- Base URL:
http://HOST:PORT(Local Sandbox) - Default Content-Type:
application/json - Authorization:
Bearer <access_token> - Timestamp Format:
ISO8601 UTC
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/health | Health check (server + database status) |
| POST | /api/auth/register | Register a new user |
| POST | /api/auth/login | Log in and receive a token pair |
| POST | /api/auth/refresh | Exchange a refresh token for a new token pair |
| GET | /api/users/me | Get the authenticated user's profile |
| GET | /api/users/:id | Search users by username or display name |
| GET | /api/users/search?q=&page=&limit= | Get a public user profile |
| GET | /ws | WebSocket upgrade endpoint (JWT required) |
| POST | /api/messages | Send a message (REST fallback) |
| GET | /api/messages?with=&before=&limit= | Paginated message history |
All endpoints except /api/health, /api/auth/register, and /api/auth/login require a Bearer token in the Authorization header.
Evaluates the operational status of the server application and its upstream resource dependencies (such as the PostgreSQL database pool).
- URL:
/api/health - Method:
GET - Authentication Required:
NO - curl:
curl -X GET http://HOST:PORT/api/health -s | jq .
Returned when the server runtime is healthy and can successfully execute a ping query against the database.
{
"success": true,
"data": {
"postgres": "up",
"timestamp": "<time>"
}
}Returned when the server has encountered an unexpected error (error description provided)
{
"success": false,
"data": {
"postgres": "down",
"timestamp": "<time>"
},
"error": "Database engine unreachable"
}- URL:
/api/auth/register - Method:
POST - Headers:
Content-Type: application/json - Authentication Required:
NO - curl:
curl -X POST http://HOST:PORT/api/auth/register -H "Content-Type: application/json" -d '{ "username": "<username>", "display_name": "Full Name", "password": "<password>" }' -s | jq .
{
"username": "<username>",
"display_name": "Full Name",
"password": "<password>"
}The username in the response may differ from the one submitted. If the requested username is already taken, the server automatically appends a numeric suffix (e.g. "abc" → "abc.4130") to ensure uniqueness.
Returned when the account/user is successfully created
{
"success": true,
"data": {
"tokens": {
"access_token": "<access_token>",
"refresh_token": "<refresh_token>"
},
"user": {
"id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"username": "<username>",
"display_name": "Full Name",
"created_at": "<created_time>"
}
}
}Returned when the json does not contain valid payload (error description provided)
{
"success": false,
"error": "Invalid payload syntax"
}- URL:
/api/auth/login - Method:
POST - Headers:
Content-Type: application/json - Authentication Required:
NO - curl:
curl -X POST http://HOST:PORT/api/auth/login -H "Content-Type: application/json" -d '{ "username": "<username>", "password": "<password>" }' -s | jq .
{
"username": "<username>",
"password": "<password>"
}Returned when User has successfully logged in
{
"success": true,
"data": {
"tokens": {
"access_token": "<access_token>",
"refresh_token": "<refresh_token>"
},
"user": {
"id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"username": "<username>",
"display_name": "Full Name",
"created_at": "<created_time>"
}
}
}Returned when credentials are incorrect
{
"success": false,
"error": "invalid username or password credentials"
}Returned when json payload structure is incorrect
{
"success": false,
"error": "Invalid json payload structure"
}- URL:
/api/auth/refresh - Method:
POST - Headers:
Content-Type: application/json - Authentication Required:
NO - curl:
curl -X POST http://HOST:PORT/api/auth/refresh -H "Content-Type: application/json -d '{ "refresh_token": "<refresh_token>" }' -s | jq .
{
"refresh_token": "<refresh_token>"
}Returned when token is refreshed successfully
{
"success": true,
"data": {
"access_token": "<access_token>",
"refresh_token": "<refresh_token>"
}
}Returned when refresh token given is invalid
{
"success": false,
"error": "refresh token expired or revoked"
}Get user data
- URL:
/api/users/me - Method:
GET - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X GET "http://HOST:PORT/api/users/me" -H "Authorization: Bearer <access_token>"
Returned when user data is successfully retrieved
{
"success": true,
"data": {
"id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"username": "<username>",
"display_name": "Full Name",
"created_at": "<created_time>"
}
}Returned when access token is missing, expired or wrong
{
"success": false,
"error": "Access token missing, expired or malformed"
}Used to find user with user id Get user data
- URL:
/api/users/{id} - Method:
GET - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X GET "http://HOST:PORT/api/users/{id}" -H "Authorization: Bearer <access_token>"
Returned when user is successfully found
{
"success": true,
"data": {
"id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"username": "<username>",
"display_name": "Full name",
"created_at": "<created_time>"
}
}Returned when user is not found or user id is incorrect
{
"success": false,
"error": "Requested profile does not exist"
}Returned when access token is missing or expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}Used to find user by username and display name Get user data
- URL:
/api/users/search?q={username}&page={page}&limit={limit} - Method:
GET - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X GET "http://HOST:PORT/api/users/search?q={name}&page={page}&limit={limit}" -H "Authorization: Bearer <access_token>"
Returned when user is successfully found
{
"success": true,
"data": [
{
"id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"username": "<username>",
"display_name": "Full Name",
"created_at": "<created_time>"
},
{
"id": "bbbbbbbb-bbbb-bbbb-bbbbbbbbbbbb",
"username": "<username>",
"display_name": "Full Name",
"created_at": "<created_time>"
}
]
}NOTE: If no users are found
{
"success": true,
"data": []
}Returned when access token is missing or expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}Returned when search has failed to execute
{
"success": false,
"error": "Failed to execute user directory search operations"
}Connect to websocket
- URL:
/api/ws?token={access_token} - Method:
WS (websocket Upgrade) - Headers:
NONE - Authentication Required:
YES - wscat:
wscat -c "ws://HOST:PORT/api/ws?token={access_token}"
Returned when websocket is successfully connected
connected to ws://HOST:PORT/api/ws?token={access_token}
Returned when access token is expired or incorrect
WebSocket error: Unexpected server response: 404
- URL:
/api/messages/ - Method:
POST - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X POST "http://HOST:PORT/api/messages/" -H "Content-Type: application/json" -H "Authorization: Bearer <access_token>" -d '{ "receiver_id": "<receiver_id>", "content": "<content>" }'
{
"receiver_id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"content": "<content>"
}Returned when message is successfully sent
{
"success": true,
"data": {
"id": "cccccccc-cccc-cccc-cccc-cccccccccccc",
"sender_id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"receiver_id": "bbbbbbbb-bbbb-bbbb-bbbbbbbbbbbb",
"content": "<content>",
"created_at": "<created_time>"
}
}Returned when access token is expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}To get message history with specific user using user id
- URL:
/api/users/messages/?with={receiver_id}&before={time}&limit={limit} - Method:
GET - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X GET "http://HOST:PORT/api/messages/?with={receiver_id}&before={time}&limit={limit}" -H "Authorization: Bearer <access_token>"
Returned when data is successfully retrieved
{
"success": true,
"data": [
{
"id": "cccccccc-cccc-cccc-cccc-cccccccccccc",
"sender_id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"receiver_id": "bbbbbbbb-bbbb-bbbb-bbbbbbbbbbbb",
"content": "<content>",
"created_at": "<created_time>"
}
]
}Returned when access token is expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}