Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/dev0302/nextjs-project-1/llms.txt

Use this file to discover all available pages before exploring further.

Send an anonymous message to any registered user by their username. This endpoint is intentionally public — callers do not need an account or a session cookie, which is what makes anonymous messaging possible. The server looks up the target user, verifies they are currently accepting messages, then pushes a new message object (with content and a server-generated createdAt timestamp) into their embedded messages array and persists the change with user.save().

Method and URL

POST /api/send-message

Authentication

None. This is a fully public endpoint. No session cookie, API key, or Authorization header is required or checked.

Request Body

The request body must be JSON with the following fields:
username
string
required
The username of the recipient. The server performs a User.findOne({ username }) lookup, so the value must match exactly (case-sensitive) a registered account.
content
string
required
The body of the anonymous message. Must be between 10 and 300 characters (inclusive). This constraint is enforced by the messageSchema Zod schema on the client side — the route itself does not run this validation, so ensure the frontend validates with the same schema before calling this endpoint.

Example Request

{
  "username": "alice",
  "content": "Your talk at the conference was genuinely inspiring!"
}

curl Example

curl -X POST https://your-domain.com/api/send-message \
  -H "Content-Type: application/json" \
  -d '{
    "username": "alice",
    "content": "Your talk at the conference was genuinely inspiring!"
  }'

Responses

201 — Message Sent

The message was successfully appended to the user’s inbox. 
{
  "success": true,
  "message": "Message sent successfully"
}

403 — User Not Accepting Messages

The target user exists but has disabled their inbox via the /api/accept-messages toggle. 
{
  "success": false,
  "message": "User is not accepting messages"
}

404 — User Not Found

No account exists with the provided username. 
{
  "success": false,
  "message": "User not found"
}

500 — Internal Server Error

An unexpected error occurred during the database operation. 
{
  "success": false,
  "message": "Internal server error"
}

Response Fields

success
boolean
true when the message was persisted; false on any error or rejection.
message
string
A human-readable description of the outcome.

Notes

Content length validation is enforced client-side by the messageSchema Zod schema (src/app/schemas/messageSchema.ts): content must be at least 10 characters and no more than 300 characters. The route itself does not call messageSchema.safeParse — it processes whatever content value arrives. Ensure your frontend validates with this schema before calling the endpoint.
dbConnect() is called without await in this route (dbConnect() rather than await dbConnect()). This is a known bug in the source: the database connection is initiated but the route does not wait for it to complete before proceeding. In practice the connection is likely already cached, but be aware that on cold starts this could cause timing issues.
Because the endpoint is public, you can share a direct link (e.g. a profile page that calls this route) with anyone on the internet and they will be able to send messages without ever signing up.
If a user has turned off their inbox (isAcceptingMessages: false), this endpoint returns 403 Forbidden — not 404. A 403 tells the caller the user exists but is not reachable right now, which is intentional UX behavior.

Build docs developers (and LLMs) love

Get started for freeTalk to us