The Spartans Gym API is a JSON REST API built with Express, Prisma, and MySQL. Every feature of the gym management platform — from member check-ins to financial transactions — is accessible through a single, consistent API surface. All routes share the sameDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/azahel79/Spartans-gym/llms.txt
Use this file to discover all available pages before exploring further.
/api prefix, the same JSON response envelope, and the same error contract, so once you understand the basics here you can navigate any endpoint group with confidence.
Base URL
The API server defaults to port3000. Use the appropriate base URL depending on your environment:
| Environment | Base URL |
|---|---|
| Production | https://YOUR_BACKEND_DOMAIN/api |
| Local dev | http://localhost:3000/api |
Replace
YOUR_BACKEND_DOMAIN with the actual hostname where you deploy the backend. The PORT environment variable controls which port the server binds to (default 3000).Health Check
Before integrating, confirm the API is reachable with the public health endpoint. No authentication is required.| Field | Type | Description |
|---|---|---|
success | boolean | Always true for this endpoint |
message | string | Human-readable status message |
environment | string | Value of the NODE_ENV environment variable |
uptime | number | Process uptime in seconds since last restart |
timestamp | string | ISO 8601 timestamp of the response |
Route Groups
Every resource in the platform is organized under a dedicated route prefix. The table below lists all available groups, their purpose, and the roles permitted to access them.| Prefix | Description | Required Role |
|---|---|---|
/api/auth | Login, current user, and logout | Public / Any authenticated |
/api/clients | Member registration and management | admin, recepcionista |
/api/plans | Membership plan catalogue | admin, recepcionista |
/api/attendances | Check-in and attendance records | admin, recepcionista |
/api/products | Product and supplement inventory | admin, recepcionista |
/api/transactions | Financial transactions and sales | admin, recepcionista |
/api/dashboard | Aggregated stats and analytics | admin |
/api/users | Staff user management | admin |
/api/config | Gym-level configuration settings | admin |
/api/upload | File and image upload (Cloudinary) | admin, recepcionista |
Route-level authorization is enforced by the
authenticate middleware. Requests without a valid Bearer token on protected routes receive a 401 Unauthorized response immediately.Standard Response Format
Every API response — success or error — follows the same JSON envelope shape. You can always branch on thesuccess boolean before reading data or error.
HTTP Status Codes
The API uses a standard subset of HTTP status codes. Prisma-layer errors are translated to appropriate HTTP codes by the global error handler before they reach the client.| Code | Meaning | Common cause |
|---|---|---|
200 OK | Request succeeded | Normal successful response |
400 Bad Request | Invalid input | Missing required fields, duplicate unique value (Prisma P2002) |
401 Unauthorized | Missing or invalid token | No Authorization header, expired or malformed JWT |
403 Forbidden | Insufficient role | Authenticated but not permitted for this resource |
404 Not Found | Resource missing | Record not found (Prisma P2025) or unknown route |
500 Internal Server Error | Unexpected server error | Unhandled exception — check server logs |
Request Format
Send all write requests (POST, PUT, PATCH) with a JSON body and the correct Content-Type header. The server enforces a 2 MB limit on JSON payloads.
multipart/form-data against the /api/upload endpoints — do not send binary data as base64 in a JSON body.
CORS
Cross-Origin Resource Sharing is controlled by theALLOWED_ORIGINS environment variable. The server accepts a comma-separated list of origin URLs and strips trailing slashes before matching. Credentials (cookies, Authorization headers) are explicitly allowed.
Next Steps
Authentication
Learn how to obtain a JWT token and authorize every subsequent request with the Bearer scheme.
Clients
Register members, search by name or plan, and manage membership status.
Plans
Create and update membership plans with pricing and duration.
Dashboard
Pull aggregated statistics and analytics for the gym management dashboard.