- Base URL:
http://HOST:PORT(Local Sandbox) - Default Content-Type:
application/json - Authorization:
Bearer <access_token> - Timestamp Format:
ISO8601 UTC
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/health | Health check (server + database status) |
| POST | /api/auth/register | Register a new user |
| POST | /api/auth/login | Log in and receive a token pair |
| POST | /api/auth/refresh | Exchange a refresh token for a new token pair |
| GET | /api/users/me | Get the authenticated user's profile |
| GET | /api/users/:id | Search users by User id |
| GET | /api/users/search?q=&page=&limit= | Search user by username and display name |
| GET | /ws | WebSocket upgrade endpoint (JWT required) |
| WS | Client to Server | Client to Server Websocket |
| WS | Server to Client | Server to Client Websocket |
| POST | /api/messages | Send a message (REST fallback) |
| GET | /api/messages?with=&before=&limit= | Paginated message history |
| GET | /api/messages/conversations | Get user conversatiosn |
| POST | /api/messages/read | Get read mark |
| POST | /api/groups/ | Create Group |
| GET | /api/groups/ | Get all groups of user |
| GET | /api/group/{id} | Get group by group id |
| GET | /api/groups/{id}/messages | Get message of a group |
| GET | /api/groups/{id}/members | Get group members |
| POST | /api/groups/{id}/leave | Leave a group |
| PATCH | /api/groups/{id}/ | Update Group Details |
| POST | /api/groups/{id}/members | Add members to group |
| DELETE | /api/groups/{id}/members/{user_id} | Remove member from group |
Evaluates the operational status of the server application and its upstream resource dependencies (such as the PostgreSQL database pool).
- URL:
/api/health - Method:
GET - Authentication Required:
NO - curl:
curl -X GET http://HOST:PORT/api/health -s | jq .
Returned when the server runtime is healthy and can successfully execute a ping query against the database.
{
"success": true,
"data": {
"postgres": "up",
"timestamp": "<TimeStamp>"
}
}Returned when the server has encountered an unexpected error (error description provided)
{
"success": false,
"data": {
"postgres": "down",
"timestamp": "<TimeStamp>"
},
"error": "Database engine unreachable"
}- URL:
/api/auth/register - Method:
POST - Headers:
Content-Type: application/json - Authentication Required:
NO - curl:
curl -X POST http://HOST:PORT/api/auth/register -H "Content-Type: application/json" -d '{ "username": "<username>", "display_name": "Full Name", "password": "<password>" }' -s
{
"username": "<username>",
"display_name": "Full Name",
"password": "<password>"
}The username in the response may differ from the one submitted. If the requested username is already taken, the server automatically appends a numeric suffix (e.g. "abc" → "abc.4130") to ensure uniqueness.
Returned when the account/user is successfully created
{
"success": true,
"data": {
"tokens": {
"access_token": "<access_token>",
"refresh_token": "<refresh_token>"
},
"user": {
"id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"username": "<username>",
"display_name": "Full Name",
"created_at": "<TimeStamp>"
}
}
}Returned when the json does not contain valid payload (error description provided)
{
"success": false,
"error": "Invalid payload syntax"
}- URL:
/api/auth/login - Method:
POST - Headers:
Content-Type: application/json - Authentication Required:
NO - curl:
curl -X POST http://HOST:PORT/api/auth/login -H "Content-Type: application/json" -d '{ "username": "<username>", "password": "<password>" }' -s
{
"username": "<username>",
"password": "<password>"
}Returned when User has successfully logged in
{
"success": true,
"data": {
"tokens": {
"access_token": "<access_token>",
"refresh_token": "<refresh_token>"
},
"user": {
"id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"username": "<username>",
"display_name": "Full Name",
"created_at": "<Timestamp>"
}
}
}Returned when credentials are incorrect
{
"success": false,
"error": "invalid username or password credentials"
}Returned when json payload structure is incorrect
{
"success": false,
"error": "Invalid json payload structure"
}- URL:
/api/auth/refresh - Method:
POST - Headers:
Content-Type: application/json - Authentication Required:
NO - curl:
curl -X POST http://HOST:PORT/api/auth/refresh -H "Content-Type: application/json" -d '{ "refresh_token": "<refresh_token>" }' -s
{
"refresh_token": "<refresh_token>"
}Returned when token is refreshed successfully
{
"success": true,
"data": {
"access_token": "<access_token>",
"refresh_token": "<refresh_token>"
}
}Returned when refresh token given is invalid
{
"success": false,
"error": "refresh token expired or revoked"
}Get user data
- URL:
/api/users/me - Method:
GET - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X GET "http://HOST:PORT/api/users/me" -H "Authorization: Bearer <access_token>"
Returned when user data is successfully retrieved
{
"success": true,
"data": {
"id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"username": "<username>",
"display_name": "Full Name",
"created_at": "<Timestamp>"
}
}Returned when access token is missing, expired or wrong
{
"success": false,
"error": "Access token missing, expired or malformed"
}Used to find user with user id Get user data
- URL:
/api/users/{id} - Method:
GET - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X GET "http://HOST:PORT/api/users/{id}" -H "Authorization: Bearer <access_token>"
Returned when user is successfully found
{
"success": true,
"data": {
"id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"username": "<username>",
"display_name": "Full name",
"created_at": "<Timestamp>"
}
}Returned when user is not found or user id is incorrect
{
"success": false,
"error": "Requested profile does not exist"
}Returned when access token is missing or expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}Used to find user by username and display name Get user data
- URL:
/api/users/search?q={username}&page={page}&limit={limit} - Method:
GET - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X GET "http://HOST:PORT/api/users/search?q={name}&page={page}&limit={limit}" -H "Authorization: Bearer <access_token>"
Returned when user is successfully found
{
"success": true,
"data": [
{
"id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"username": "<username>",
"display_name": "Full Name",
"created_at": "<Timestamp>"
},
{
"id": "bbbbbbbb-bbbb-bbbb-bbbbbbbbbbbb",
"username": "<username>",
"display_name": "Full Name",
"created_at": "<Timestamp>"
}
]
}NOTE: If no users are found
{
"success": true,
"data": []
}Returned when access token is missing or expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}Returned when search has failed to execute
{
"success": false,
"error": "Failed to execute user directory search operations"
}- URL:
/api/ws?token={access_token} - Method:
WS (websocket Upgrade) - Headers:
NONE - Authentication Required:
YES - wscat:
wscat -c "ws://HOST:PORT/api/ws?token={access_token}"
Returned when websocket is successfully connected
connected to ws://HOST:PORT/api/ws?token={access_token}
Returned when access token is expired or incorrect
WebSocket error: Unexpected server response: 404
- If chat is done in group group_id will be used instead of receiver_id and vice versa.
Sends a direct or group message.
No Reply
{
"type":"chat",
"receiver_id":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"content":"<content>"
}Reply
{
"type":"chat",
"receiver_id":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"content":"<content>",
"reply_to_message_id":"<message_id of message being replied to>"
}- If chat is done in group group_id will be used instead of receiver_id and vice versa.
Marks messages as read.
{
"type":"read_receipt",
"receiver_id":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
}- If chat is done in group group_id will be used instead of receiver_id and vice versa.
Checks whether a specific user is currently connected.
{
"type":"request_status",
"receiver_id":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
}- If chat is done in group group_id will be used instead of receiver_id and vice versa.
{
"type": "typing",
"receiver_id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
}- If chat is done in group group_id will be used instead of receiver_id and vice versa.
Delivered when another user sends you a direct or group message.
{
"type": "chat",
"sender_id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"receiver_id": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"content": "<content>",
"message_id": "<message_id>",
"timestamp": "<Timestamp>"
}- If chat is done in group group_id will be used instead of receiver_id and vice versa.
Delivered when another user replies to a message. Includes the original quoted message.
{
"type": "chat",
"sender_id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"receiver_id": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"content": "<content>",
"message_id": "<message_id>",
"reply_to_message_id": "<message_id_of_message_to_be_replied>",
"timestamp": "<created_time>",
"quoted_message": {
"content": "<original message content>",
"sender_id": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb"
}
}- If chat is done in group group_id will be used instead of receiver_id and vice versa.
Delivered when another user is typing to you or in a shared group.
{
"type": "typing",
"sender_id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"receiver_id": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb"
}- If chat is done in group group_id will be used instead of receiver_id and vice versa.
Delivered when the recipient reads your message.
{
"type": "read_receipt",
"sender_id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"receiver_id": "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
"timestamp": "<created_time>"
}- If chat is done in group group_id will be used instead of receiver_id and vice versa.
Broadcast to all connected clients when a user connects or disconnects. Also sent as a direct response to request_status
{
"type": "user_status",
"user_id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"online": true
}- If chat is done in group group_id will be used instead of receiver_id and vice versa.
- URL:
/api/messages/ - Method:
POST - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X POST "http://HOST:PORT/api/messages/" -H "Content-Type: application/json" -H "Authorization: Bearer <access_token>" -d '{ "receiver_id": "<receiver_id>", "content": "<content>" }'
{
"receiver_id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"content": "<content>"
}Returned when message is successfully sent
{
"success": true,
"data": {
"id": "cccccccc-cccc-cccc-cccc-cccccccccccc",
"sender_id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"receiver_id": "bbbbbbbb-bbbb-bbbb-bbbbbbbbbbbb",
"content": "<content>",
"created_at": "<created_time>"
}
}Returned when access token is expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}To get message history with specific user using user id
- URL:
/api/messages/?with={receiver_id}&before={time}&limit={limit} - Method:
GET - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X GET "http://HOST:PORT/api/messages/?with={receiver_id}&before={time}&limit={limit}" -H "Authorization: Bearer <access_token>"
Returned when data is successfully retrieved
{
"success": true,
"data": [
{
"id": "cccccccc-cccc-cccc-cccc-cccccccccccc",
"sender_id": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
"receiver_id": "bbbbbbbb-bbbb-bbbb-bbbbbbbbbbbb",
"content": "<content>",
"created_at": "<Timestamp>"
}
]
}Returned when access token is expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}To retrieve user conversations
- URL:
/api/messages/conversations - Method:
GET - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X GET "http://HOST:PORT/api/messages/conversations" -H "Authorization: Bearer <access_token>"
Conversations is successfully retrieved.
{
"success": true,
"data": [
{
"id": "<user_id of receiver>",
"type": "<direct or group>",
"name": "<username>",
"display_name": "<display Name>",
"last_message": "<content>",
"last_message_time": "<Timestamp",
"sender_id": "<user_id>",
"is_read": false/true"<read_status>",
"unread_count": 0"<unread_count of corresponding user>"
}
]
}Access token is missing or expired.
{
"success": false,
"error": "Access token missing, expired or malformed"
}To get read mark for a user
- URL:
/api/messages/read - Method:
POST - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X POST "http://HOST:PORT/api/messages/read" -H "Authorization: Bearer <access_token>" -d '{ "sender_id": "<sender_id>" }'
{
"sender_id":"<sender_id>"
}{
"success": true,
"data": "Target messages marked read successfully"
}{
"success": false,
"error": "Access token missing, expired or malformed"
}- URL:
/api/groups/ - Method:
POST - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X POST "http://HOST:PORT/api/groups/" -H "Authorization: Bearer <access_token>" -d '{ "name" : "group_name" }'
{
"name":"<group_name>"
}Returned when group is successfully created
{
"success": true,
"data": {
"id": "<group_id>",
"name": "noobs",
"created_by": "<creator_id>",
"created_at": "<Timestamp>"
}
}Returned when access token is expired or incorrect.
{
"success": false,
"error": "Access token missing, expired or malformed"
}- URL:
/api/groups/ - Method:
GET - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X GET "http://HOST:PORT/api/groups/" -H "Authorization: Bearer <access_token>"
{
"success": true,
"data": [
{
"id": "<group_id>",
"name": "<group_name>",
"created_by": "<creator_id>",
"created_at": "<Timestamp>"
},
{
"id": "<group_id>",
"name": "<group_name>",
"created_by": "<creator_id>",
"created_at": "<Timestamp>"
}
]
}{
"success": false,
"error": "Access token missing, expired or malformed"
}- URL:
/api/groups/{id} - Method:
GET - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X GET "http://HOST:PORT/api/groups/{id}" -H "Authorization: Bearer <access_token>"
Returned when group with given id is retrieved
{
"success": true,
"data": [
{
"id": "<group_id>",
"name": "<group_name>",
"created_by": "<creator_id>",
"created_at": "Timestamp"
},
{
"id": "<group_id>",
"name": "<group_name>",
"created_by": "<creator_id>",
"created_at": "Timestamp"
}
]
}Returned when you are not a member of group with given group id or the group id is incorrect
{
"success": false,
"error": "Access denied: you are not a member of this group"
}Returned when access token is expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}- URL:
/api/groups/{id}/messages - Method:
GET - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X GET "http://HOST:PORT/api/groups/{id}/messages" -H "Authorization: Bearer <access_token>"
Returned when messages is successfully retrieved
{
"success": true,
"data": [
{
"id": "<message_id>",
"sender_id": "<sender_id>",
"group_id": "<group_id>",
"content": "<content>",
"created_at": "<Timestamp>",
"is_read": (bool)"<read_status>"
}
]
}Returned if user are not member of the group with given group id or group id is incorrect
{
"success": false,
"error": "Access denied: you are not a member of this group"
}Returned if access token is expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}Get members of a group
- URL:
/api/groups/{id}/members - Method:
GET - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X GET "http://HOST:PORT/api/groups/{id}/members" -H "Authorization: Bearer <access_token>"
{
"success": true,
"data": [
{
"user_id": "<user_id>",
"username": "<username>",
"display_name": "<Full Name>",
"role": "<role>",
"joined_at": "Timestamp"
},
{
"user_id": "<user_id>",
"username": "<username>",
"display_name": "<Full Name>",
"role": "<role>",
"joined_at": "Timestamp"
}
]
}- Note: Role can either be admin or member.
Returned when user is not a member of group with given group id or group id is incorrect or if user is not admin of group
{
"success": false,
"error": "Access denied: you are not a member of this group"
}Returned when access token is expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}- URL:
/api/groups/{id}/leave - Method:
POST - Headers:
Content-Type: application/json - Authentication Required:
YES - curl:
curl -X POST "http://HOST:PORT/api/groups/{id}/leave" -H "Authorization: Bearer <access_token>"
Returned when user successfully left the group
{
"success": true,
"data": "You have left the group"
}Returned when user is not a member of group with given group id or group id is incorrect or if user is not admin of group
{
"success": false,
"error": "Access denied: you are not a member of this group"
}Returned when access token is expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}- URL:
/api/groups/{id}/ - Method:
PATCH - Headers:
Content-Type: application/json - Authentication Required:
YES - Admin Access Required:
YES - curl:
curl -X PATCH "http://HOST:PORT/api/groups/{id}/" -H "Authorization: Bearer <access_token>" -d '{ "name":"<group_name>" }'
{
"name":"<new_group_name>"
}Returned when group details are successfully updated.
{
"success": true,
"data": "Group details updated successfully"
}Returned when user is not a member of group with given group id or group id is incorrect or if user is not admin of group
{
"success": false,
"error": "Access denied: you are not a member of this group"
}{
"success": false,
"error": "Administrative clearance privileges required"
}Returned when access token is expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}- URL:
/api/groups/{id}/members - Method:
POST - Headers:
Content-Type: application/json - Authentication Required:
YES - Admin Access Required:
YES - curl:
curl -X POST "http://HOST:PORT/api/groups/{id}/members" -H "Authorization: Bearer <access_token>" -d '{ "user_id":"<user_id>" }'
{
"user_id":"<user_id>"
}Returned when user is successfully added to group
{
"success": true,
"data": "User attached to channel context cleanly"
}Returned when user with given user id does not exist
{
"success": false,
"error": "Failed to add member to channel"
}Returned when user is not a member of group with given group id or group id is incorrect or if user is not admin of group
{
"success": false,
"error": "Access denied: you are not a member of this group"
}{
"success": false,
"error": "Administrative clearance privileges required"
}Returned when access token is expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}- URL:
/api/groups/{id}/members/{user_id} - Method:
DELETE - Headers:
Content-Type: application/json - Authentication Required:
YES - Admin Access Required:
YES - curl:
curl -X DELETE "http://HOST:PORT/api/groups/{id}/members/{user_id}" -H "Authorization: Bearer <access_token>"
Returned when user is successfully removed from group
{
"success": true,
"data": "Member detached from group context cleanly"
}Returned when user with given user id does not exist
{
"success": false,
"error": "Failed to add member to channel"
}Returned when user is not a member of group with given group id or group id is incorrect or if user is not admin of group
{
"success": false,
"error": "Access denied: you are not a member of this group"
}{
"success": false,
"error": "Administrative clearance privileges required"
}Returned when access token is expired or incorrect
{
"success": false,
"error": "Access token missing, expired or malformed"
}