Notaris Project

Appearance

API Usage

WARNING

Each routes should be used with prefix /api/v1

Authentication

POST /auth/signin

Authenticates a user with email or phone and password, returning an access token on successful login.

  • Request Body:

    json
    {
  "email": "user@example.com",
  "password": "securepassword",
}

  • Response:

    • 200 OK: Sign-in successful, returns an access token.
      json
      {
  "data": {
    "token": "token-string",
    "type": "access"
  },
  "message": "Signin successful"
}
    • 401 Unauthorized: Invalid credentials or user not found.
      json
      {
  "message": "Invalid credentials"
}

Registration

POST /auth/signup

Registers a new user, initiating the account creation and email confirmation process.

  • Request Body:

    json
    {
  "name": "John Doe",
  "email": "user@example.com",
  "password": "securepassword",
  "phone": "1234567890" // optional
}

  • Response:

    • 200 OK: Sign-up successful, account confirmation is required.
      json
      {
  "message": "Sign up successful. Please confirm your account.",
  "data": {
    "token": {
      "content": "token-string",
      "type": "signup"
    },
    "last": 1731225743233,
    "expired": 1731226343233,
    "attempts": 1
  }
}
    • 400 Bad Request: Email or phone already taken, or invalid input.
      json
      {
  "message": "Email has been taken!"
}

GET /auth/signup/confirm

Confirms the user's registration using a verification code sent via email.

  • Query Parameters:

    json
    {
  "code": "verification-code-string"
}

  • Response:

    • 200 OK: Registration confirmed successfully.
      json
      {
  "message": "Success confirming registration."
}
    • 400 Bad Request: Invalid or missing verification code.
      json
      {
  "message": "Invalid code"
}

GET /auth/signup/status

Checks the current status of the user's registration, verifying if the account has been confirmed.

  • Headers:

    json
    {
  "Authorization": "Bearer token-string"
}

  • Response:

    • 200 OK: Returns the registration status if email has not been confirmed yet.
      json
      {
  "message": "Success getting confirmation status.",
  "data": {
    "token": {
      "content": "token-string",
      "type": "signup"
    },
    "last": 29123123123, // Date, The date of the last attempt
    "attempts": 1, // Number, How many attempts done
    "expired": 0, // Date, When the date will expired
  }
}
    • 200 OK: Returns the access token if email has been confirmed.
      json
      {
  "message": "Success confirming registration.",
  "data": {
    "token": {
      "content": "token-string",
      "type": "access"
    }
  }
}
    • 400 Bad Request: Invalid or missing token.
      json
      {
  "message": "Invalid token."
}

POST /auth/signup/resend

Resends the confirmation code for completing the registration process.

  • Headers:

    json
    {
  "Authorization": "Bearer token-string"
}

  • Response:

    • 200 OK: Confirmation code resent successfully.
      json
      {
  "message": "Confirmation code resent successfully."
}
    • 400 Bad Request: Invalid or expired token.
      json
      {
  "message": "Invalid token."
}
    • 403 Forbidden: Cannot resend to confirmed email.
      json
      {
  "message": "Sign Up attempt has been confirmed."
}
    • 404 Not Found: No attempt found
      json
      {
  "message": "Sign Up Attempt not found."
}
    • 429 Too Many Request: There are too many requests in the interval
      json
      {
  "message": "Too many request"
}

POST /auth/signup/cancel

Cancels registration attempt to prevent memmory leak in the server

  • Headers:

    json
    {
  "Authorization": "Bearer token-string"
}

  • Response:

    • 200 OK: Success canceling registration attempt
      json
      {
  "message": "Registration has been canceled"
}
    • 400 Bad Request: Invalid or expired token.
      json
      {
  "message": "Invalid token."
}

Office

POST /office/invitation/create

Allows Admin to create an invitation link that includes user roles and email.

  • Request Body:

    json
    {
  "email": "invitee@example.com",
  "user_type": "ADMIN | NOTARY | PPAT", // Allowed user types
  "expired": 10 // In minutes, should use dropdown in the app
}

  • Response:

    • 201 Created: Invitation created successfully, returns the invitation link.
      json
      {
  "message": "Invitation created successfully.",
  "data": {
      "link": "https://api.example.com/invitation/open",
      "expired": 10,
      "user_type": "ADMIN",
      "email": "invitee@example.com",
  }
}
    • 400 Bad Request: Invalid or missing input parameters.
      json
      {
  "message": "Invalid input parameters. | Email has been taken."
}
    • 403 Forbidden: User is not authorized to create invitations.
      json
      {
  "message": "Access denied. Only admins can create invitations."
}
    • 401 Forbidden: User is not authorized to access office routes.
      json
      {
  "message": "Access denied to access this route."
}

GET /office/service

Retrieves a list of available services. This API endpoint is open to the public and does not require ADMIN access.

  • Response:
    • 200 OK: Returns a list of services.
      json
      {
  "data": [
    {
      "id": "service_id",
      "name": "Service Name",
      "description": "Service Description",
      "fee": [{"name": "Biaya Pelayanan","amount": 1000}]
    },
    // Additional services
  ],
  "message": "Service list retrieved successfully"
}

POST /office/service/:id

Allows an Admin to create a new service, including details such as the service fee and task.

  • Request Body:

    json
    {
  "name": "Service Name",
  "description": "Detailed service description",
  "fee": [{"name": "Biaya Pelayanan","amount": 1000}],
  "tasks": ["Task 1", "Task 2"]
}

  • Response:

    • 201 Created: Service created successfully.
      json
      {
  "data": {
    "id": "service_id",
    "name": "Service Name",
    "description": "Detailed service description",
    "fee": [{"name": "Biaya Pelayanan","amount": 1000}],
    "tasks": ["Task 1", "Task 2"]
  },
  "message": "Service created successfully"
}
    • 403 Forbidden: Access denied if the user is not an Admin.
      json
      {
  "message": "Access denied"
}

PUT /office/service/:id

Allows an Admin to update the entire service data with the provided request payload.

  • Request Body:

    json
    {
  "name": "Updated Service Name",
  "description": "Updated service description",
  "fee": 1500,
  "tasks": ["Updated Task 1", "Updated Task 2"]
}

  • Response:

    • 200 OK: Service updated successfully.
      json
      {
  "data": {
    "id": "service_id",
    "name": "Updated Service Name",
    "description": "Updated service description",
    "fee": 1500,
    "tasks": ["Updated Task 1", "Updated Task 2"]
  },
  "message": "Service updated successfully"
}
    • 404 Not Found: Service with the specified ID not found.
      json
      {
  "message": "Service not found"
}

PATCH /office/service/:id

Allows an Admin to close a service, effectively hiding it from public view.

  • Response:
    • 200 OK: Service closed successfully.
      json
      {
  "data": {
    "id": "service_id",
    "status": "closed"
  },
  "message": "Service closed successfully"
}
    • 404 Not Found: Service with the specified ID not found.
      json
      {
  "message": "Service not found"
}

DELETE /office/service/:id

Allows an Admin to soft delete (hide) a service from the list permanently. The service is not removed from the database if there are references to previous orders; otherwise, it is permanently deleted.

  • Request Body:

    json
    {
  "id": "service_id"
}

  • Response:

    • 200 OK: Service soft deleted (or permanently deleted if no references).
      json
      {
  "data": {
    "id": "service_id",
    "status": "deleted"
  },
  "message": "Service deleted successfully"
}
    • 404 Not Found: Service with the specified ID not found.
      json
      {
  "message": "Service not found"
}

Invitation

GET /invitation/open

Checks if an invitation exists. If it does, redirects to the invitation page; otherwise, redirects to a 404 page.

  • Query Parameters:

    json
    {
  "code": "abc123"
}

  • Response:

    • 302 Found: Redirects to the invitation page if the invitation exists.
      • No JSON response as it’s a redirection.
    • 404 Not Found: Invitation not found, redirects to the 404 page.
      • No JSON response as it’s a redirection.

POST /invitation/accept

Accepts user input from the app and generates an access token if the invitation is successfully accepted.

  • Request Body:

    json
    {
  "code": "abc123",
  "name": "John Doe",
  "password": "securepassword"
}

  • Response:

    • 200 OK: Invitation accepted, access token generated.
      json
      {
  "message": "Invitation accepted successfully.",
  "data": {
    "token": {
      "content": "jwt-access-token",
      "type": "access"
    },
  }
}
    • 400 Bad Request: Invalid invitation ID or missing input data.
      json
      {
  "message": "Invalid invitation ID or missing data."
}
    • 404 Not Found: Invitation not found.
      json
      {
  "message": "Invitation not found."
}