Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/tech-dipesh/yeti-Jobs/llms.txt

Use this file to discover all available pages before exploring further.

The Yeti Jobs REST API exposes every feature of the platform — job listings, applications, company management, notifications, and administration — through a consistent, versioned HTTP interface. All routes live under the /api/v1 prefix. Authentication is handled transparently via an HTTP-only JWT cookie, so once a user logs in, every subsequent request in the same browser session is automatically credentialed.

Base URLs

EnvironmentBase URL
Productionhttps://yeti-jobs.onrender.com/api/v1
Local developmenthttp://localhost:{PORT}/api/v1
Replace {PORT} with the value of the PORT environment variable configured in your .env file.
The production backend is hosted on Render’s free tier. After 15 minutes of inactivity the server goes to sleep and the first request may take 10–30 seconds while the instance cold-starts. Subsequent requests within the same session respond at normal latency. A keep-alive cron job pings the server every 15 minutes to minimise cold starts during active periods.

Interactive Documentation

A fully interactive Swagger UI is available alongside the API itself. You can inspect every route, view request schemas, and execute calls directly from the browser — no local setup required.
https://yeti-jobs.onrender.com/api/v1/swagger
The Swagger spec is built from the project’s swagger.yaml and served by swagger-ui-express at the /api/v1/swagger mount point (see app.js).

Authentication

Authentication uses JSON Web Tokens (JWT) stored in an HTTP-only cookie named token. The cookie is set automatically on a successful /api/v1/users/login response and cleared on logout.
  • Browser clients — the cookie is sent automatically with every same-origin request (CORS credentials are enabled).
  • API / curl clients — pass the cookie explicitly with --cookie 'token=YOUR_JWT' or -b 'token=YOUR_JWT'.
  • Routes that require authentication return 401 Unauthorized when no valid cookie is present.
  • Routes that require a specific role (admin, recruiter, guest) return 403 Forbidden when the authenticated user’s role does not match.
See the Auth Flow page for a full walkthrough of signup, email verification, and login.

Content Types

ScenarioContent-Type header
All JSON request bodiesapplication/json
File uploads (resume, profile picture, company logo)multipart/form-data
All responses are JSON. Every error response includes at minimum a message field describing the problem.

Health Check

A lightweight endpoint confirms the server is running and accepting connections.
GET /api/v1/health
Response 200 OK
{
  "message": "Ok"
}

Error Responses

Every error response body contains a message field. The table below lists all status codes the API can return.
Status CodeMeaning
400Bad request — missing or invalid fields, validation failed
401Not authenticated — missing or expired JWT cookie
403Forbidden — authenticated but insufficient role / not resource owner
404Not found — the requested route or resource does not exist
429Rate limited — too many requests within the time window
500Internal server error — an unexpected server-side failure
Sample error response
{
  "message": "The Page You're looking for: /api/v1/unknown doesn't exist"
}
Sample validation / auth error
{
  "message": "You are not authorized to perform this action"
}
Sample rate-limit error
{
  "message": "You only can send resend request twice per minute"
}

Rate Limits

The API enforces two tiers of rate limiting via express-rate-limit:
ScopeLimit
Global (all routes)200 requests / minute
Sensitive routes (/verify, /verify/resend, /forget-password, /forget-password/verify)2 requests / minute
Exceeding a limit returns 429 Too Many Requests with the appropriate message.

Resource Groups

The API is organized into six resource groups. Each group maps to a dedicated router mounted in app.js.

Users

Signup, login, logout, profile management, skills, education, resume and profile-picture uploads, and company follows.

Jobs

Browse, search, create, update and delete job listings. Bookmark and un-bookmark jobs. Paginated listing with sort support.

Applications

Apply to jobs with a cover letter and salary expectation, withdraw applications, view all applications, and update applicant status (recruiter).

Companies

Create and update companies, view employees, followers, posted jobs, and the company dashboard. Follow / unfollow a company.

Admin

Admin dashboard, assign users to companies, search users, delete companies, and verify admin identity. Requires admin role.

Notifications

Retrieve user-specific notifications covering job alerts, application status changes, company follows, resume analysis results, and more.

Route Authentication Summary

Route prefixAuth requiredRole restriction
GET /api/v1/healthNo
/api/v1/users/loginNo
/api/v1/users/signupNo
/api/v1/users/forget-password*No
/api/v1/jobs (public listing & search)No
/api/v1/companies/**Yes
/api/v1/applications/**Yes
/api/v1/admin/**Yesadmin only
/api/v1/notifications/**Yes
Unauthenticated users can browse and search job listings (GET /api/v1/jobs, GET /api/v1/jobs/search, GET /api/v1/jobs/:jobId) without a cookie. All write operations and any route that returns personal data require authentication.

Build docs developers (and LLMs) love