User Management Endpoints Index

User Management

GET /api/users

List all users (requires authentication)

Headers:

Authorization: Bearer ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr...

Query Parameters:

  • sort - JSON array with field name and direction ["fieldName","ASC|DESC"]
    Example: sort=["username","ASC"] - Sort by username in ascending order
  • page - Page number (1-based)
    Example: page=1 - Get the first page
  • perPage - Number of items per page
    Example: perPage=10 - Show 10 items per page
  • filter - JSON object with field name/value pairs for filtering {"fieldName1":"value1","fieldName2":value2}
    Example: filter={"username":"John"} - Filter users with username containing "John"

    Special filter: Global Search
    Using the key q in the filter will search across all text columns:
    Example: filter={"q":"John","isActive":true} - Find active users with "John" in any text field

Example Requests:

GET /api/users?page=1&perPage=10&sort=["id","ASC"]&filter={"username":"John"}
GET /api/users?page=2&perPage=20&filter={"q":"John","isActive":true}

Response (200 OK):

{
    "data": [
        {
            "id": 1,
            "username": "John Doe",
            "email": "john@example.com",
            "typeCode": "REGU",
            "typeName": "Regular",
            "firstName": "John",
            "lastName": "Doe",
            "isActive": true,
            "createdAt": "2023-01-15T08:30:00Z",
            "updatedAt": "2023-01-15T08:30:00Z"
        },
        {
            "id": 2,
            "username": "Jane Smith",
            "email": "jane@example.com",
            "typeCode": "REGU",
            "typeName": "Regular",
            "firstName": "Jane",
            "lastName": "Smith",
            "isActive": true,
            "createdAt": "2023-02-20T10:15:00Z",
            "updatedAt": "2023-02-20T10:15:00Z"
        }
    ],
    "total": 42
}

Headers:

Content-Range: items 0-9/42
Accept-Range: items
Access-Control-Expose-Headers: Content-Range
X-Total-Count: 42

Note: The Content-Range header indicates the range of items returned and the total count.

GET /api/users/me

Get current user profile (requires authentication)

Headers:

Authorization: Bearer ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr...

Response (200 OK):

{
    "id": 1,
    "username": "John Doe",
    "email": "john@example.com",
    "typeCode": "REGU",
    "typeName": "Regular",
    "firstName": "John",
    "lastName": "Doe",
    "isActive": true,
    "createdAt": "2023-01-15T08:30:00Z",
    "updatedAt": "2023-01-15T08:30:00Z"
}

Error Responses:

{
    "message": "User not authenticated"
}

Notes:

  • Does not require CSRF token as it's a GET request (only mutation methods require CSRF)
GET /api/users/metrics

Gets a list of overall numbers on user data (requires authentication)

Headers:

Authorization: Bearer ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr...

Response (200 OK):

{
    "data": [
        {
            "id": 0,
            "totalFreeUsers": 0,
            "totalYearlyFreeUsers": 0,
            "totalYearlyCreatedUsers": 3,
            "monthlyIncompleteRegs": 0,
            "totalMonthlyFreeUsers": 0,
            "totalMonthlyExpiredUsers": 3,
            "totalMonthlyCreatedUsers": 0,
            "totalUserswithNoSubscription": 2
        }
    ],
    "total": 1
}

Error Responses:

{
    "message": "We could not collect any data on the users."
}

Notes:

  • This endpoint gets total numbers for different user metrics for the dashboard
  • Does not require CSRF token as it's a GET request (only mutation methods require CSRF)
  • Returns metrics including free users, yearly/monthly created users, incomplete registrations, and users without subscriptions
GET /api/users/verification-requests

List all user verification requests with filtering, sorting, and pagination (requires authentication)

Headers:

Authorization: Bearer ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr...

Query Parameters:

  • sort - JSON array with interface name and direction ["interfaceName","ASC|DESC"]
    Example: sort=["createdOn","DESC"] - Sort by creation date in descending order
    Supported fields: id, userId, requestTypeCode, requestTypeName, verificationCode, createdOn, attempts, username, email, firstName, lastName, isActive
  • page - Page number (1-based)
    Example: page=1 - Get the first page
  • perPage - Number of items per page
    Example: perPage=10 - Show 10 items per page
  • filter - JSON object with interface name/value pairs for filtering {"interfaceName1":"value1","interfaceName2":value2}
    Example: filter={"requestTypeCode":"RPWR"} - Filter verification requests with type code "RPWR" (password reset)
    Example: filter={"requestTypeName":"Reset Password"} - Filter verification requests with type name containing "Reset Password"
    Example: filter={"username":"john"} - Filter verification requests for users with username containing "john"
    Example: filter={"verificationCode":"abc123"} - Filter verification requests containing the verification code "abc123"

    Special filter: Global Search
    Using the key q in the filter will search across key text columns:
    Example: filter={"q":"reset"} - Find verification requests with "reset" in any searchable field (verificationCode, requestTypeCode, requestTypeName, username, email, firstName, lastName)

Example Requests:

GET /api/users/verification-requests?page=1&perPage=10&sort=["createdOn","DESC"]&filter={"requestTypeCode":"RPWR"}
GET /api/users/verification-requests?page=1&perPage=20&filter={"q":"john","isActive":true}

Response (200 OK):

{
    "data": [
        {
            "id": 1,
            "userId": 42,
            "requestTypeCode": "RPWR",
            "requestTypeName": "Reset Password",
            "verificationCode": "abc123def456", 
            "createdOn": "2023-06-15T14:30:00Z",
            "attempts": 0,
            "username": "johndoe",
            "email": "john@example.com",
            "firstName": "John",
            "lastName": "Doe",
            "isActive": true
        },
        {
            "id": 2,
            "userId": 37,
            "requestTypeCode": "REGR",
            "requestTypeName": "Email Verification",
            "verificationCode": "xyz789uvw456",
            "createdOn": "2023-06-14T10:15:00Z",
            "attempts": 1,
            "username": "janesmith",
            "email": "jane@example.com",
            "firstName": "Jane",
            "lastName": "Smith",
            "isActive": true
        }
    ],
    "total": 42
}

Headers:

Content-Range: items 0-9/42
Accept-Range: items
Access-Control-Expose-Headers: Content-Range
X-Total-Count: 42

Note: This endpoint includes verification codes and user details along with verification request information for improved usability and administration.

Notes:

  • Does not require CSRF token as it's a GET request (only mutation methods require CSRF)
GET /api/users/:id

Get a specific user by ID (requires authentication)

Headers:

Authorization: Bearer ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr...

Response (200 OK):

{
    "id": 2,
    "username": "Jane Doe",
    "email": "jane@example.com",
    "typeCode": "REGU",
    "typeName": "Regular",
    "firstName": "Jane",
    "lastName": "Doe",
    "isActive": true,
    "createdAt": "2023-02-20T10:15:00Z",
    "updatedAt": "2023-02-20T10:15:00Z"
}

Error Responses:

{
    "message": "User not found"
}

{
    "message": "User not authenticated"
}

Notes:

  • Does not require CSRF token as it's a GET request (only mutation methods require CSRF)
POST /api/users/verification-requests/resend-email

Resends verification email to selected users (requires authentication and CSRF token)

Headers:

Authorization: Bearer ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr...
x-csrf-token: a8d7f9c6e5b4a3c2d1e0f9a8d7f6c5b4a3

Request Body:

{
    "emails": ["john@example.com", "jane@example.com"]  // Array of email addresses
}

Response (200 OK):

{
    "code": 200,
    "message": "Successfully sent verification codes."
}

Error Responses:

{
    "message": "One or more users not found."
}

Notes:

  • This endpoint resends existing verification codes to the users with the specified email addresses
  • It will locate the appropriate verification request (registration or password reset) and resend it
  • This is useful when users report they haven't received their verification email
  • The system will send verification emails appropriate to the existing request type
  • Requires CSRF token as it's a POST request that triggers email sending
PUT /api/users/me

Update current user profile (requires authentication and CSRF token)

Headers:

Authorization: Bearer ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr...
x-csrf-token: a8d7f9c6e5b4a3c2d1e0f9a8d7f6c5b4a3

Request Body:

{
    "username": "johnsmith",
    "email": "johnsmith@example.com",
    "firstName": "John",
    "lastName": "Smith"
}

Response (200 OK):

{
    "id": 1,
    "username": "johnsmith",
    "email": "johnsmith@example.com",
    "typeCode": "REGU",
    "typeName": "Regular",
    "firstName": "John",
    "lastName": "Smith",
    "isActive": true,
    "createdAt": "2023-01-15T08:30:00Z",
    "updatedAt": "2023-06-10T14:20:00Z"
}

Error Responses:

{
    "message": "User not authenticated"
}

{
    "message": "User not found"
}

Notes:

  • All fields in the request body are optional for partial updates
  • The system automatically updates the corresponding Stripe customer if one exists
  • Requires CSRF token as it's a PUT request that modifies user data
PUT /api/users/verification-requests/new-request-code

Update verification requests with a new code (requires authentication and CSRF token)

Headers:

Authorization: Bearer ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr...
x-csrf-token: a8d7f9c6e5b4a3c2d1e0f9a8d7f6c5b4a3

Request Body:

{  
    "userReqList":[
        {
            "userId": 3,
            "request_type_code": "REGR"  // "REGR" for registration, "RPWR" for password reset
        },
        {
            "userId": 5,
            "request_type_code": "RPWR"
        }
    ]
}

Response (200 OK):

{
    "code": 200,
    "message": "Successfully created new verification requests."
}

Error Responses:

{
    "message": "One or more users not found."
}

Notes:

  • This endpoint generates new verification codes and sends them via email to the specified users
  • The request body should contain an array of user_id and request_type_code pairs
  • Valid request_type_code values are "REGR" (registration) and "RPWR" (password reset)
  • The system will send verification emails appropriate to the request type
  • Requires CSRF token as it's a PUT request that modifies data and triggers email sending
DELETE /api/users/:id

Delete a user by ID (requires authentication and CSRF token)

Headers:

Authorization: Bearer ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr...
x-csrf-token: a8d7f9c6e5b4a3c2d1e0f9a8d7f6c5b4a3

Response: 204 No Content

Error Responses:

{
    "message": "User not found"
}

{
    "message": "User not authenticated"
}

Notes:

  • This is a permanent deletion operation and cannot be undone
  • Requires CSRF token as it's a DELETE request that permanently removes data