The AutoPart Pro REST API gives you programmatic access to every feature of the platform: user authentication, automotive parts inventory management, sales processing, and user administration. All resources are served from a single Express server and return JSON responses that follow a consistent envelope shape. This reference covers the base URL, global conventions, CORS policy, error handling, and a complete endpoint index.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/JFKoryy/autopart-pro/llms.txt
Use this file to discover all available pages before exploring further.
Base URL
The API is served on port5000 by default. The port is configurable via the PORT environment variable on the server.
http://localhost:5000/api/health.
Response Envelope
Every response body is JSON. Most endpoints wrap their payload in a consistent envelope:success—trueon success,falseon failure.data— the primary resource or list being returned; omitted on errors.message— a human-readable description of the outcome.
A small number of auth endpoints (register, login, profile) return
token and user fields directly at the top level rather than nested under data. This is noted in the per-endpoint documentation.Content-Type
AllPOST and PUT requests must include the following header so the server can parse the JSON body:
400 Bad Request response.
Health Check
The health check endpoint is unauthenticated and is useful for confirming the server is running before making authenticated calls.GET /api/health
No headers or body required. Returns:
Authentication
Protected endpoints require a valid JWT Bearer token in theAuthorization header:
/api/auth routes. Tokens are signed with HS256 and expire after 1 hour. Full details — including error messages and frontend usage — are in the Authentication guide.
CORS Policy
The server is configured to accept cross-origin requests only from the following origins:http://localhost:5173http://192.168.1.165:5173
GET, POST, PUT, DELETE, and PATCH. The allowed headers are Content-Type and Authorization.
Route Groups
The API is organized into four resource groups, each mounted at its own prefix:| Prefix | Purpose |
|---|---|
/api/auth | Registration, login, and profile retrieval |
/api/products | Inventory CRUD and low-stock alerting |
/api/sales | Checkout processing and sales history |
/api/users | User management (admin only) |
Error Responses
The API uses standard HTTP status codes. All error bodies include at minimum amessage field and, where applicable, a success: false field.
| Status | Meaning |
|---|---|
400 Bad Request | Missing or invalid request fields |
401 Unauthorized | Missing, malformed, or expired token |
403 Forbidden | Valid token but insufficient role |
404 Not Found | Resource does not exist |
500 Internal Server Error | Unexpected server-side failure |
Endpoints Summary
The table below lists all 16 endpoints across the four resource groups plus the health check.| Method | Path | Auth Required | Roles | Description |
|---|---|---|---|---|
GET | /api/health | No | — | Server health check |
POST | /api/auth/register | No | — | Register a new user account |
POST | /api/auth/login | No | — | Authenticate and receive a JWT |
GET | /api/auth/profile | Yes | Any | Get the authenticated user’s profile |
GET | /api/auth/me | Yes | Any | Re-validate stored token and return user object |
GET | /api/products | No | — | List all products in inventory |
GET | /api/products/low-stock | Yes | Any | List products below the stock threshold |
GET | /api/products/:id | Yes | Any | Retrieve a single product by ID |
POST | /api/products | Yes | admin | Create a new product |
PUT | /api/products/:id | Yes | admin | Update an existing product |
DELETE | /api/products/:id | Yes | admin | Delete a product |
GET | /api/sales | Yes | Any | List sales (admin sees all; clients see their own) |
POST | /api/sales | Yes | Any | Process a checkout and create a sale |
GET | /api/users | Yes | admin | List all registered users |
PUT | /api/users/:id/role | Yes | admin | Update a user’s role |
DELETE | /api/users/:id | Yes | admin | Delete a user account |
Explore by Resource
Auth
Register, log in, and retrieve user profiles. Start here to obtain a token.
Products
Full CRUD for the parts inventory, including low-stock alerting.
Sales
Process customer checkouts and query historical sales records.
Users
Admin-only endpoints for listing, updating roles, and deleting users.