Skip to content

API Version 1: User

Nikhil Kansal edited this page Aug 20, 2017 · 5 revisions

GET /app/api/v1/user

The route requires authentication. It returns information about the currently logged in user. If the user is logged in, here is an example usage:

$ curl -H "Authorization: Bearer <TOKEN>" http://localhost/app/api/v1/user
{
    "error":null,
    "user": {
        "firstName": "John",
        "lastName": "Smith",
        "picture": "http://johnsmith.com/profile.jpg",
        "email": "jsmith@example.com",
        "year": 2,
        "major": "Cognitive Science",
        "points": 0
    }
}

If the token has expired, invalid, or not provided, the response will look something like this:

$ curl http://localhost/app/api/v1/user
{
    "error": {
        "status": 401,
        "message": "Unauthorized"
    }
}

PATCH /app/api/v1/user

This route requires authentication. It allows you to send a partial (differential) object of changes to the user information. It expects an application/json request with a body with the following (simplified) schema:

{
    user: {
        firstName: String,
        lastName: String,
        major: String,
        year: Number,
        password: { type: String, required: true },
        newPassword: String,
        confPassword: String
    }
}

The year field must be a number in the range [1, 2, 3, 4, 5], representing values of ['Freshman', 'Sophomore', 'Junior', 'Senior', 'Post-Senior'] respectively. Any field that does not need to be updated can be omitted except the password field, which is required. If the newPassword field is specified, the confPassword field must also be specified.

Common errors thrown by this call ([error.status] error.message):

  • [400] Bad Request – The call is probably missing the user object in the body
  • [400] The password field is required – The user object is missing the password field
  • [200] Passwords do not match – Either the newPassword and confPassword fields do not match or one of them is blank
  • [200] New password must be at least 8 characters – New password must be at least 8 characters
  • [401] Invalid password – The user entered their current password incorrectly

A successful call to this API will return the updated user information. For example, continuing the John Smith user example from above:

$ curl -H "Authorization: Bearer <TOKEN>" \
       --request PATCH \ 
       --data '{ "password": "test1234", "major": "Computer Science"' \
       http://localhost/app/api/v1/user

{
    "error": null,
    "user": {
        "firstName": "John",
        "lastName": "Smith",
        "picture": "http://johnsmith.com/profile.jpg",
        "email": "jsmith@example.com",
        "year": 2,
        "major": "Computer Science",
        "points": 0
    }
}

GET /app/api/v1/user/activity

The route requires authentication. It returns the user's activity over the lifetime of their account. For now, that just includes when the account was created and which events they attended, but this can be expanded in the future. The activity object has the following schema:

{
    // a unique identifier for this activity
    uuid: { type: String, required: true },
    // the user ID for the activity
    user: { type: String, required: true },
    // the type of the activity
    type: { type: String, required: true },
    // the date of the activity
    date: { type: Date, required: true },
    // description (contains name of event if the type is ATTEND_EVENT)
    description: { type: String, required: false },
    // points earned from activity
    pointsEarned: { type: Number, required: false },
    
}

Currently, the supported types of events are

  • ATTEND_EVENT — when a user attends an event. The activity also returns how many points the user earned from the event (under the pointsEarned field) and what its name is (under the description field)
  • ACCOUNT_CREATE — when the user created their account

Calling the API returns a top-level error object (as usual) as well as an activity field, which contains an array of activity objects in chronological order. An example call:

$ curl -H "Authorization: Bearer <TOKEN>" http://localhost/app/api/v1/user/activity

{
    "error": null,
    "activity": [
        {
            "uuid": "a53ec89f-0c96-4219-b9cb-ec811e3cfc6c",
            "user": "fc452002-edc0-49a9-866e-8fbfc697335c",
            "type": "ACCOUNT_CREATE",
            "date": "2017-08-20T18:56:22.726Z"
        },
        {
            "uuid": "105298bb-6f44-4604-9690-213a09f19c08",
            "user": "fc452002-edc0-49a9-866e-8fbfc697335c",
            "type": "ATTEND_EVENT",
            "date": "2017-08-24T06:17:13.257Z",
            "description": "ACM Fall General Meeting",
            "pointsEarned": 20
        },
    ]
}