Finper exposes a JSON REST API served by an Express 5 + TypeScript application. All data is scoped to the authenticated user — every record carries aDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/soker90/finper/llms.txt
Use this file to discover all available pages before exploring further.
userId field and every query filters by it automatically. This page describes the conventions that apply to every endpoint in the API.
Base URL
VITE_API_HOST environment variable on the client side. All endpoint paths in this reference are relative to the base URL above.
Authentication
All requests must include the JWT obtained fromPOST /api/auth/login or POST /api/auth/register in the token header:
Three endpoints do not require authentication:
POST /api/auth/loginPOST /api/auth/registerGET /api/monit/health
401 Unauthorized if the token header is missing or invalid.auth.middleware.ts) validates the JWT using the jwt Passport strategy and sets req.user to the authenticated username string. It also refreshes the token on every response by writing a new value into the Token response header — the official client reads this header via an axios interceptor and stores it in localStorage.
Error Format
All API errors follow the Boom output format:| Status Code | Meaning |
|---|---|
400 | Bad request — malformed ID or invalid path parameter |
401 | Unauthorized — missing, expired, or invalid JWT |
403 | Forbidden — action not permitted (e.g. registration disabled) |
404 | Not found — requested resource does not exist for this user |
422 | Unprocessable entity — Joi validation failed on the request body or query |
500 | Internal server error — unexpected server-side failure |
Response Conventions
- All successful responses return a JSON body unless noted otherwise.
201 Createdis returned when a new resource is created (POST endpoints). Some older POST endpoints return200— this is noted on each endpoint’s page.204 No Contentmeans the request succeeded but there is no response body (e.g. DELETE endpoints andGET /api/auth/me).200 OKis returned for reads and updates.- Date/time values are Unix milliseconds (number) throughout the API.
- Monetary amounts are floating-point numbers rounded to two decimal places.
Available Resources
| Resource | Base Path |
|---|---|
| Auth | /api/auth |
| Accounts | /api/accounts |
| Transactions | /api/transactions |
| Categories | /api/categories |
| Budgets | /api/budgets |
| Debts | /api/debts |
| Goals | /api/goals |
| Loans | /api/loans |
| Subscriptions | /api/subscriptions |
| Pensions | /api/pensions |
| Stocks | /api/stocks |
| Supplies | /api/supplies |
| Stores | /api/stores |
| Tickets | /api/tickets |
| Dashboard | /api/dashboard |
| Monit | /api/monit |