/api/v1
All authenticated endpoints require a valid JWT token in the Authorization header:
Authorization: Bearer <token>
Login with email and password.
Request: {
email: string
password: string
}
Response: {
token: string
user: {
id: string
email: string
name: string
role: 'admin' | 'user'
}
}Register a new user.
Request: {
email: string
password: string
name: string
}
Response: {
token: string
user: {
id: string
email: string
name: string
role: 'user'
}
}Get current user profile.
Response: {
id: string
email: string
name: string
role: 'admin' | 'user'
settings: {
theme: 'light' | 'dark'
notifications: boolean
}
}Update current user profile.
Request:
{
name?: string
settings?: {
theme?: 'light' | 'dark'
notifications?: boolean
}
}
Response:
{
id: string
email: string
name: string
settings: {
theme: 'light' | 'dark'
notifications: boolean
}
}Get dashboard statistics.
Response: {
totalUsers: number
activeUsers: number
dailyActiveUsers: number
metrics: {
daily: Array<{
date: string
value: number
}>
weekly: Array<{
date: string
value: number
}>
}
}All endpoints return consistent error responses:
{
error: {
code: string
message: string
details?: any
}
}Common error codes:
AUTH_REQUIRED: Authentication requiredINVALID_CREDENTIALS: Invalid login credentialsVALIDATION_ERROR: Invalid request dataNOT_FOUND: Resource not foundFORBIDDEN: Permission deniedINTERNAL_ERROR: Server error
- 100 requests per minute for authenticated users
- 20 requests per minute for unauthenticated users
- Rate limit headers included in responses:
X-RateLimit-Limit: 100 X-RateLimit-Remaining: 99 X-RateLimit-Reset: 1640995200