-
Notifications
You must be signed in to change notification settings - Fork 73
Expand file tree
/
Copy pathswagger.yaml
More file actions
498 lines (489 loc) · 15.2 KB
/
swagger.yaml
File metadata and controls
498 lines (489 loc) · 15.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
openapi: 3.0.0
info:
title: Zendvo Auth API
version: 1.0.0
description: API for user registration and authentication
paths:
/api/auth/register:
post:
summary: Register a new user
description: Creates a new user record with "unverified" status.
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- email
- password
properties:
email:
type: string
format: email
example: [email protected]
password:
type: string
format: password
minLength: 8
example: "StrongP@ss123"
name:
type: string
example: "John Doe"
responses:
"201":
description: User created successfully
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
message:
type: string
data:
type: object
properties:
userId:
type: string
format: uuid
email:
type: string
"400":
description: Validation error (invalid email, weak password, missing fields)
"409":
description: Email already registered
"413":
description: Request body too large
"429":
description: Too many registration attempts
"500":
description: Internal server error
/api/auth/forgot-password:
post:
summary: Request a password reset
description: Sends a password reset email if the user exists.
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- email
properties:
email:
type: string
format: email
example: [email protected]
responses:
"200":
description: Success response (always returned for security)
"400":
description: Invalid email format
"429":
description: Too many requests
"500":
description: Internal server error
/api/auth/reset-password:
post:
summary: Reset user password
description: Resets the password using a valid reset token.
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- token
- password
properties:
token:
type: string
format: uuid
example: "550e8400-e29b-41d4-a716-446655440000"
password:
type: string
format: password
minLength: 8
example: "NewStrongP@ss123"
responses:
"200":
description: Password reset successfully
"400":
description: Invalid token or weak password
"500":
description: Internal server error
/api/auth/login:
post:
summary: User login
description: Returns access and refresh tokens for valid credentials.
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- email
- password
properties:
email:
type: string
format: email
example: [email protected]
password:
type: string
format: password
example: "Password123!"
responses:
"200":
description: Login successful
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
data:
type: object
properties:
access_token:
type: string
refresh_token:
type: string
"401":
description: Invalid email or password
"429":
description: Too many failed attempts from the same IP
"500":
description: Internal server error
/api/auth/refresh:
post:
summary: Refresh access token
description: Returns a new access token using a valid refresh token.
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- refreshToken
properties:
refreshToken:
type: string
responses:
"200":
description: Tokens refreshed
"401":
description: Invalid or expired refresh token
/api/auth/logout:
post:
summary: User logout
description: Invalidates the provided refresh token.
security:
- bearerAuth: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- refreshToken
properties:
refreshToken:
type: string
responses:
"200":
description: Logged out successfully
"400":
description: Missing refresh token
"401":
description: Unauthorized
/api/auth/resend-otp:
post:
summary: Resend email verification OTP
description: Resends a verification code to the authenticated user with a 60 second cooldown.
security:
- bearerAuth: []
responses:
"200":
description: OTP resent successfully or already verified
"401":
description: Unauthorized
"404":
description: User not found
"429":
description: Rate limit exceeded
"500":
description: Internal server error
/api/auth/me:
get:
summary: Get current user
description: Returns the authenticated user's profile and verification status.
security:
- bearerAuth: []
responses:
"200":
description: User returned successfully
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
user:
type: object
properties:
id:
type: string
email:
type: string
format: email
name:
type: string
nullable: true
role:
type: string
status:
type: string
createdAt:
type: string
format: date-time
lastLogin:
type: string
format: date-time
nullable: true
email_verified:
type: boolean
"401":
description: Unauthorized
"404":
description: User not found
"500":
description: Internal server error
/api/gifts/public:
post:
summary: Create a public (anonymous) gift
description: >
Allows an unauthenticated sender to create a gift for a registered recipient.
No authentication is required. Rate limited to 10 requests per 60 seconds per IP.
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- recipientId
- amount
- senderName
- senderEmail
properties:
recipientId:
type: string
format: uuid
description: ID of the registered recipient user
example: "550e8400-e29b-41d4-a716-446655440000"
amount:
type: number
description: Gift amount. Must be positive and no greater than 10,000.
minimum: 0.01
maximum: 10000
example: 5000
senderName:
type: string
description: Display name of the sender
example: "Jane Doe"
senderEmail:
type: string
format: email
description: Email address of the sender
example: "[email protected]"
currency:
type: string
description: Currency code (default NGN)
enum:
- NGN
- USD
default: NGN
example: "NGN"
unlockDatetime:
type: string
format: date-time
description: >
Optional scheduled delivery datetime in ISO 8601 format with timezone offset.
Must be a future date. Example: "2026-04-01T10:00:00+01:00"
example: "2026-04-01T10:00:00+01:00"
hideAmount:
type: boolean
description: Whether to hide the gift amount from the recipient
default: false
example: false
message:
type: string
description: Optional personal message (max 500 characters)
maxLength: 500
example: "Happy birthday! Hope this brings a smile 🎉"
senderAvatar:
type: string
format: uri
description: Optional URL for the sender's avatar image
example: "https://example.com/avatar.png"
responses:
"201":
description: Gift created successfully and pending review
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: true
data:
type: object
properties:
giftId:
type: string
format: uuid
description: Unique identifier for the created gift
example: "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
status:
type: string
description: Initial status of the gift
example: "pending_review"
slug:
type: string
description: URL-friendly slug for the gift
example: "generous-sunrise-42"
shortCode:
type: string
description: Short alphanumeric code for sharing the gift link
example: "XK3T9P"
"400":
description: Missing required fields or unsupported currency
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: false
error:
type: string
example: "recipientId, amount, senderName, and senderEmail are required"
"404":
description: Recipient not found
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: false
error:
type: string
example: "Recipient not found"
"409":
description: Duplicate gift submitted within the last 5 minutes
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: false
error:
type: string
example: "A similar gift was recently submitted. Please wait before trying again."
"422":
description: Validation error (invalid amount, email, message length, or datetime)
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: false
error:
type: string
example: "Amount must be a positive number not exceeding 10,000"
"429":
description: Rate limit exceeded (10 requests per 60 seconds per IP)
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
example: false
error:
type: string
example: "Too many requests. Please try again later."
"500":
description: Internal server error
/api/gifts:
get:
summary: Get user gifts
description: Returns a list of gifts for the authenticated user.
security:
- bearerAuth: []
responses:
"200":
description: List of gifts
"401":
description: Unauthorized
post:
summary: Create a new gift
description: Initiates a gift sending process.
security:
- bearerAuth: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- recipient
- amount
- currency
properties:
recipient:
type: string
format: uuid
amount:
type: number
currency:
type: string
message:
type: string
template:
type: string
responses:
"201":
description: Gift created, pending OTP
"400":
description: Bad request
"401":
description: Unauthorized
"422":
description: Validation error
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT