KaroKar exposes its business capabilities through a REST API built on NestJS. Every endpoint represents a business action rather than a raw database operation — a deliberate choice (per ADR-010) to keep internal domain models decoupled from external consumers. Whether you are building a corporate portal, a mobile application, or a partner integration, all interactions flow through this single API surface.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Codefied-CodePix/Karokar-backend/llms.txt
Use this file to discover all available pages before exploring further.
Base URL
The server reads its port from thePORT environment variable, defaulting to 3000.
localhost:3000 with your host. Routes are mounted at bare resource paths with no global prefix:
API versioning is planned. ADR-010 states: “All APIs must be versioned. Breaking changes require a new version.” A URL prefix (e.g.
/api/v1) is intended for a future release. The current codebase does not yet apply a global prefix — all routes are served at their bare paths (e.g. /bookings, /users).Available Endpoints
The table below lists every route currently registered across the domain modules. Routes are grouped by the domain that owns them.Identity
| Method | Path | Description |
|---|---|---|
POST | /users | Register a new user |
GET | /users/:id | Retrieve a user by ID |
POST | /organizations | Create a new organization |
GET | /organizations/:id | Retrieve an organization by ID |
Fleet
| Method | Path | Description |
|---|---|---|
POST | /vehicles | Add a vehicle to the fleet |
GET | /vehicles/search | Search vehicles with filters |
GET | /vehicles/:id | Retrieve a vehicle by ID |
POST | /vehicles/:id/maintenance | Log a maintenance event for a vehicle |
Booking
| Method | Path | Description |
|---|---|---|
POST | /bookings | Create a new booking |
GET | /bookings/:id | Retrieve a booking by ID |
PATCH | /bookings/:id/submit | Submit a draft booking for approval |
PATCH | /bookings/:id/approve | Approve a submitted booking |
PATCH | /bookings/:id/reject | Reject a submitted booking |
PATCH | /bookings/:id/assign | Assign a driver to an approved booking |
PATCH | /bookings/:id/activate | Mark a booking as active (trip started) |
PATCH | /bookings/:id/complete | Complete an active booking |
PATCH | /bookings/:id/cancel | Cancel a booking |
PATCH | /bookings/:id/terminate | Terminate an active booking early |
Assignment
| Method | Path | Description |
|---|---|---|
GET | /assignments/:id | Retrieve an assignment by ID |
PATCH | /assignments/:id/accept | Driver accepts an assignment |
Administration
| Method | Path | Description |
|---|---|---|
POST | /admin/organizations/:id/approve | Platform admin approves an organization |
POST | /admin/organizations/:id/reject | Platform admin rejects an organization |
POST | /admin/organizations/:id/suspend | Platform admin suspends an organization |
Request Format
All endpoints accept and return JSON. Set theContent-Type header on every write request:
Input Validation
The application bootstraps a globalValidationPipe with the following configuration (from src/main.ts):
| Flag | Behaviour |
|---|---|
whitelist: true | Properties not declared in the DTO class are silently stripped before the handler runs |
forbidNonWhitelisted: true | If a stripped property is detected, the request is rejected with 400 Bad Request instead of being silently discarded |
transform: true | Plain JSON values are automatically coerced into their declared DTO types (e.g. string "123" → number 123) |
Error Response Format
KaroKar distinguishes between two categories of errors:Domain Errors (400 Bad Request)
Business rule violations are raised as DomainException and caught by the global DomainExceptionFilter. The response shape is:
Always
400 for domain errors.A human-readable description of the business rule that was violated.
A machine-readable error code (e.g.
BOOKING_NOT_FOUND). Present when the throwing code supplies one; omitted when no explicit code is provided (code?: string is optional on DomainException).HTTP / Framework Errors
Errors from NestJS guards, pipes, or unhandled exceptions follow the standard NestJS error envelope:| Code | Meaning |
|---|---|
400 | Validation failure or domain rule violation |
401 | Missing or invalid JWT — userId or organizationId could not be resolved from the token |
403 | Authenticated but lacking the required permission |
404 | Resource not found |
500 | Unexpected server error (includes unimplemented stubs such as AuthorizationService.can()) |
Multi-Tenant Design
KaroKar is a B2B2C platform where every resource belongs to an organization. ADR-010 mandates:“Every API request must execute within organizational context.”The
OrganizationContextInterceptor runs on every request. It reads organizationId from the JWT payload and attaches it to request.organizationId. The PermissionGuard then uses both userId and organizationId when performing authorization checks.
API Sections
Authentication
Learn how JWT tokens are validated and passed with every request. Understand the permission guard and organization context flow.
Users
Register users and retrieve user profiles within an organization context.
Organizations
Create and manage vendor or corporate organizations on the platform.
Vehicles
Add fleet vehicles, search available units, and log maintenance events.
Maintenance
Log and review maintenance events recorded against fleet vehicles.
Bookings
Manage the full booking lifecycle from creation through completion or termination.
Assignments
Retrieve and accept driver assignments linked to approved bookings.
Administration
Platform admin actions: approve, reject, or suspend organizations.