Base URL: http://localhost:5000/api (development)
Most endpoints require authentication via JWT token. Include the token in the Authorization header:
Authorization: Bearer <your_jwt_token>
Send OTP to mobile number for verification.
Endpoint: POST /api/auth/send-otp
Request Body:
{
"mobile": "+1234567890"
}Response (200):
{
"success": true,
"message": "OTP sent successfully",
"mobile": "+1234567890"
}Verify OTP and receive JWT token.
Endpoint: POST /api/auth/verify-otp
Request Body:
{
"mobile": "+1234567890",
"otp": "123456"
}Response (200):
{
"success": true,
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": 1,
"mobile": "+1234567890",
"name": "John Doe",
"email": "john@example.com",
"role": "user"
}
}Get authenticated user details.
Endpoint: GET /api/auth/me
Headers: Authorization: Bearer <token>
Response (200):
{
"id": 1,
"mobile": "+1234567890",
"name": "John Doe",
"email": "john@example.com",
"role": "user",
"createdAt": "2025-01-01T00:00:00.000Z"
}Logout current user.
Endpoint: POST /api/auth/logout
Headers: Authorization: Bearer <token>
Response (200):
{
"success": true,
"message": "Logged out successfully"
}Update user profile information.
Endpoint: PUT /api/users/profile
Headers: Authorization: Bearer <token>
Request Body:
{
"name": "John Doe",
"email": "john@example.com"
}Response (200):
{
"success": true,
"user": {
"id": 1,
"name": "John Doe",
"email": "john@example.com",
"mobile": "+1234567890"
}
}Change user password.
Endpoint: PUT /api/users/password
Headers: Authorization: Bearer <token>
Request Body:
{
"oldPassword": "oldpass123",
"newPassword": "newpass123"
}Response (200):
{
"success": true,
"message": "Password changed successfully"
}Retrieve all menu items with optional filters.
Endpoint: GET /api/menu
Query Parameters:
category(optional): Filter by categorysearch(optional): Search by name or descriptionavailable(optional): Filter by availability (true/false)
Response (200):
{
"success": true,
"items": [
{
"id": 1,
"name": "Margherita Pizza",
"description": "Classic pizza with tomato and mozzarella",
"price": 12.99,
"category": "Pizza",
"image": "/images/products/pizza1.jpg",
"available": true,
"rating": 4.5,
"reviews": 120
}
]
}Get details of a specific menu item.
Endpoint: GET /api/menu/:id
Response (200):
{
"success": true,
"item": {
"id": 1,
"name": "Margherita Pizza",
"description": "Classic pizza with tomato and mozzarella",
"price": 12.99,
"category": "Pizza",
"image": "/images/products/pizza1.jpg",
"available": true,
"ingredients": ["Tomato", "Mozzarella", "Basil"],
"allergens": ["Gluten", "Dairy"]
}
}Create a new menu item.
Endpoint: POST /api/menu
Headers: Authorization: Bearer <admin_token>
Request Body:
{
"name": "Pepperoni Pizza",
"description": "Pizza with pepperoni",
"price": 14.99,
"category": "Pizza",
"image": "/images/products/pizza2.jpg",
"available": true
}Response (201):
{
"success": true,
"item": {
"id": 2,
"name": "Pepperoni Pizza",
"description": "Pizza with pepperoni",
"price": 14.99,
"category": "Pizza"
}
}Update an existing menu item.
Endpoint: PUT /api/menu/:id
Headers: Authorization: Bearer <admin_token>
Request Body: (any fields to update)
{
"price": 13.99,
"available": false
}Response (200):
{
"success": true,
"item": {
"id": 1,
"name": "Margherita Pizza",
"price": 13.99,
"available": false
}
}Delete a menu item.
Endpoint: DELETE /api/menu/:id
Headers: Authorization: Bearer <admin_token>
Response (200):
{
"success": true,
"message": "Menu item deleted successfully"
}Get all orders for the authenticated user.
Endpoint: GET /api/orders
Headers: Authorization: Bearer <token>
Response (200):
{
"success": true,
"orders": [
{
"id": 1,
"orderNumber": "ORD-20250101-001",
"status": "delivered",
"totalPrice": 25.98,
"items": [
{
"id": 1,
"name": "Margherita Pizza",
"quantity": 2,
"price": 12.99
}
],
"deliveryAddress": {
"street": "123 Main St",
"city": "New York",
"zipCode": "10001"
},
"createdAt": "2025-01-01T12:00:00.000Z",
"deliveredAt": "2025-01-01T13:30:00.000Z"
}
]
}Get details of a specific order.
Endpoint: GET /api/orders/:id
Headers: Authorization: Bearer <token>
Response (200):
{
"success": true,
"order": {
"id": 1,
"orderNumber": "ORD-20250101-001",
"status": "delivered",
"totalPrice": 25.98,
"items": [...],
"deliveryAddress": {...},
"payment": {
"method": "card",
"status": "completed"
},
"timeline": [
{
"status": "placed",
"timestamp": "2025-01-01T12:00:00.000Z"
},
{
"status": "preparing",
"timestamp": "2025-01-01T12:10:00.000Z"
}
]
}
}Place a new order.
Endpoint: POST /api/orders
Headers: Authorization: Bearer <token>
Request Body:
{
"items": [
{
"menuItemId": 1,
"quantity": 2,
"customizations": "Extra cheese"
}
],
"addressId": 1,
"paymentMethod": "card",
"specialInstructions": "Ring doorbell twice"
}Response (201):
{
"success": true,
"order": {
"id": 1,
"orderNumber": "ORD-20250101-001",
"status": "placed",
"totalPrice": 25.98,
"estimatedDelivery": "2025-01-01T13:30:00.000Z"
}
}Cancel a pending order.
Endpoint: POST /api/orders/:id/cancel
Headers: Authorization: Bearer <token>
Response (200):
{
"success": true,
"message": "Order cancelled successfully"
}Get all saved addresses for the user.
Endpoint: GET /api/addresses
Headers: Authorization: Bearer <token>
Response (200):
{
"success": true,
"addresses": [
{
"id": 1,
"label": "Home",
"street": "123 Main St",
"city": "New York",
"state": "NY",
"zipCode": "10001",
"isDefault": true
}
]
}Add a new address.
Endpoint: POST /api/addresses
Headers: Authorization: Bearer <token>
Request Body:
{
"label": "Office",
"street": "456 Business Ave",
"city": "New York",
"state": "NY",
"zipCode": "10002",
"isDefault": false
}Response (201):
{
"success": true,
"address": {
"id": 2,
"label": "Office",
"street": "456 Business Ave",
"city": "New York",
"state": "NY",
"zipCode": "10002"
}
}Update an existing address.
Endpoint: PUT /api/addresses/:id
Headers: Authorization: Bearer <token>
Response (200):
{
"success": true,
"address": {...}
}Delete an address.
Endpoint: DELETE /api/addresses/:id
Headers: Authorization: Bearer <token>
Response (200):
{
"success": true,
"message": "Address deleted successfully"
}Get reviews for a menu item.
Endpoint: GET /api/reviews/item/:itemId
Response (200):
{
"success": true,
"reviews": [
{
"id": 1,
"rating": 5,
"comment": "Excellent pizza!",
"user": {
"name": "John Doe"
},
"createdAt": "2025-01-01T12:00:00.000Z"
}
],
"stats": {
"average": 4.5,
"total": 120
}
}Submit a review for an order item.
Endpoint: POST /api/reviews
Headers: Authorization: Bearer <token>
Request Body:
{
"orderId": 1,
"menuItemId": 1,
"rating": 5,
"comment": "Excellent pizza!"
}Response (201):
{
"success": true,
"review": {
"id": 1,
"rating": 5,
"comment": "Excellent pizza!"
}
}Get all active promotional offers.
Endpoint: GET /api/offers
Response (200):
{
"success": true,
"offers": [
{
"id": 1,
"title": "20% OFF First Order",
"description": "Get 20% off on your first order",
"code": "FIRST20",
"discountPercent": 20,
"validUntil": "2025-12-31T23:59:59.000Z",
"minOrderValue": 15.00
}
]
}Apply an offer code to calculate discount.
Endpoint: POST /api/offers/apply
Headers: Authorization: Bearer <token>
Request Body:
{
"code": "FIRST20",
"orderTotal": 50.00
}Response (200):
{
"success": true,
"discount": 10.00,
"finalTotal": 40.00,
"offer": {
"title": "20% OFF First Order",
"code": "FIRST20"
}
}Get admin dashboard statistics.
Endpoint: GET /api/admin/stats
Headers: Authorization: Bearer <admin_token>
Response (200):
{
"success": true,
"stats": {
"totalOrders": 1250,
"todayOrders": 45,
"totalRevenue": 35000.00,
"todayRevenue": 1200.00,
"activeUsers": 856,
"pendingOrders": 12
}
}Get all orders with filters.
Endpoint: GET /api/admin/orders
Headers: Authorization: Bearer <admin_token>
Query Parameters:
status: Filter by statusdate: Filter by datepage: Pagination
Response (200):
{
"success": true,
"orders": [...],
"pagination": {
"page": 1,
"total": 100,
"pages": 10
}
}Update the status of an order.
Endpoint: PUT /api/admin/orders/:id/status
Headers: Authorization: Bearer <admin_token>
Request Body:
{
"status": "preparing"
}Response (200):
{
"success": true,
"order": {
"id": 1,
"status": "preparing"
}
}Subscribe to push notifications.
Endpoint: POST /api/notifications/subscribe
Headers: Authorization: Bearer <token>
Request Body:
{
"subscription": {
"endpoint": "https://...",
"keys": {
"p256dh": "...",
"auth": "..."
}
}
}Response (200):
{
"success": true,
"message": "Subscribed to notifications"
}Unsubscribe from push notifications.
Endpoint: POST /api/notifications/unsubscribe
Headers: Authorization: Bearer <token>
Response (200):
{
"success": true,
"message": "Unsubscribed from notifications"
}All endpoints may return error responses in the following format:
Example (400 Bad Request):
{
"success": false,
"error": "Validation error",
"message": "Invalid mobile number format"
}Example (401 Unauthorized):
{
"success": false,
"error": "Unauthorized",
"message": "Invalid or expired token"
}Example (403 Forbidden):
{
"success": false,
"error": "Forbidden",
"message": "Admin access required"
}Example (404 Not Found):
{
"success": false,
"error": "Not Found",
"message": "Resource not found"
}Example (500 Internal Server Error):
{
"success": false,
"error": "Internal Server Error",
"message": "An unexpected error occurred"
}API endpoints are rate-limited to prevent abuse:
- Authentication endpoints: 5 requests per minute per IP
- Other endpoints: 100 requests per minute per user
When rate limit is exceeded:
{
"success": false,
"error": "Rate Limit Exceeded",
"message": "Too many requests, please try again later",
"retryAfter": 60
}Endpoints that return lists support pagination:
Query Parameters:
page: Page number (default: 1)limit: Items per page (default: 20, max: 100)
Response includes:
{
"data": [...],
"pagination": {
"page": 1,
"limit": 20,
"total": 150,
"pages": 8
}
}For more information or support, please refer to the main documentation or open an issue on GitHub.