API Endpoints

POST /api/users

Register new user (customer role)

Request Body: 
{
  "username": "alice",
  "password": "secret123",
  "fullname": "Alice Example",
  "email": "alice@example.com"
}
Response: 
{
  "message": "User created successfully",
  "user": {
    "_id": "USER_ID",
    "username": "alice",
    "fullname": "Alice Example",
    "email": "alice@example.com",
    "role": "customer"
  }
}

GET /api/users

List all users (admin only)

Headers: 
Authorization: Bearer
Response: 
[
  {
    "_id": "USER_ID",
    "username": "alice",
    "fullname": "Alice Example",
    "email": "alice@example.com",
    "role": "customer"
  },
  ...
]

PUT /api/users/:id

Update user info (self/admin)

Headers: 
Authorization: Bearer
Request Body: 
{
  "fullname": "Alice Updated",
  "email": "alice@newmail.com"
}
Response: 
{
  "message": "User updated successfully",
  "user": {
    "_id": "USER_ID",
    "username": "alice",
    "fullname": "Alice Updated",
    "email": "alice@newmail.com",
    "role": "customer"
  }
}

DELETE /api/users/:id

Delete user (admin only)

Headers: 
Authorization: Bearer
Response: 
{
  "message": "User deleted successfully",
  "user": {
    "_id": "USER_ID",
    "username": "alice",
    ...
  }
}

GET /api/users/whoami

Get current user (JWT required)

Headers: 
Authorization: Bearer
Response: 
{
  "_id": "USER_ID",
  "username": "alice",
  "fullname": "Alice Example",
  "email": "alice@example.com",
  "role": "customer"
}

POST /api/login

Authenticate user, get JWT

Request Body: 
{
  "username": "alice",
  "password": "secret123"
}
Response: 
{
  "message": "login successful",
  "token": "JWT_TOKEN",
  "username": "alice",
  "id": "USER_ID"
}

GET /api/products

List products (filters, sorting, pagination)

Query Params: 
?category=electronics&sortBy=price&sort=desc&limit=5
Response: 
{
  "message": "Products fetched successfully",
  "products": [
    {
      "_id": "PRODUCT_ID",
      "name": "Product Name",
      "category": "electronics",
      "price": 99.99,
      "isActive": true,
      "seller": {
        "fullname": "Merchant Name"
      }
    },
    ...
  ]
}

POST /api/products

Create product (merchant/admin)

Headers: 
Authorization: Bearer
Request Body: 
{
  "name": "New Product",
  "category": "electronics",
  "price": 49.99,
  "isActive": true
}
Response: 
{
  "message": "Product created successfully",
  "product": {
    "_id": "PRODUCT_ID",
    "name": "New Product",
    "category": "electronics",
    "price": 49.99,
    "isActive": true,
    "seller": "USER_ID"
  }
}

POST /api/products/bulk

Bulk create products (merchant/admin)

Headers: 
Authorization: Bearer
Request Body: 
[
  {
    "name": "Product 1",
    "category": "books",
    "price": 10.0,
    "isActive": true
  },
  {
    "name": "Product 2",
    "category": "books",
    "price": 12.0,
    "isActive": true
  }
]
Response: 
{
  "message": "Products created successfully",
  "products": [
    { "_id": "PRODUCT_ID_1", ... },
    { "_id": "PRODUCT_ID_2", ... }
  ]
}

PUT /api/products/:id

Update product (seller only)

Headers: 
Authorization: Bearer
Request Body: 
{
  "name": "Updated Product",
  "price": 59.99
}
Response: 
{
  "message": "Product updated successfully",
  "product": {
    "_id": "PRODUCT_ID",
    "name": "Updated Product",
    ...
  }
}

DELETE /api/products/drop

Drop all products (admin, testing)

Headers: 
Authorization: Bearer
Response: 
Status: 204 No Content