Skip to content

CASI API

Harsh Agrawal edited this page Jul 8, 2021 · 1 revision

CASI API

Documentation of the CASI API endpoints that clients use to communicate with CASI.

Public access

1. POST /auth/refresh-token

Body: Include atleast one of the following parameters

	token : JWT token of the user
	rememberme : remember-me JWT token of the user 

Success: Returns the user details of a user

{
	'email': <email>,
	'username': <username>,
	'firstname': <firstname>,
	'lastname': <lastname>,
	'roles': <roles> (String[]),
}

Failure: Returns the error message

Admin Access

Preconditions for these API's

  1. Cookie: Must have the CASI token in the cookies. The token must have an admin role.
    • Tip: If the request is sent from the front-end then cookies will be automatically included by the browser if an admin user is logged in, else if the request is sent from the server side then you might have to explicitly set cookies.
  2. Authorization: Must have the authorization header with the client access token. Should be sent as Authorization: <access_token>
  3. The access_token sent in the Authorization header should belong to a client that must have a owner who is an admin. What this means is that the client whose access token is provided must be registered by an admin user (during the time of registration).

If all the above pre-conditions are satisfied only then the request is processed any further, else a status code of 401 is sent straight away.

1. GET /api/dcMemberList

Parameters: None Returns: List details of all DevClub members.

2. POST /api/addUserRole

Body:

email: Email of the user whose role has to be modified
role: Role that has to be given to that user

Returns: Success/Failure status codes and message

3. POST /api/deleteUserRole

Body:

email: Email of the user whose role has to be modified
role: Role that has to be deleted from the user

Returns: Success/Failure status codes and message

4. POST /api/queryDB

Body: Any mongoDB read query. This query will be executed and the result returned

Returns: Result of the query. 500 status if the query failed to execute