Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/soker90/finper/llms.txt

Use this file to discover all available pages before exploring further.

Finper exposes a JSON REST API served by an Express 5 + TypeScript application. All data is scoped to the authenticated user — every record carries a userId field and every query filters by it automatically. This page describes the conventions that apply to every endpoint in the API.

Base URL

http://localhost:3008/api
The host and port are configurable. In production deployments the base URL is set via the VITE_API_HOST environment variable on the client side. All endpoint paths in this reference are relative to the base URL above.

Authentication

All requests must include the JWT obtained from POST /api/auth/login or POST /api/auth/register in the token header:
token: <your-jwt>
Three endpoints do not require authentication:
  • POST /api/auth/login
  • POST /api/auth/register
  • GET /api/monit/health
Every other endpoint will return 401 Unauthorized if the token header is missing or invalid.
The authentication middleware (auth.middleware.ts) validates the JWT using the jwt Passport strategy and sets req.user to the authenticated username string. It also refreshes the token on every response by writing a new value into the Token response header — the official client reads this header via an axios interceptor and stores it in localStorage.

Error Format

All API errors follow the Boom output format:
{
  "statusCode": 422,
  "error": "Unprocessable Entity",
  "message": "\"amount\" must be a number"
}
Status CodeMeaning
400Bad request — malformed ID or invalid path parameter
401Unauthorized — missing, expired, or invalid JWT
403Forbidden — action not permitted (e.g. registration disabled)
404Not found — requested resource does not exist for this user
422Unprocessable entity — Joi validation failed on the request body or query
500Internal server error — unexpected server-side failure

Response Conventions

  • All successful responses return a JSON body unless noted otherwise.
  • 201 Created is returned when a new resource is created (POST endpoints). Some older POST endpoints return 200 — this is noted on each endpoint’s page.
  • 204 No Content means the request succeeded but there is no response body (e.g. DELETE endpoints and GET /api/auth/me).
  • 200 OK is returned for reads and updates.
  • Date/time values are Unix milliseconds (number) throughout the API.
  • Monetary amounts are floating-point numbers rounded to two decimal places.

Available Resources

ResourceBase Path
Auth/api/auth
Accounts/api/accounts
Transactions/api/transactions
Categories/api/categories
Budgets/api/budgets
Debts/api/debts
Goals/api/goals
Loans/api/loans
Subscriptions/api/subscriptions
Pensions/api/pensions
Stocks/api/stocks
Supplies/api/supplies
Stores/api/stores
Tickets/api/tickets
Dashboard/api/dashboard
Monit/api/monit

Build docs developers (and LLMs) love