The LMS Backend is a modular REST API built with Node.js, Express 5, and MongoDB. It handles every server-side concern a learning management system needs: user registration and JWT authentication, course and lecture management with Cloudinary-backed media uploads, per-student progress tracking, and integrated payment processing through both Stripe and Razorpay. All API routes are served under theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Pragyat-Nikunj/Learning-Management-System-backend/llms.txt
Use this file to discover all available pages before exploring further.
/api/v1 prefix and communicate via JSON.
Key features
JWT cookie authentication
Stateless auth using signed JWT tokens stored in HTTP-only cookies. Protected routes verify tokens via the
isAuthenticated middleware before any handler runs.Course and lecture management
Instructors can create courses, upload thumbnail images, add video lectures, and publish or unpublish content. Students browse published courses and search by keyword.
Student progress tracking
The progress API tracks completion per lecture, allows students to mark a full course complete, and supports resetting progress to start over.
Stripe and Razorpay payments
Supports Stripe Checkout sessions with webhook verification for asynchronous payment confirmation, plus Razorpay for regional payment processing.
Cloudinary media uploads
Course thumbnails and lecture videos are uploaded to Cloudinary via Multer. The API stores the resulting public IDs and URLs, so your frontend can stream video directly.
Security middleware stack
Every request passes through Helmet (security headers), HPP (HTTP parameter pollution prevention), Mongo sanitization, and a global rate limiter of 100 requests per 15 minutes per IP.
Tech stack
| Layer | Technology |
|---|---|
| Runtime | Node.js (ESM modules) |
| Framework | Express 5 |
| Database | MongoDB via Mongoose 8 |
| Authentication | jsonwebtoken + bcryptjs |
| Payments | Stripe 18, Razorpay 2 |
| Media storage | Cloudinary 2 |
| File uploads | Multer 2 |
| Validation | express-validator 7 |
| Security | Helmet, express-rate-limit, HPP, mongo-sanitize |
API surface
The server exposes five route groups, all prefixed with/api/v1:
| Route prefix | Resource |
|---|---|
/api/v1/healthcheck | Server and database health status |
/api/v1/user | Registration, authentication, profile, and password management |
/api/v1/courses | Course creation, search, lecture management |
/api/v1/progress | Per-student lecture and course completion tracking |
/api/v1/payments | Stripe checkout, webhook ingestion, purchase history |
All routes that modify or read user-specific data require a valid session cookie. See Authentication for how the cookie-based JWT flow works.
Next steps
Quickstart
Clone the repo, configure your environment, and make your first API call in minutes.
API Reference
Browse every endpoint with request/response schemas and curl examples.