# Al Rahma Sunday School API Documentation ## Overview This API provides RESTful endpoints for mobile app integration with the Al Rahma Sunday School backend. All endpoints follow RESTful conventions and return JSON responses. **Base URL**: `https://your-domain.com/api/v1` **API Version**: v1 ## Table of Contents 1. [Authentication](#authentication) 2. [Response Format](#response-format) 3. [Error Handling](#error-handling) 4. [Pagination](#pagination) 5. [Endpoints](#endpoints) - [Authentication](#authentication-endpoints) - [User & Profile](#user--profile) - [Messaging](#messaging) - [Students](#students) - [Parents](#parents) - [Classes](#classes) - [Attendance](#attendance) - [Scores & Grades](#scores--grades) - [Payments & Invoices](#payments--invoices) - [Notifications](#notifications) - [Events & Calendar](#events--calendar) - [Dashboard](#dashboard) - [Homework & Assignments](#homework--assignments) - [Quizzes & Exams](#quizzes--exams) - [And more...](#additional-endpoints) 6. [Public Endpoints](#public-endpoints) 7. [Environment Variables](#environment-variables) ## Authentication All protected endpoints require JWT (JSON Web Token) authentication via the `Authorization` header: ``` Authorization: Bearer ``` ### Token Lifecycle - Tokens are valid for 24 hours by default - Tokens contain user information (ID, name, roles) - Invalid or expired tokens return `401 Unauthorized` ### Getting a Token **POST** `/api/v1/login` **Request Body:** ```json { "email": "user@example.com", "password": "password123" } ``` **Success Response (200):** ```json { "status": true, "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "user": { "id": 1, "name": "John Doe", "roles": { "parent": true, "teacher": false, "admin": false } } } ``` **Error Response (401):** ```json { "status": false, "message": "Invalid credentials" } ``` ## Response Format ### Success Response All successful responses follow this format: ```json { "status": true, "message": "Success message", "data": { // Response data here } } ``` ### Error Response All error responses follow this format: ```json { "status": false, "message": "Error description", "errors": { // Optional: Validation errors } } ``` ## Error Handling ### HTTP Status Codes - `200` - Success - `201` - Created (resource successfully created) - `400` - Bad Request (invalid request data) - `401` - Unauthorized (missing or invalid token) - `403` - Forbidden (insufficient permissions) - `404` - Not Found (resource doesn't exist) - `422` - Validation Error (request validation failed) - `500` - Server Error (internal server error) ### Validation Errors When validation fails (422), the response includes detailed field errors: ```json { "status": false, "message": "Validation failed", "errors": { "email": "The email field is required.", "password": "The password must be at least 8 characters." } } ``` ## Pagination List endpoints support pagination via query parameters: - `page` (optional): Page number (default: 1) - `per_page` (optional): Items per page (default: 20, max: 100) **Paginated Response:** ```json { "status": true, "message": "Success", "data": { "data": [...], "pagination": { "current_page": 1, "per_page": 20, "total": 100, "total_pages": 5 } } } ``` ## Endpoints ### Authentication Endpoints #### Login **POST** `/api/v1/login` **Request:** ```json { "email": "user@example.com", "password": "password123" } ``` **Response:** ```json { "status": true, "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "user": { "id": 1, "name": "John Doe", "roles": { "parent": true } } } ``` #### Register **POST** `/api/v1/register` **Request:** ```json { "email": "newuser@example.com", "password": "password123", "firstname": "Jane", "lastname": "Doe" } ``` ### User & Profile #### Get Current User Profile **GET** `/api/v1/profile` **Headers:** `Authorization: Bearer ` **Response:** ```json { "status": true, "message": "Profile retrieved successfully", "data": { "id": 1, "firstname": "John", "lastname": "Doe", "email": "user@example.com", "cellphone": "1234567890", "roles": ["parent", "teacher"] } } ``` #### Update Profile **PUT** `/api/v1/profile` **Headers:** `Authorization: Bearer ` **Request Body:** ```json { "firstname": "John", "lastname": "Updated", "email": "newemail@example.com", "cellphone": "1234567890" } ``` **Allowed Fields:** - `firstname` - `lastname` - `email` - `cellphone` - `address_street` - `apt` - `city` - `state` - `zip` - `gender` ### Messaging The messaging API provides a complete chat system for users to communicate with each other. #### Get Conversations **GET** `/api/v1/messaging/conversations` **Headers:** `Authorization: Bearer ` **Description:** Returns all conversations (chat threads) for the current user, sorted by last message time. **Response:** ```json { "status": true, "message": "Conversations retrieved successfully", "data": [ { "user_id": 2, "user_name": "Jane Smith", "user_initials": "JS", "last_message": "Hello, how are you?", "last_message_time": "2025-01-15 10:30:00", "unread_count": 3 } ] } ``` #### Get Conversation Messages **GET** `/api/v1/messaging/conversation/{userId}` **Headers:** `Authorization: Bearer ` **Query Parameters:** - `page` (optional): Page number (default: 1) - `per_page` (optional): Items per page (default: 50, max: 100) **Description:** Retrieves all messages in a conversation between the current user and the specified user. Messages are automatically marked as read when retrieved. **Response:** ```json { "status": true, "message": "Messages retrieved successfully", "data": { "messages": [ { "id": 1, "sender_id": 1, "recipient_id": 2, "message": "Hello!", "sent_datetime": "2025-01-15 10:00:00", "read_status": 1, "read_datetime": "2025-01-15 10:05:00", "attachment": null, "is_sender": true } ], "other_user": { "id": 2, "name": "Jane Smith", "initials": "JS" }, "pagination": { "current_page": 1, "per_page": 50, "total": 25, "total_pages": 1 } } } ``` #### Send Message **POST** `/api/v1/messaging/send` **Headers:** `Authorization: Bearer ` **Request Body:** ```json { "recipient_id": 2, "message": "Hello, how are you?", "attachment": null } ``` **Validation Rules:** - `recipient_id` (required): Must be a valid user ID (integer) - `message` (required): Message text, max 5000 characters - `attachment` (optional): File attachment path **Response:** ```json { "status": true, "message": "Message sent successfully", "data": { "id": 123, "sender_id": 1, "recipient_id": 2, "message": "Hello, how are you?", "sent_datetime": "2025-01-15 10:30:00", "read_status": 0, "attachment": null, "is_sender": true } } ``` **Error Responses:** - `400`: Cannot send message to yourself - `404`: Recipient not found - `422`: Validation failed #### Mark Messages as Read **POST** `/api/v1/messaging/mark-read` **Headers:** `Authorization: Bearer ` **Request Body (Option 1 - Mark specific messages):** ```json { "message_ids": [1, 2, 3] } ``` **Request Body (Option 2 - Mark all from user):** ```json { "user_id": 2 } ``` **Response:** ```json { "status": true, "message": "Messages marked as read", "data": { "updated_count": 5 } } ``` #### Get Unread Count **GET** `/api/v1/messaging/unread-count` **Headers:** `Authorization: Bearer ` **Response:** ```json { "status": true, "message": "Unread count retrieved successfully", "data": { "unread_count": 5 } } ``` #### Search Users **GET** `/api/v1/messaging/search-users` **Headers:** `Authorization: Bearer ` **Query Parameters:** - `q` (required): Search query (minimum 2 characters) - `limit` (optional): Maximum results (default: 10, max: 20) **Description:** Searches for users by name or email to start a conversation. **Response:** ```json { "status": true, "message": "Users retrieved successfully", "data": [ { "id": 2, "name": "Jane Smith", "initials": "JS", "email": "jane@example.com" } ] } ``` #### Delete Message **DELETE** `/api/v1/messaging/message/{id}` **Headers:** `Authorization: Bearer ` **Description:** Soft deletes a message (marks as deleted). Only the sender or recipient can delete a message. **Response:** ```json { "status": true, "message": "Message deleted successfully" } ``` **Error Responses:** - `403`: Unauthorized to delete this message - `404`: Message not found #### Delete Conversation **DELETE** `/api/v1/messaging/conversation/{userId}` **Headers:** `Authorization: Bearer ` **Description:** Soft deletes all messages in a conversation with the specified user. **Response:** ```json { "status": true, "message": "Conversation deleted successfully", "data": { "deleted_count": 25 } } ``` ### Students #### List Students **GET** `/api/v1/students` **Headers:** `Authorization: Bearer ` **Query Parameters:** - `page` (optional): Page number - `per_page` (optional): Items per page - `parent_id` (optional): Filter by parent ID - `class_id` (optional): Filter by class ID **Response:** ```json { "status": true, "message": "Students retrieved successfully", "data": { "data": [ { "id": 1, "firstname": "John", "lastname": "Doe", "school_id": "STU001", "current_class": { "id": 1, "class_name": "Grade 1 - Section A" } } ], "pagination": { "current_page": 1, "per_page": 20, "total": 100, "total_pages": 5 } } } ``` #### Get Student Details **GET** `/api/v1/students/{id}` **Headers:** `Authorization: Bearer ` #### Create Student **POST** `/api/v1/students` **Headers:** `Authorization: Bearer ` **Request Body:** ```json { "firstname": "Jane", "lastname": "Doe", "school_id": "STU002", "parent_id": 1, "class_id": 1 } ``` #### Update Student **PUT** `/api/v1/students/{id}` **Headers:** `Authorization: Bearer ` #### Delete Student **DELETE** `/api/v1/students/{id}` **Headers:** `Authorization: Bearer ` ### Parents #### List Parents **GET** `/api/v1/parents` **Headers:** `Authorization: Bearer ` #### Get Parent Details **GET** `/api/v1/parents/{id}` **Headers:** `Authorization: Bearer ` #### Get Parent's Students **GET** `/api/v1/parents/{id}/students` **Headers:** `Authorization: Bearer ` **Response:** ```json { "status": true, "message": "Success", "data": [ { "id": 1, "firstname": "John", "lastname": "Doe", "school_id": "STU001" } ] } ``` ### Classes #### List Classes **GET** `/api/v1/classes` **Headers:** `Authorization: Bearer ` #### Get Class Details **GET** `/api/v1/classes/{id}` **Headers:** `Authorization: Bearer ` #### Get Class Students **GET** `/api/v1/classes/{id}/students` **Headers:** `Authorization: Bearer ` ### Attendance #### List Attendance Records **GET** `/api/v1/attendance` **Headers:** `Authorization: Bearer ` **Query Parameters:** - `student_id` (optional): Filter by student - `date` (optional): Filter by date (YYYY-MM-DD) #### Get Student Attendance **GET** `/api/v1/attendance/student/{id}` **Headers:** `Authorization: Bearer ` #### Create Attendance Record **POST** `/api/v1/attendance` **Headers:** `Authorization: Bearer ` **Request Body:** ```json { "student_id": 1, "date": "2025-01-15", "status": "present", "notes": "Optional notes" } ``` #### Update Attendance **PUT** `/api/v1/attendance/{id}` **Headers:** `Authorization: Bearer ` ### Scores & Grades #### List Scores **GET** `/api/v1/scores` **Headers:** `Authorization: Bearer ` #### Get Student Scores **GET** `/api/v1/scores/student/{id}` **Headers:** `Authorization: Bearer ` #### Create Score **POST** `/api/v1/scores` **Headers:** `Authorization: Bearer ` #### Update Score **PUT** `/api/v1/scores/{id}` **Headers:** `Authorization: Bearer ` ### Payments & Invoices #### List Payments **GET** `/api/v1/payments` **Headers:** `Authorization: Bearer ` #### Get Payment Details **GET** `/api/v1/payments/{id}` **Headers:** `Authorization: Bearer ` #### Get Parent Payments **GET** `/api/v1/payments/parent/{id}` **Headers:** `Authorization: Bearer ` #### List Invoices **GET** `/api/v1/invoices` **Headers:** `Authorization: Bearer ` #### Get Invoice Details **GET** `/api/v1/invoices/{id}` **Headers:** `Authorization: Bearer ` #### Get Parent Invoices **GET** `/api/v1/invoices/parent/{id}` **Headers:** `Authorization: Bearer ` ### Notifications #### List Notifications **GET** `/api/v1/notifications` **Headers:** `Authorization: Bearer ` #### Get Notification **GET** `/api/v1/notifications/{id}` **Headers:** `Authorization: Bearer ` #### Mark as Read **POST** `/api/v1/notifications/{id}/read` **Headers:** `Authorization: Bearer ` ### Events & Calendar #### List Events **GET** `/api/v1/events` **Headers:** `Authorization: Bearer ` #### Get Event Details **GET** `/api/v1/events/{id}` **Headers:** `Authorization: Bearer ` #### Calendar Endpoints **GET** `/api/v1/calendar` **GET** `/api/v1/calendar/{id}` **POST** `/api/v1/calendar` **PUT** `/api/v1/calendar/{id}` **DELETE** `/api/v1/calendar/{id}` ### Dashboard #### Get Dashboard Data **GET** `/api/v1/dashboard` **Headers:** `Authorization: Bearer ` #### Get Dashboard Stats **GET** `/api/v1/dashboard/stats` **Headers:** `Authorization: Bearer ` ### Homework & Assignments #### List Homework **GET** `/api/v1/homework` **Headers:** `Authorization: Bearer ` #### Get Student Homework **GET** `/api/v1/homework/student/{id}` **Headers:** `Authorization: Bearer ` #### Create Homework **POST** `/api/v1/homework` **Headers:** `Authorization: Bearer ` #### Update Homework **PUT** `/api/v1/homework/{id}` **Headers:** `Authorization: Bearer ` #### List Assignments **GET** `/api/v1/assignments` **Headers:** `Authorization: Bearer ` #### Get Assignment **GET** `/api/v1/assignments/{id}` **Headers:** `Authorization: Bearer ` ### Quizzes & Exams #### List Quizzes **GET** `/api/v1/quizzes` **Headers:** `Authorization: Bearer ` #### Get Quiz Details **GET** `/api/v1/quizzes/{id}` **Headers:** `Authorization: Bearer ` #### Get Student Quizzes **GET** `/api/v1/quizzes/student/{id}` **Headers:** `Authorization: Bearer ` #### Create Quiz **POST** `/api/v1/quizzes` **Headers:** `Authorization: Bearer ` #### Update Quiz **PUT** `/api/v1/quizzes/{id}` **Headers:** `Authorization: Bearer ` #### Projects **GET** `/api/v1/projects` **GET** `/api/v1/projects/{id}` **GET** `/api/v1/projects/student/{id}` **POST** `/api/v1/projects` **PUT** `/api/v1/projects/{id}` #### Midterm Exams **GET** `/api/v1/midterms/student/{id}` **POST** `/api/v1/midterms` **PUT** `/api/v1/midterms/{id}` #### Final Exams **GET** `/api/v1/finals/student/{id}` **POST** `/api/v1/finals` **PUT** `/api/v1/finals/{id}` #### Participation **GET** `/api/v1/participations/student/{id}` **POST** `/api/v1/participations` **PUT** `/api/v1/participations/{id}` ### Additional Endpoints #### Teachers - `GET /api/v1/teachers` - List teachers - `GET /api/v1/teachers/{id}` - Get teacher details - `GET /api/v1/teachers/{id}/classes` - Get teacher's classes #### Expenses - `GET /api/v1/expenses` - List expenses - `GET /api/v1/expenses/{id}` - Get expense details - `POST /api/v1/expenses` - Create expense - `PUT /api/v1/expenses/{id}` - Update expense #### Reimbursements - `GET /api/v1/reimbursements` - List reimbursements - `GET /api/v1/reimbursements/{id}` - Get reimbursement details - `POST /api/v1/reimbursements` - Create reimbursement - `PUT /api/v1/reimbursements/{id}` - Update reimbursement #### Refunds - `GET /api/v1/refunds` - List refunds - `GET /api/v1/refunds/{id}` - Get refund details - `POST /api/v1/refunds` - Create refund - `PUT /api/v1/refunds/{id}` - Update refund #### Discounts - `GET /api/v1/discounts` - List discounts - `GET /api/v1/discounts/code/{code}` - Get discount by code - `POST /api/v1/discounts/apply` - Apply discount #### Payment Transactions - `GET /api/v1/payment-transactions` - List transactions - `GET /api/v1/payment-transactions/{id}` - Get transaction details - `GET /api/v1/payment-transactions/payment/{id}` - Get transactions by payment - `POST /api/v1/payment-transactions` - Create transaction #### Emergency Contacts - `GET /api/v1/emergency-contacts` - List contacts - `GET /api/v1/emergency-contacts/{id}` - Get contact details - `GET /api/v1/emergency-contacts/parent/{id}` - Get contacts by parent - `POST /api/v1/emergency-contacts` - Create contact - `PUT /api/v1/emergency-contacts/{id}` - Update contact - `DELETE /api/v1/emergency-contacts/{id}` - Delete contact #### Families - `GET /api/v1/families` - List families - `GET /api/v1/families/{id}` - Get family details - `GET /api/v1/families/student/{id}` - Get families by student - `GET /api/v1/families/{id}/guardians` - Get family guardians #### Staff - `GET /api/v1/staff` - List staff - `GET /api/v1/staff/{id}` - Get staff details - `POST /api/v1/staff` - Create staff - `PUT /api/v1/staff/{id}` - Update staff - `DELETE /api/v1/staff/{id}` - Delete staff #### Financial - `GET /api/v1/financial/report` - Get financial report - `GET /api/v1/financial/unpaid-parents` - Get unpaid parents list #### Configuration - `GET /api/v1/configurations` - List configurations - `GET /api/v1/configurations/{id}` - Get configuration details - `GET /api/v1/configurations/key/{key}` - Get configuration by key - `POST /api/v1/configurations` - Create configuration - `PUT /api/v1/configurations/{id}` - Update configuration - `DELETE /api/v1/configurations/{id}` - Delete configuration #### Contact - `POST /api/v1/contact` - Submit contact form #### Extra Charges - `GET /api/v1/extra-charges` - List extra charges - `GET /api/v1/extra-charges/{id}` - Get charge details - `POST /api/v1/extra-charges` - Create charge - `PUT /api/v1/extra-charges/{id}` - Update charge - `POST /api/v1/extra-charges/{id}/void` - Void charge - `GET /api/v1/extra-charges/parents` - Get parent options #### Flags - `GET /api/v1/flags` - List flags - `GET /api/v1/flags/{id}` - Get flag details - `POST /api/v1/flags` - Create flag - `PUT /api/v1/flags/{id}/state` - Update flag state - `POST /api/v1/flags/{id}/close` - Close flag - `POST /api/v1/flags/{id}/cancel` - Cancel flag - `GET /api/v1/flags/students/by-grade/{grade}` - Get students by grade #### IP Bans - `GET /api/v1/ip-bans` - List IP bans - `GET /api/v1/ip-bans/{id}` - Get ban details - `POST /api/v1/ip-bans/unban` - Unban IP - `POST /api/v1/ip-bans/ban` - Ban IP #### Support - `POST /api/v1/support` - Submit support request - `GET /api/v1/support/requests` - List support requests - `GET /api/v1/support/requests/{id}` - Get support request details #### Attendance Tracking - `POST /api/v1/attendance-tracking/record` - Record attendance - `GET /api/v1/attendance-tracking/violations` - Get violations - `GET /api/v1/attendance-tracking/student/{id}` - Get student tracking #### Communication - `GET /api/v1/communication/students/{id}/families` - Get families by student - `GET /api/v1/communication/families/{id}/guardians` - Get guardians by family - `POST /api/v1/communication/preview` - Preview communication - `POST /api/v1/communication/send` - Send communication #### Class Preparation - `GET /api/v1/class-preparation` - List class preparations - `GET /api/v1/class-preparation/{id}` - Get preparation details - `POST /api/v1/class-preparation/{id}/mark-printed` - Mark as printed #### PayPal Transactions - `GET /api/v1/paypal-transactions` - List transactions - `GET /api/v1/paypal-transactions/{id}` - Get transaction details - `GET /api/v1/paypal-transactions/transaction/{transactionId}` - Get by transaction ID #### Stats - `GET /api/v1/stats` - Get statistics #### Suppliers - `GET /api/v1/suppliers` - List suppliers - `GET /api/v1/suppliers/{id}` - Get supplier details - `POST /api/v1/suppliers` - Create supplier - `PUT /api/v1/suppliers/{id}` - Update supplier - `DELETE /api/v1/suppliers/{id}` - Delete supplier #### Payment Notifications - `GET /api/v1/payment-notifications` - List notifications - `POST /api/v1/payment-notifications/send` - Send notification #### RFID - `POST /api/v1/rfid/process` - Process RFID scan - `GET /api/v1/rfid/logs` - Get RFID logs #### Nav Builder - `GET /api/v1/nav-builder` - List navigation items - `GET /api/v1/nav-builder/{id}` - Get navigation item - `POST /api/v1/nav-builder` - Create navigation item - `PUT /api/v1/nav-builder/{id}` - Update navigation item - `DELETE /api/v1/nav-builder/{id}` - Delete navigation item - `POST /api/v1/nav-builder/reorder` - Reorder navigation items #### Inventory - `GET /api/v1/inventory` - List inventory items - `GET /api/v1/inventory/{id}` - Get inventory item - `POST /api/v1/inventory` - Create inventory item - `PUT /api/v1/inventory/{id}` - Update inventory item - `DELETE /api/v1/inventory/{id}` - Delete inventory item - `GET /api/v1/inventory/movements` - Get inventory movements #### Preferences - `GET /api/v1/preferences` - Get preferences - `PUT /api/v1/preferences` - Update preferences #### Late Slip Logs - `GET /api/v1/late-slip-logs` - List late slip logs - `GET /api/v1/late-slip-logs/{id}` - Get late slip log #### Supply Categories - `GET /api/v1/supply-categories` - List categories - `GET /api/v1/supply-categories/{id}` - Get category - `POST /api/v1/supply-categories` - Create category - `PUT /api/v1/supply-categories/{id}` - Update category - `DELETE /api/v1/supply-categories/{id}` - Delete category #### Homework Tracking - `GET /api/v1/homework-tracking` - Get homework tracking #### Parent Attendance Reports - `GET /api/v1/parent-attendance-reports` - List reports - `POST /api/v1/parent-attendance-reports` - Submit report - `PUT /api/v1/parent-attendance-reports/{id}` - Update report #### Printables Reports - `GET /api/v1/printables/report-card/meta` - Get report card metadata - `GET /api/v1/printables/badges/status` - Get badge status - `POST /api/v1/printables/badges/log` - Log badge print #### Broadcast Email - `POST /api/v1/broadcast-email/send` - Send broadcast email - `GET /api/v1/broadcast-email/parents` - Get parent options #### Role Permissions - `GET /api/v1/roles` - List roles - `GET /api/v1/roles/{id}` - Get role details - `GET /api/v1/roles/{id}/permissions` - Get role permissions - `GET /api/v1/permissions` - List permissions - `POST /api/v1/users/{id}/roles` - Assign role to user - `GET /api/v1/users/role-assignment` - Get user role assignments #### WhatsApp - `GET /api/v1/whatsapp/links` - List WhatsApp links - `POST /api/v1/whatsapp/links` - Save WhatsApp link - `PUT /api/v1/whatsapp/membership` - Update membership #### Purchase Orders - `GET /api/v1/purchase-orders` - List purchase orders - `GET /api/v1/purchase-orders/{id}` - Get purchase order - `POST /api/v1/purchase-orders` - Create purchase order - `PUT /api/v1/purchase-orders/{id}` - Update purchase order #### Grading - `GET /api/v1/grading/{type}/{studentId}/{classId}` - Get grading data - `PUT /api/v1/grading` - Update grades #### Score Comments - `POST /api/v1/score-comments` - Save comment - `GET /api/v1/score-comments/student/{id}` - Get comments by student - `PUT /api/v1/score-comments/{id}` - Update comment #### Authorized Users - `GET /api/v1/authorized-users` - List authorized users - `GET /api/v1/authorized-users/{id}` - Get authorized user - `POST /api/v1/authorized-users` - Create authorized user - `DELETE /api/v1/authorized-users/{id}` - Delete authorized user #### Email Extractor - `GET /api/v1/email-extractor/emails` - Extract emails - `POST /api/v1/email-extractor/compare` - Compare emails #### Slip Printer - `POST /api/v1/slip-printer/print` - Print slip - `POST /api/v1/slip-printer/preview` - Preview slip #### Score Predictor - `GET /api/v1/score-predictor/report` - Get score prediction report #### Family Admin - `GET /api/v1/family-admin` - List families (admin) - `GET /api/v1/family-admin/search` - Search families #### School Calendar - `GET /api/v1/school-calendar` - Get school calendar - `GET /api/v1/school-calendar/view/{view}` - Get calendar view #### Email - `POST /api/v1/email/send` - Send email #### Session Management - `GET /api/v1/session/timeout-config` - Get timeout configuration - `GET /api/v1/session/check` - Check session timeout - `POST /api/v1/session/ping` - Ping session activity #### Role Switcher - `GET /api/v1/role-switcher/roles` - Get available roles - `POST /api/v1/role-switcher/switch` - Switch role #### Files - `GET /api/v1/files` - List files - `GET /api/v1/files/receipt/{filename}` - Get receipt file - `GET /api/v1/files/reimbursement/{filename}` - Get reimbursement file #### Page - `POST /api/v1/page/contact` - Submit contact form - `GET /api/v1/page/privacy-policy` - Get privacy policy - `GET /api/v1/page/terms-of-service` - Get terms of service - `GET /api/v1/page/help-center` - Get help center #### SMS - `POST /api/v1/sms/send` - Send SMS - `GET /api/v1/sms/carriers` - Get available carriers #### Dashboard Redirect - `GET /api/v1/dashboard/route` - Get dashboard route #### Landing Page - `GET /api/v1/landing-page/data` - Get landing page data #### Frontend - `GET /api/v1/frontend/user` - Get frontend user - `GET /api/v1/frontend/pages` - Get frontend pages #### UI - `GET /api/v1/ui/style` - Get UI style - `POST /api/v1/ui/style` - Update UI style #### Info Icon - `GET /api/v1/info-icon/profile` - Get profile icon info #### Administrator - `GET /api/v1/administrator/dashboard` - Get admin dashboard - `GET /api/v1/administrator/search` - Admin search - `GET /api/v1/administrator/enrollment-withdrawal` - Get enrollment/withdrawal data #### Settings - `GET /api/v1/settings/preferences` - Get preferences - `PUT /api/v1/settings/preferences` - Update preferences - `GET /api/v1/settings/system` - Get system settings ## Public Endpoints These endpoints do not require authentication. ### Time #### Get Current Time **GET** `/api/v1/time/now` **Headers:** - `X-Timezone` (optional): User timezone (e.g., "America/New_York") **Response:** ```json { "user_timezone": "America/New_York", "server_timezone": "UTC", "local_time": "2025-01-15 10:30:00", "utc_time": "2025-01-15 15:30:00" } ``` #### Convert Time **POST** `/api/v1/time/convert` **Headers:** - `X-Timezone` (optional): User timezone **Request Body:** ```json { "time": "2025-01-15 10:30:00", "direction": "toUTC" } ``` **Response:** ```json { "user_timezone": "America/New_York", "server_timezone": "UTC", "original_time": "2025-01-15 10:30:00", "converted_time": "2025-01-15 15:30:00" } ``` **Valid Directions:** - `toUTC` - Convert from user timezone to UTC - `fromUTC` - Convert from UTC to user timezone ### Health Check **GET** `/api/v1/health` **Response:** ```json { "status": "healthy", "timestamp": "2025-01-15T10:30:00Z" } ``` ## Rate Limiting Currently, there is no rate limiting implemented. However, it's recommended to: - Implement reasonable request intervals in your client - Cache responses when appropriate - Use pagination for large data sets ## CORS The API supports CORS for cross-origin requests from mobile apps and web clients. All origins are allowed by default. For production, consider restricting to specific domains. ## Environment Variables Required environment variables: - `JWT_SECRET`: Secret key for JWT token signing (change from default in production!) - `API_BASE_URL`: Base URL for outbound API calls (optional) - `API_TIMEOUT`: Timeout for API requests in seconds (default: 10) ## Best Practices ### For Mobile App Development 1. **Token Storage**: Store the JWT token securely (e.g., Keychain on iOS, Keystore on Android) 2. **Token Refresh**: Implement token refresh logic before expiration 3. **Error Handling**: Handle 401 responses by redirecting to login 4. **Request Headers**: Always include the `Authorization` header for protected requests 5. **Timezone Support**: Use the `X-Timezone` header for timezone-aware requests 6. **Pagination**: Use pagination for large data sets to improve performance 7. **Caching**: Cache responses when appropriate to reduce API calls 8. **Offline Support**: Implement offline storage for critical data ### Request/Response Guidelines 1. **Content-Type**: Always use `Content-Type: application/json` for POST/PUT requests 2. **Accept**: Use `Accept: application/json` header 3. **Timestamps**: All timestamps are in UTC unless specified 4. **Date Format**: Use ISO 8601 format (YYYY-MM-DD HH:mm:ss) 5. **Validation**: Validate data on the client side before sending requests ## Support For API support or questions: - Check the help center: `/api/v1/page/help-center` - Submit a support request: `POST /api/v1/support` ## Changelog ### Version 1.0.0 - Initial API release - Authentication with JWT - Messaging system - Student, parent, and class management - Attendance tracking - Payment and invoice management - And more... ## License This API is proprietary software for Al Rahma Sunday School.