Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/JFKoryy/autopart-pro/llms.txt

Use this file to discover all available pages before exploring further.

The AutoPart Pro REST API gives you programmatic access to every feature of the platform: user authentication, automotive parts inventory management, sales processing, and user administration. All resources are served from a single Express server and return JSON responses that follow a consistent envelope shape. This reference covers the base URL, global conventions, CORS policy, error handling, and a complete endpoint index.

Base URL

The API is served on port 5000 by default. The port is configurable via the PORT environment variable on the server.
http://localhost:5000/api
All paths in this reference are relative to that base. For example, the health check endpoint is reached at http://localhost:5000/api/health.

Response Envelope

Every response body is JSON. Most endpoints wrap their payload in a consistent envelope:
{
  "success": true,
  "data": { },
  "message": "Human-readable status message."
}
  • successtrue on success, false on failure.
  • data — the primary resource or list being returned; omitted on errors.
  • message — a human-readable description of the outcome.
A small number of auth endpoints (register, login, profile) return token and user fields directly at the top level rather than nested under data. This is noted in the per-endpoint documentation.

Content-Type

All POST and PUT requests must include the following header so the server can parse the JSON body:
Content-Type: application/json
Requests that omit this header or send a malformed body will receive a 400 Bad Request response.

Health Check

The health check endpoint is unauthenticated and is useful for confirming the server is running before making authenticated calls. GET /api/health No headers or body required. Returns:
{
  "status": "ON",
  "message": "Servidor de AutoPart Pro funcionando correctamente",
  "timestamp": "2025-01-15T12:00:00.000Z"
}

Authentication

Protected endpoints require a valid JWT Bearer token in the Authorization header:
Authorization: Bearer <token>
Obtain a token by registering or logging in via the /api/auth routes. Tokens are signed with HS256 and expire after 1 hour. Full details — including error messages and frontend usage — are in the Authentication guide.

CORS Policy

The server is configured to accept cross-origin requests only from the following origins:
  • http://localhost:5173
  • http://192.168.1.165:5173
Requests originating from any other domain will be blocked at the CORS layer before reaching application code. The allowed HTTP methods are GET, POST, PUT, DELETE, and PATCH. The allowed headers are Content-Type and Authorization.
If you are integrating a frontend hosted on a different origin, you must update the CORS origin list in backend/src/app.js and restart the server. Forgetting this step will cause all API calls from that origin to fail silently in the browser.

Route Groups

The API is organized into four resource groups, each mounted at its own prefix:
PrefixPurpose
/api/authRegistration, login, and profile retrieval
/api/productsInventory CRUD and low-stock alerting
/api/salesCheckout processing and sales history
/api/usersUser management (admin only)

Error Responses

The API uses standard HTTP status codes. All error bodies include at minimum a message field and, where applicable, a success: false field.
StatusMeaning
400 Bad RequestMissing or invalid request fields
401 UnauthorizedMissing, malformed, or expired token
403 ForbiddenValid token but insufficient role
404 Not FoundResource does not exist
500 Internal Server ErrorUnexpected server-side failure

Endpoints Summary

The table below lists all 16 endpoints across the four resource groups plus the health check.
MethodPathAuth RequiredRolesDescription
GET/api/healthNoServer health check
POST/api/auth/registerNoRegister a new user account
POST/api/auth/loginNoAuthenticate and receive a JWT
GET/api/auth/profileYesAnyGet the authenticated user’s profile
GET/api/auth/meYesAnyRe-validate stored token and return user object
GET/api/productsNoList all products in inventory
GET/api/products/low-stockYesAnyList products below the stock threshold
GET/api/products/:idYesAnyRetrieve a single product by ID
POST/api/productsYesadminCreate a new product
PUT/api/products/:idYesadminUpdate an existing product
DELETE/api/products/:idYesadminDelete a product
GET/api/salesYesAnyList sales (admin sees all; clients see their own)
POST/api/salesYesAnyProcess a checkout and create a sale
GET/api/usersYesadminList all registered users
PUT/api/users/:id/roleYesadminUpdate a user’s role
DELETE/api/users/:idYesadminDelete a user account

Explore by Resource

Auth

Register, log in, and retrieve user profiles. Start here to obtain a token.

Products

Full CRUD for the parts inventory, including low-stock alerting.

Sales

Process customer checkouts and query historical sales records.

Users

Admin-only endpoints for listing, updating roles, and deleting users.

Build docs developers (and LLMs) love