Files
2026-02-10 22:11:06 -05:00

1248 lines
30 KiB
Markdown

# Al Rahma Sunday School API Documentation
## Overview
This API provides RESTful endpoints for mobile app integration with the Al Rahma Sunday School backend. All endpoints follow RESTful conventions and return JSON responses.
**Base URL**: `https://your-domain.com/api/v1`
**API Version**: v1
## Table of Contents
1. [Authentication](#authentication)
2. [Response Format](#response-format)
3. [Error Handling](#error-handling)
4. [Pagination](#pagination)
5. [Endpoints](#endpoints)
- [Authentication](#authentication-endpoints)
- [User & Profile](#user--profile)
- [Messaging](#messaging)
- [Students](#students)
- [Parents](#parents)
- [Classes](#classes)
- [Attendance](#attendance)
- [Scores & Grades](#scores--grades)
- [Payments & Invoices](#payments--invoices)
- [Notifications](#notifications)
- [Events & Calendar](#events--calendar)
- [Dashboard](#dashboard)
- [Homework & Assignments](#homework--assignments)
- [Quizzes & Exams](#quizzes--exams)
- [And more...](#additional-endpoints)
6. [Public Endpoints](#public-endpoints)
7. [Environment Variables](#environment-variables)
## Authentication
All protected endpoints require JWT (JSON Web Token) authentication via the `Authorization` header:
```
Authorization: Bearer <your-jwt-token>
```
### Token Lifecycle
- Tokens are valid for 24 hours by default
- Tokens contain user information (ID, name, roles)
- Invalid or expired tokens return `401 Unauthorized`
### Getting a Token
**POST** `/api/v1/login`
**Request Body:**
```json
{
"email": "user@example.com",
"password": "password123"
}
```
**Success Response (200):**
```json
{
"status": true,
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": 1,
"name": "John Doe",
"roles": {
"parent": true,
"teacher": false,
"admin": false
}
}
}
```
**Error Response (401):**
```json
{
"status": false,
"message": "Invalid credentials"
}
```
## Response Format
### Success Response
All successful responses follow this format:
```json
{
"status": true,
"message": "Success message",
"data": {
// Response data here
}
}
```
### Error Response
All error responses follow this format:
```json
{
"status": false,
"message": "Error description",
"errors": {
// Optional: Validation errors
}
}
```
## Error Handling
### HTTP Status Codes
- `200` - Success
- `201` - Created (resource successfully created)
- `400` - Bad Request (invalid request data)
- `401` - Unauthorized (missing or invalid token)
- `403` - Forbidden (insufficient permissions)
- `404` - Not Found (resource doesn't exist)
- `422` - Validation Error (request validation failed)
- `500` - Server Error (internal server error)
### Validation Errors
When validation fails (422), the response includes detailed field errors:
```json
{
"status": false,
"message": "Validation failed",
"errors": {
"email": "The email field is required.",
"password": "The password must be at least 8 characters."
}
}
```
## Pagination
List endpoints support pagination via query parameters:
- `page` (optional): Page number (default: 1)
- `per_page` (optional): Items per page (default: 20, max: 100)
**Paginated Response:**
```json
{
"status": true,
"message": "Success",
"data": {
"data": [...],
"pagination": {
"current_page": 1,
"per_page": 20,
"total": 100,
"total_pages": 5
}
}
}
```
## Endpoints
### Authentication Endpoints
#### Login
**POST** `/api/v1/login`
**Request:**
```json
{
"email": "user@example.com",
"password": "password123"
}
```
**Response:**
```json
{
"status": true,
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": 1,
"name": "John Doe",
"roles": {
"parent": true
}
}
}
```
#### Register
**POST** `/api/v1/register`
**Request:**
```json
{
"email": "newuser@example.com",
"password": "password123",
"firstname": "Jane",
"lastname": "Doe"
}
```
### User & Profile
#### Get Current User Profile
**GET** `/api/v1/profile`
**Headers:** `Authorization: Bearer <token>`
**Response:**
```json
{
"status": true,
"message": "Profile retrieved successfully",
"data": {
"id": 1,
"firstname": "John",
"lastname": "Doe",
"email": "user@example.com",
"cellphone": "1234567890",
"roles": ["parent", "teacher"]
}
}
```
#### Update Profile
**PUT** `/api/v1/profile`
**Headers:** `Authorization: Bearer <token>`
**Request Body:**
```json
{
"firstname": "John",
"lastname": "Updated",
"email": "newemail@example.com",
"cellphone": "1234567890"
}
```
**Allowed Fields:**
- `firstname`
- `lastname`
- `email`
- `cellphone`
- `address_street`
- `apt`
- `city`
- `state`
- `zip`
- `gender`
### Messaging
The messaging API provides a complete chat system for users to communicate with each other.
#### Get Conversations
**GET** `/api/v1/messaging/conversations`
**Headers:** `Authorization: Bearer <token>`
**Description:** Returns all conversations (chat threads) for the current user, sorted by last message time.
**Response:**
```json
{
"status": true,
"message": "Conversations retrieved successfully",
"data": [
{
"user_id": 2,
"user_name": "Jane Smith",
"user_initials": "JS",
"last_message": "Hello, how are you?",
"last_message_time": "2025-01-15 10:30:00",
"unread_count": 3
}
]
}
```
#### Get Conversation Messages
**GET** `/api/v1/messaging/conversation/{userId}`
**Headers:** `Authorization: Bearer <token>`
**Query Parameters:**
- `page` (optional): Page number (default: 1)
- `per_page` (optional): Items per page (default: 50, max: 100)
**Description:** Retrieves all messages in a conversation between the current user and the specified user. Messages are automatically marked as read when retrieved.
**Response:**
```json
{
"status": true,
"message": "Messages retrieved successfully",
"data": {
"messages": [
{
"id": 1,
"sender_id": 1,
"recipient_id": 2,
"message": "Hello!",
"sent_datetime": "2025-01-15 10:00:00",
"read_status": 1,
"read_datetime": "2025-01-15 10:05:00",
"attachment": null,
"is_sender": true
}
],
"other_user": {
"id": 2,
"name": "Jane Smith",
"initials": "JS"
},
"pagination": {
"current_page": 1,
"per_page": 50,
"total": 25,
"total_pages": 1
}
}
}
```
#### Send Message
**POST** `/api/v1/messaging/send`
**Headers:** `Authorization: Bearer <token>`
**Request Body:**
```json
{
"recipient_id": 2,
"message": "Hello, how are you?",
"attachment": null
}
```
**Validation Rules:**
- `recipient_id` (required): Must be a valid user ID (integer)
- `message` (required): Message text, max 5000 characters
- `attachment` (optional): File attachment path
**Response:**
```json
{
"status": true,
"message": "Message sent successfully",
"data": {
"id": 123,
"sender_id": 1,
"recipient_id": 2,
"message": "Hello, how are you?",
"sent_datetime": "2025-01-15 10:30:00",
"read_status": 0,
"attachment": null,
"is_sender": true
}
}
```
**Error Responses:**
- `400`: Cannot send message to yourself
- `404`: Recipient not found
- `422`: Validation failed
#### Mark Messages as Read
**POST** `/api/v1/messaging/mark-read`
**Headers:** `Authorization: Bearer <token>`
**Request Body (Option 1 - Mark specific messages):**
```json
{
"message_ids": [1, 2, 3]
}
```
**Request Body (Option 2 - Mark all from user):**
```json
{
"user_id": 2
}
```
**Response:**
```json
{
"status": true,
"message": "Messages marked as read",
"data": {
"updated_count": 5
}
}
```
#### Get Unread Count
**GET** `/api/v1/messaging/unread-count`
**Headers:** `Authorization: Bearer <token>`
**Response:**
```json
{
"status": true,
"message": "Unread count retrieved successfully",
"data": {
"unread_count": 5
}
}
```
#### Search Users
**GET** `/api/v1/messaging/search-users`
**Headers:** `Authorization: Bearer <token>`
**Query Parameters:**
- `q` (required): Search query (minimum 2 characters)
- `limit` (optional): Maximum results (default: 10, max: 20)
**Description:** Searches for users by name or email to start a conversation.
**Response:**
```json
{
"status": true,
"message": "Users retrieved successfully",
"data": [
{
"id": 2,
"name": "Jane Smith",
"initials": "JS",
"email": "jane@example.com"
}
]
}
```
#### Delete Message
**DELETE** `/api/v1/messaging/message/{id}`
**Headers:** `Authorization: Bearer <token>`
**Description:** Soft deletes a message (marks as deleted). Only the sender or recipient can delete a message.
**Response:**
```json
{
"status": true,
"message": "Message deleted successfully"
}
```
**Error Responses:**
- `403`: Unauthorized to delete this message
- `404`: Message not found
#### Delete Conversation
**DELETE** `/api/v1/messaging/conversation/{userId}`
**Headers:** `Authorization: Bearer <token>`
**Description:** Soft deletes all messages in a conversation with the specified user.
**Response:**
```json
{
"status": true,
"message": "Conversation deleted successfully",
"data": {
"deleted_count": 25
}
}
```
### Students
#### List Students
**GET** `/api/v1/students`
**Headers:** `Authorization: Bearer <token>`
**Query Parameters:**
- `page` (optional): Page number
- `per_page` (optional): Items per page
- `parent_id` (optional): Filter by parent ID
- `class_id` (optional): Filter by class ID
**Response:**
```json
{
"status": true,
"message": "Students retrieved successfully",
"data": {
"data": [
{
"id": 1,
"firstname": "John",
"lastname": "Doe",
"school_id": "STU001",
"current_class": {
"id": 1,
"class_name": "Grade 1 - Section A"
}
}
],
"pagination": {
"current_page": 1,
"per_page": 20,
"total": 100,
"total_pages": 5
}
}
}
```
#### Get Student Details
**GET** `/api/v1/students/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Create Student
**POST** `/api/v1/students`
**Headers:** `Authorization: Bearer <token>`
**Request Body:**
```json
{
"firstname": "Jane",
"lastname": "Doe",
"school_id": "STU002",
"parent_id": 1,
"class_id": 1
}
```
#### Update Student
**PUT** `/api/v1/students/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Delete Student
**DELETE** `/api/v1/students/{id}`
**Headers:** `Authorization: Bearer <token>`
### Parents
#### List Parents
**GET** `/api/v1/parents`
**Headers:** `Authorization: Bearer <token>`
#### Get Parent Details
**GET** `/api/v1/parents/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Get Parent's Students
**GET** `/api/v1/parents/{id}/students`
**Headers:** `Authorization: Bearer <token>`
**Response:**
```json
{
"status": true,
"message": "Success",
"data": [
{
"id": 1,
"firstname": "John",
"lastname": "Doe",
"school_id": "STU001"
}
]
}
```
### Classes
#### List Classes
**GET** `/api/v1/classes`
**Headers:** `Authorization: Bearer <token>`
#### Get Class Details
**GET** `/api/v1/classes/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Get Class Students
**GET** `/api/v1/classes/{id}/students`
**Headers:** `Authorization: Bearer <token>`
### Attendance
#### List Attendance Records
**GET** `/api/v1/attendance`
**Headers:** `Authorization: Bearer <token>`
**Query Parameters:**
- `student_id` (optional): Filter by student
- `date` (optional): Filter by date (YYYY-MM-DD)
#### Get Student Attendance
**GET** `/api/v1/attendance/student/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Create Attendance Record
**POST** `/api/v1/attendance`
**Headers:** `Authorization: Bearer <token>`
**Request Body:**
```json
{
"student_id": 1,
"date": "2025-01-15",
"status": "present",
"notes": "Optional notes"
}
```
#### Update Attendance
**PUT** `/api/v1/attendance/{id}`
**Headers:** `Authorization: Bearer <token>`
### Scores & Grades
#### List Scores
**GET** `/api/v1/scores`
**Headers:** `Authorization: Bearer <token>`
#### Get Student Scores
**GET** `/api/v1/scores/student/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Create Score
**POST** `/api/v1/scores`
**Headers:** `Authorization: Bearer <token>`
#### Update Score
**PUT** `/api/v1/scores/{id}`
**Headers:** `Authorization: Bearer <token>`
### Payments & Invoices
#### List Payments
**GET** `/api/v1/payments`
**Headers:** `Authorization: Bearer <token>`
#### Get Payment Details
**GET** `/api/v1/payments/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Get Parent Payments
**GET** `/api/v1/payments/parent/{id}`
**Headers:** `Authorization: Bearer <token>`
#### List Invoices
**GET** `/api/v1/invoices`
**Headers:** `Authorization: Bearer <token>`
#### Get Invoice Details
**GET** `/api/v1/invoices/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Get Parent Invoices
**GET** `/api/v1/invoices/parent/{id}`
**Headers:** `Authorization: Bearer <token>`
### Notifications
#### List Notifications
**GET** `/api/v1/notifications`
**Headers:** `Authorization: Bearer <token>`
#### Get Notification
**GET** `/api/v1/notifications/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Mark as Read
**POST** `/api/v1/notifications/{id}/read`
**Headers:** `Authorization: Bearer <token>`
### Events & Calendar
#### List Events
**GET** `/api/v1/events`
**Headers:** `Authorization: Bearer <token>`
#### Get Event Details
**GET** `/api/v1/events/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Calendar Endpoints
**GET** `/api/v1/calendar`
**GET** `/api/v1/calendar/{id}`
**POST** `/api/v1/calendar`
**PUT** `/api/v1/calendar/{id}`
**DELETE** `/api/v1/calendar/{id}`
### Dashboard
#### Get Dashboard Data
**GET** `/api/v1/dashboard`
**Headers:** `Authorization: Bearer <token>`
#### Get Dashboard Stats
**GET** `/api/v1/dashboard/stats`
**Headers:** `Authorization: Bearer <token>`
### Homework & Assignments
#### List Homework
**GET** `/api/v1/homework`
**Headers:** `Authorization: Bearer <token>`
#### Get Student Homework
**GET** `/api/v1/homework/student/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Create Homework
**POST** `/api/v1/homework`
**Headers:** `Authorization: Bearer <token>`
#### Update Homework
**PUT** `/api/v1/homework/{id}`
**Headers:** `Authorization: Bearer <token>`
#### List Assignments
**GET** `/api/v1/assignments`
**Headers:** `Authorization: Bearer <token>`
#### Get Assignment
**GET** `/api/v1/assignments/{id}`
**Headers:** `Authorization: Bearer <token>`
### Quizzes & Exams
#### List Quizzes
**GET** `/api/v1/quizzes`
**Headers:** `Authorization: Bearer <token>`
#### Get Quiz Details
**GET** `/api/v1/quizzes/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Get Student Quizzes
**GET** `/api/v1/quizzes/student/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Create Quiz
**POST** `/api/v1/quizzes`
**Headers:** `Authorization: Bearer <token>`
#### Update Quiz
**PUT** `/api/v1/quizzes/{id}`
**Headers:** `Authorization: Bearer <token>`
#### Projects
**GET** `/api/v1/projects`
**GET** `/api/v1/projects/{id}`
**GET** `/api/v1/projects/student/{id}`
**POST** `/api/v1/projects`
**PUT** `/api/v1/projects/{id}`
#### Midterm Exams
**GET** `/api/v1/midterms/student/{id}`
**POST** `/api/v1/midterms`
**PUT** `/api/v1/midterms/{id}`
#### Final Exams
**GET** `/api/v1/finals/student/{id}`
**POST** `/api/v1/finals`
**PUT** `/api/v1/finals/{id}`
#### Participation
**GET** `/api/v1/participations/student/{id}`
**POST** `/api/v1/participations`
**PUT** `/api/v1/participations/{id}`
### Additional Endpoints
#### Teachers
- `GET /api/v1/teachers` - List teachers
- `GET /api/v1/teachers/{id}` - Get teacher details
- `GET /api/v1/teachers/{id}/classes` - Get teacher's classes
#### Expenses
- `GET /api/v1/expenses` - List expenses
- `GET /api/v1/expenses/{id}` - Get expense details
- `POST /api/v1/expenses` - Create expense
- `PUT /api/v1/expenses/{id}` - Update expense
#### Reimbursements
- `GET /api/v1/reimbursements` - List reimbursements
- `GET /api/v1/reimbursements/{id}` - Get reimbursement details
- `POST /api/v1/reimbursements` - Create reimbursement
- `PUT /api/v1/reimbursements/{id}` - Update reimbursement
#### Refunds
- `GET /api/v1/refunds` - List refunds
- `GET /api/v1/refunds/{id}` - Get refund details
- `POST /api/v1/refunds` - Create refund
- `PUT /api/v1/refunds/{id}` - Update refund
#### Discounts
- `GET /api/v1/discounts` - List discounts
- `GET /api/v1/discounts/code/{code}` - Get discount by code
- `POST /api/v1/discounts/apply` - Apply discount
#### Payment Transactions
- `GET /api/v1/payment-transactions` - List transactions
- `GET /api/v1/payment-transactions/{id}` - Get transaction details
- `GET /api/v1/payment-transactions/payment/{id}` - Get transactions by payment
- `POST /api/v1/payment-transactions` - Create transaction
#### Emergency Contacts
- `GET /api/v1/emergency-contacts` - List contacts
- `GET /api/v1/emergency-contacts/{id}` - Get contact details
- `GET /api/v1/emergency-contacts/parent/{id}` - Get contacts by parent
- `POST /api/v1/emergency-contacts` - Create contact
- `PUT /api/v1/emergency-contacts/{id}` - Update contact
- `DELETE /api/v1/emergency-contacts/{id}` - Delete contact
#### Families
- `GET /api/v1/families` - List families
- `GET /api/v1/families/{id}` - Get family details
- `GET /api/v1/families/student/{id}` - Get families by student
- `GET /api/v1/families/{id}/guardians` - Get family guardians
#### Staff
- `GET /api/v1/staff` - List staff
- `GET /api/v1/staff/{id}` - Get staff details
- `POST /api/v1/staff` - Create staff
- `PUT /api/v1/staff/{id}` - Update staff
- `DELETE /api/v1/staff/{id}` - Delete staff
#### Financial
- `GET /api/v1/financial/report` - Get financial report
- `GET /api/v1/financial/unpaid-parents` - Get unpaid parents list
#### Configuration
- `GET /api/v1/configurations` - List configurations
- `GET /api/v1/configurations/{id}` - Get configuration details
- `GET /api/v1/configurations/key/{key}` - Get configuration by key
- `POST /api/v1/configurations` - Create configuration
- `PUT /api/v1/configurations/{id}` - Update configuration
- `DELETE /api/v1/configurations/{id}` - Delete configuration
#### Contact
- `POST /api/v1/contact` - Submit contact form
#### Extra Charges
- `GET /api/v1/extra-charges` - List extra charges
- `GET /api/v1/extra-charges/{id}` - Get charge details
- `POST /api/v1/extra-charges` - Create charge
- `PUT /api/v1/extra-charges/{id}` - Update charge
- `POST /api/v1/extra-charges/{id}/void` - Void charge
- `GET /api/v1/extra-charges/parents` - Get parent options
#### Flags
- `GET /api/v1/flags` - List flags
- `GET /api/v1/flags/{id}` - Get flag details
- `POST /api/v1/flags` - Create flag
- `PUT /api/v1/flags/{id}/state` - Update flag state
- `POST /api/v1/flags/{id}/close` - Close flag
- `POST /api/v1/flags/{id}/cancel` - Cancel flag
- `GET /api/v1/flags/students/by-grade/{grade}` - Get students by grade
#### IP Bans
- `GET /api/v1/ip-bans` - List IP bans
- `GET /api/v1/ip-bans/{id}` - Get ban details
- `POST /api/v1/ip-bans/unban` - Unban IP
- `POST /api/v1/ip-bans/ban` - Ban IP
#### Support
- `POST /api/v1/support` - Submit support request
- `GET /api/v1/support/requests` - List support requests
- `GET /api/v1/support/requests/{id}` - Get support request details
#### Attendance Tracking
- `POST /api/v1/attendance-tracking/record` - Record attendance
- `GET /api/v1/attendance-tracking/violations` - Get violations
- `GET /api/v1/attendance-tracking/student/{id}` - Get student tracking
#### Communication
- `GET /api/v1/communication/students/{id}/families` - Get families by student
- `GET /api/v1/communication/families/{id}/guardians` - Get guardians by family
- `POST /api/v1/communication/preview` - Preview communication
- `POST /api/v1/communication/send` - Send communication
#### Class Preparation
- `GET /api/v1/class-preparation` - List class preparations
- `GET /api/v1/class-preparation/{id}` - Get preparation details
- `POST /api/v1/class-preparation/{id}/mark-printed` - Mark as printed
#### PayPal Transactions
- `GET /api/v1/paypal-transactions` - List transactions
- `GET /api/v1/paypal-transactions/{id}` - Get transaction details
- `GET /api/v1/paypal-transactions/transaction/{transactionId}` - Get by transaction ID
#### Stats
- `GET /api/v1/stats` - Get statistics
#### Suppliers
- `GET /api/v1/suppliers` - List suppliers
- `GET /api/v1/suppliers/{id}` - Get supplier details
- `POST /api/v1/suppliers` - Create supplier
- `PUT /api/v1/suppliers/{id}` - Update supplier
- `DELETE /api/v1/suppliers/{id}` - Delete supplier
#### Payment Notifications
- `GET /api/v1/payment-notifications` - List notifications
- `POST /api/v1/payment-notifications/send` - Send notification
#### RFID
- `POST /api/v1/rfid/process` - Process RFID scan
- `GET /api/v1/rfid/logs` - Get RFID logs
#### Nav Builder
- `GET /api/v1/nav-builder` - List navigation items
- `GET /api/v1/nav-builder/{id}` - Get navigation item
- `POST /api/v1/nav-builder` - Create navigation item
- `PUT /api/v1/nav-builder/{id}` - Update navigation item
- `DELETE /api/v1/nav-builder/{id}` - Delete navigation item
- `POST /api/v1/nav-builder/reorder` - Reorder navigation items
#### Inventory
- `GET /api/v1/inventory` - List inventory items
- `GET /api/v1/inventory/{id}` - Get inventory item
- `POST /api/v1/inventory` - Create inventory item
- `PUT /api/v1/inventory/{id}` - Update inventory item
- `DELETE /api/v1/inventory/{id}` - Delete inventory item
- `GET /api/v1/inventory/movements` - Get inventory movements
#### Preferences
- `GET /api/v1/preferences` - Get preferences
- `PUT /api/v1/preferences` - Update preferences
#### Late Slip Logs
- `GET /api/v1/late-slip-logs` - List late slip logs
- `GET /api/v1/late-slip-logs/{id}` - Get late slip log
#### Supply Categories
- `GET /api/v1/supply-categories` - List categories
- `GET /api/v1/supply-categories/{id}` - Get category
- `POST /api/v1/supply-categories` - Create category
- `PUT /api/v1/supply-categories/{id}` - Update category
- `DELETE /api/v1/supply-categories/{id}` - Delete category
#### Homework Tracking
- `GET /api/v1/homework-tracking` - Get homework tracking
#### Parent Attendance Reports
- `GET /api/v1/parent-attendance-reports` - List reports
- `POST /api/v1/parent-attendance-reports` - Submit report
- `PUT /api/v1/parent-attendance-reports/{id}` - Update report
#### Printables Reports
- `GET /api/v1/printables/report-card/meta` - Get report card metadata
- `GET /api/v1/printables/badges/status` - Get badge status
- `POST /api/v1/printables/badges/log` - Log badge print
#### Broadcast Email
- `POST /api/v1/broadcast-email/send` - Send broadcast email
- `GET /api/v1/broadcast-email/parents` - Get parent options
#### Role Permissions
- `GET /api/v1/roles` - List roles
- `GET /api/v1/roles/{id}` - Get role details
- `GET /api/v1/roles/{id}/permissions` - Get role permissions
- `GET /api/v1/permissions` - List permissions
- `POST /api/v1/users/{id}/roles` - Assign role to user
- `GET /api/v1/users/role-assignment` - Get user role assignments
#### WhatsApp
- `GET /api/v1/whatsapp/links` - List WhatsApp links
- `POST /api/v1/whatsapp/links` - Save WhatsApp link
- `PUT /api/v1/whatsapp/membership` - Update membership
#### Purchase Orders
- `GET /api/v1/purchase-orders` - List purchase orders
- `GET /api/v1/purchase-orders/{id}` - Get purchase order
- `POST /api/v1/purchase-orders` - Create purchase order
- `PUT /api/v1/purchase-orders/{id}` - Update purchase order
#### Grading
- `GET /api/v1/grading/{type}/{studentId}/{classId}` - Get grading data
- `PUT /api/v1/grading` - Update grades
#### Score Comments
- `POST /api/v1/score-comments` - Save comment
- `GET /api/v1/score-comments/student/{id}` - Get comments by student
- `PUT /api/v1/score-comments/{id}` - Update comment
#### Authorized Users
- `GET /api/v1/authorized-users` - List authorized users
- `GET /api/v1/authorized-users/{id}` - Get authorized user
- `POST /api/v1/authorized-users` - Create authorized user
- `DELETE /api/v1/authorized-users/{id}` - Delete authorized user
#### Email Extractor
- `GET /api/v1/email-extractor/emails` - Extract emails
- `POST /api/v1/email-extractor/compare` - Compare emails
#### Slip Printer
- `POST /api/v1/slip-printer/print` - Print slip
- `POST /api/v1/slip-printer/preview` - Preview slip
#### Score Predictor
- `GET /api/v1/score-predictor/report` - Get score prediction report
#### Family Admin
- `GET /api/v1/family-admin` - List families (admin)
- `GET /api/v1/family-admin/search` - Search families
#### School Calendar
- `GET /api/v1/school-calendar` - Get school calendar
- `GET /api/v1/school-calendar/view/{view}` - Get calendar view
#### Email
- `POST /api/v1/email/send` - Send email
#### Session Management
- `GET /api/v1/session/timeout-config` - Get timeout configuration
- `GET /api/v1/session/check` - Check session timeout
- `POST /api/v1/session/ping` - Ping session activity
#### Role Switcher
- `GET /api/v1/role-switcher/roles` - Get available roles
- `POST /api/v1/role-switcher/switch` - Switch role
#### Files
- `GET /api/v1/files` - List files
- `GET /api/v1/files/receipt/{filename}` - Get receipt file
- `GET /api/v1/files/reimbursement/{filename}` - Get reimbursement file
#### Page
- `POST /api/v1/page/contact` - Submit contact form
- `GET /api/v1/page/privacy-policy` - Get privacy policy
- `GET /api/v1/page/terms-of-service` - Get terms of service
- `GET /api/v1/page/help-center` - Get help center
#### SMS
- `POST /api/v1/sms/send` - Send SMS
- `GET /api/v1/sms/carriers` - Get available carriers
#### Dashboard Redirect
- `GET /api/v1/dashboard/route` - Get dashboard route
#### Landing Page
- `GET /api/v1/landing-page/data` - Get landing page data
#### Frontend
- `GET /api/v1/frontend/user` - Get frontend user
- `GET /api/v1/frontend/pages` - Get frontend pages
#### UI
- `GET /api/v1/ui/style` - Get UI style
- `POST /api/v1/ui/style` - Update UI style
#### Info Icon
- `GET /api/v1/info-icon/profile` - Get profile icon info
#### Administrator
- `GET /api/v1/administrator/dashboard` - Get admin dashboard
- `GET /api/v1/administrator/search` - Admin search
- `GET /api/v1/administrator/enrollment-withdrawal` - Get enrollment/withdrawal data
#### Settings
- `GET /api/v1/settings/preferences` - Get preferences
- `PUT /api/v1/settings/preferences` - Update preferences
- `GET /api/v1/settings/system` - Get system settings
## Public Endpoints
These endpoints do not require authentication.
### Time
#### Get Current Time
**GET** `/api/v1/time/now`
**Headers:**
- `X-Timezone` (optional): User timezone (e.g., "America/New_York")
**Response:**
```json
{
"user_timezone": "America/New_York",
"server_timezone": "UTC",
"local_time": "2025-01-15 10:30:00",
"utc_time": "2025-01-15 15:30:00"
}
```
#### Convert Time
**POST** `/api/v1/time/convert`
**Headers:**
- `X-Timezone` (optional): User timezone
**Request Body:**
```json
{
"time": "2025-01-15 10:30:00",
"direction": "toUTC"
}
```
**Response:**
```json
{
"user_timezone": "America/New_York",
"server_timezone": "UTC",
"original_time": "2025-01-15 10:30:00",
"converted_time": "2025-01-15 15:30:00"
}
```
**Valid Directions:**
- `toUTC` - Convert from user timezone to UTC
- `fromUTC` - Convert from UTC to user timezone
### Health Check
**GET** `/api/v1/health`
**Response:**
```json
{
"status": "healthy",
"timestamp": "2025-01-15T10:30:00Z"
}
```
## Rate Limiting
Currently, there is no rate limiting implemented. However, it's recommended to:
- Implement reasonable request intervals in your client
- Cache responses when appropriate
- Use pagination for large data sets
## CORS
The API supports CORS for cross-origin requests from mobile apps and web clients. All origins are allowed by default. For production, consider restricting to specific domains.
## Environment Variables
Required environment variables:
- `JWT_SECRET`: Secret key for JWT token signing (change from default in production!)
- `API_BASE_URL`: Base URL for outbound API calls (optional)
- `API_TIMEOUT`: Timeout for API requests in seconds (default: 10)
## Best Practices
### For Mobile App Development
1. **Token Storage**: Store the JWT token securely (e.g., Keychain on iOS, Keystore on Android)
2. **Token Refresh**: Implement token refresh logic before expiration
3. **Error Handling**: Handle 401 responses by redirecting to login
4. **Request Headers**: Always include the `Authorization` header for protected requests
5. **Timezone Support**: Use the `X-Timezone` header for timezone-aware requests
6. **Pagination**: Use pagination for large data sets to improve performance
7. **Caching**: Cache responses when appropriate to reduce API calls
8. **Offline Support**: Implement offline storage for critical data
### Request/Response Guidelines
1. **Content-Type**: Always use `Content-Type: application/json` for POST/PUT requests
2. **Accept**: Use `Accept: application/json` header
3. **Timestamps**: All timestamps are in UTC unless specified
4. **Date Format**: Use ISO 8601 format (YYYY-MM-DD HH:mm:ss)
5. **Validation**: Validate data on the client side before sending requests
## Support
For API support or questions:
- Check the help center: `/api/v1/page/help-center`
- Submit a support request: `POST /api/v1/support`
## Changelog
### Version 1.0.0
- Initial API release
- Authentication with JWT
- Messaging system
- Student, parent, and class management
- Attendance tracking
- Payment and invoice management
- And more...
## License
This API is proprietary software for Al Rahma Sunday School.