "User already has a review for this business"
}
Add an Image to a Review based on the Review's id
Create and return a new image for a review specified by id.
Require Authentication: true
Require proper authorization: Review must belong to the current user
Request
Method: POST
Route path: /api/reviews/:reviewId/images
Headers:
Content-Type: application/json
Body:
{
"url": "image url"
}
Successful Response
Status Code: 201
Headers:
Content-Type: application/json
Body:
{
"id": 1,
"url": "image url"
}
Error response: Couldn't find a Review with the specified id
Status Code: 404
Headers:
Content-Type: application/json
Body:
{
"message": "Review couldn't be found"
}
Error response: Cannot add any more images because there is a maximum of 10 images per resource
Status Code: 403
Headers:
Content-Type: application/json
Body:
{
"message": "Maximum number of images for this resource was reached"
}
Edit a Review
Update and return an existing review.
Require Authentication: true
Require proper authorization: Review must belong to the current user
Request
Method: PUT
Route path: /api/reviews/:reviewId
Headers:
Content-Type: application/json
Body:
{
"review": "Fantastic iced coffee!",
"stars": 5,
}
Successful Response
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"id": 1,
"userId": 1,
"businessId": 1,
"review": "Loved the iced coffee!",
"stars": 5,
"createdAt": "2025-06-19 20:39:36",
"updatedAt": "2025-06-20 10:06:40"
}
Error Response: Body validation errors
Status Code: 400
Headers:
Content-Type: application/json
Body:
{
"message": "Bad Request", // (or "Validation error" if generated by Sequelize),
"errors": {
"review": "Review text is required",
"stars": "Stars must be an integer from 1 to 5",
}
}
Error response: Couldn't find a Review with the specified id
Status Code: 404
Headers:
Content-Type: application/json
Body:
{
"message": "Review couldn't be found"
}
Delete a Review
Delete an existing review.
Require Authentication: true
Require proper authorization: Review must belong to the current user
Request
Method: DELETE Route path: /api/reviews/:reviewId Body: none
Successful Response
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"message": "Successfully deleted"
}
Error response: Couldn't find a Review with the specified id
Status Code: 404
Headers:
Content-Type: application/json
Body:
{
"message": "Review couldn't be found"
}
IMAGES
Delete a Business Image
Delete an existing image for a Business.
Require Authentication: true
Require proper authorization: Business must belong to the current user
Request
Method: DELETE Route path: /api/business-images/:imageId Body: none
Successful Response
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"message": "Successfully deleted"
}
Error response: Couldn't find a Business Image with the specified id
Status Code: 404
Headers:
Content-Type: application/json
Body:
{
"message": "Business Image couldn't be found"
}
Delete a Review Image
Delete an existing image for a Review.
Require Authentication: true
Require proper authorization: Review must belong to the current user
Request
Method: DELETE Route path: /api/review-images/:imageId Body: none
Successful Response
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"message": "Successfully deleted"
}
Error response: Couldn't find a Review Image with the specified id
Status Code: 404
Headers:
Content-Type: application/json
Body:
{
"message": "Review Image couldn't be found"
} Add Query Filters to Get All Businesses Return businesses filtered by query parameters.
Require Authentication: false
Request
Method: GET Route path: /api/businesses Query Parameters page: integer, minimum: 1, default: 1 size: integer, minimum: 1, maximum: 20, default: 20 category: string, optional minRating: decimal, optional city: string, optional priceRange: string, optional Body: none
Successful Response
Status Code: 200
Headers:
Content-Type: application/json
Body:
{
"Businesses": [
{
"id": 1,
"ownerId": 1,
"address": "123 Disney Lane",
"city": "Los Angeles",
"state": "California",
"country": "United States of America",
"zipCode": 90210,
"category": "Cafe",
"name": "Coder Cafe",
"description": "Best coffee in town",
"priceRange": "$$",
"createdAt": "2025-06-19 20:39:36",
"updatedAt": "2025-06-19 20:39:36",
"avgRating": 4.5,
"previewImage": "image url"
}
],
"page": 2,
"size": 20
}
Error Response: Query parameter validation errors
Status Code: 400
Headers:
Content-Type: application/json
Body:
{
"message": "Bad Request", // (or "Validation error" if generated by Sequelize),
"errors": {
"page": "Page must be greater than or equal to 1",
"size": "Size must be between 1 and 20",
"category": "Category is invalid",
"minRAting": "Minimum rating is invalid",
"priceRange": "Price range is invalid",
"city": "City is invalid"
}
}