API Reference

Version: 2.0.0 | Base URL: https://api.jgpnr.com/api/v1 | Last Updated: January 2026

API Modules

API Architecture

Routes Layer

HTTP endpoints, rate limiting, CORS

Controllers

Request handling, Zod validation, response formatting

Services Layer

Business logic, transactions, external APIs

Prisma ORM + Data

PostgreSQL, Redis cache

Authentication

The API uses JWT (JSON Web Tokens) for authentication.

Header Format

Authorization: Bearer <access_token>

Auth Endpoints

POST /auth/login Public

Authenticate a user and receive tokens.

{ "email": "admin@example.com", "password": "..." }

GET /auth/me JWT Required

Get current user profile.

Ticket Endpoints

GET /tickets STAFF+

List all tickets with pagination and filtering.

POST /tickets/scan STAFF+

Scan a ticket for entry.

{ "ticketCode": "TKT-ABC123", "location": "Main Entrance" }

Order Endpoints

GET /orders STAFF+

List all orders with filtering.

POST /orders STAFF+

Create a new order.

Customer Endpoints

GET /customers STAFF+

List all customers.

Shop & Payment

GET /shop/products Public

List all active products with pagination.

GET /shop/cart Public

Get current cart session.

POST /shop/checkout Public

Create order and initiate payment.

{ "customer": { "firstName": "...", "email": "..." }, "items": [...] }

POST /payment/webhook Webhook

Paystack webhook handler. Verifies signature and updates order status.

Product Endpoints

GET /products ADMIN

List all products (including inactive) with full details.

POST /products ADMIN

Create new product with images and sizes.

Task Endpoints

GET /tasks STAFF+

List all tasks with filtering by status and date range.

POST /tasks ADMIN

Create new task.

{ "title": "...", "description": "...", "dueDate": "2026-01-25", "priority": "HIGH", "assignedRole": "STAFF" }

Notification Endpoints

GET /notifications STAFF+

Get user's notifications with pagination.

Analytics Endpoints

GET /analytics/dashboard ADMIN

Get dashboard metrics (revenue, tickets, customers, orders).

GET /analytics/revenue ADMIN

Get revenue trends by day/week/month.

Settings Endpoints

GET /settings ADMIN

Get all system settings.

Audit Endpoints

GET /audit SUPER_ADMIN

Get audit logs with filtering.

Health

GET /health Public

Basic health check (returns 200 OK).

GET /health/detailed SUPER_ADMIN

Deep system status (DB, Redis, queues, disk).

Rate Limiting

The API implements rate limiting to prevent abuse. Limits are per-IP and reset after the window expires.

Endpoint	Limit	Window
/auth/*	10 requests	15 minutes
/api/v1/*	100 requests	1 minute
/tickets/scan	60 requests	1 minute

Error Codes

Code	Meaning
400	Bad Request - Invalid input
401	Unauthorized - Missing/invalid token
403	Forbidden - Insufficient permissions
404	Not Found - Resource doesn't exist
429	Too Many Requests - Rate limited
500	Internal Server Error