This is the documentation of the api used in the TDAH WebApp, the api is structure in two simple parts Authentication and Patients where authentication will be responsable to keep the information of patients organized for every user and keep them secret for each Adivsor's patients. and Patient will store all the data related to every patient.
This RESTful API was created enterelly using Javascript using modern Syntax in the Node.js Enviroment version 6+ LTS. And using Express 4 Framework for the server and the database used was the popular noSQL MongoDB with the mongoose ODM 4+. and finally using JSON format for data transfer.
Data structure of each user created automatically when sign up.
{
"email": String,
"password": String,
"displayName": String,
"confirmed": Boolean,
"avatar": String,
"signupDate": Number,
"lastLogin": Number,
"workplace": String,
"location": String,
"tokens": [
"access": String,
"token": String
]
}
For creating a new user just make a POST request in /api/advisor and provide your email, Fullname and password.
POST REQUEST: /api/advisor
Sending to body:
{
"email": "[email protected]",
"password": "123abc!",
"displayName": "Jhon Doe"
"workplace": "Center for Disease Control and Prevention",
"location": "Miami, FLorida",
}
Once you send the POST request this new user will hash the password and asign a new token where will able to be used in header for authentication puspsses. At the same time you will receive a email message with an url for validate the account. once you confirme you email the user will toggle the confirmed status to true.
validation to true don't block any feature in the rest api. this may be used in the frontend to control some characteristics.
When you create a new user. this process automatically send to the user email a confirmation email (see in the Creating User section for further information). but if you need you could request a new conformation email in case the user havent receive the email, accidentally remove the email from his inbox or just in the case the previous url expired.
YOU SHOULD BE LOGGED IN IN ORDER TO REQUEST VERIFICATION EMAIL (HAVE AN AUTH TOKEN)
GET REQUEST: /api/advisor/activation
you can get the information where you're currently logged in getting the information of your user token.
REQUIRE AUTH TOKEN
GET REQUEST: /api/advisor/me
you can also request the basic information of all users.
REQUIRE AUTH TOKEN
GET REQUEST: /api/advisor/all
when the user doesn't have a active auth token (if not logged in) in order to access to the data information of your user you should login using your registered email and password.
Once you logged in successfully the user receive a auth token.
POST REQUEST: /api/advisor/login
Sending to body:
{
"email": "[email protected]",
"password": "123abc!",
}
for logout cases you need to be logged in (having an auth token) when you make a DELETE request to /api/advisor/logout, the user automatically will remove his auth token losing access for his user data and his patient's. in order to access again to his information the user should login again.
REQUIRE AUTH TOKEN
DELETE REQUEST: /api/advisor/logout
When the user is logged in the user can change his data whenever he wants. for all case the user have to provide his current password in order to apply this changes. if the user changed his password. the auth token will be removed.
REQUIRE AUTH TOKEN (provide the current password is mandatory)
CAVEAT: YOU CAN CHANGE YOUR EMAIL ADDRESS USING THIS REQUEST. THIS WAS MADE THIS WAY SO THE APP FRONT END CAN DECIDE IF THE USER CAN OR CANNOT CHANGE IT
PATCH REQUEST: /api/advisor/login
Sending to body whatever information you'd like to modify:
{
"currentPassword": "123abc!"
"displayName": "Jimmy Doe",
}
you can also change the pasword with this request but this is not the prefferred way. Changing Password and Forgotten Password are better for this task since they send email notification and verification in order to change the password specifically
this is the preferred method to change the user password. once the request is made. the user will receive an email with an URL where authorize the change of password
REQUIRE AUTH TOKEN
GET REQUEST: /api/advisor/change-password
the user receive the following route:
PATCH REQUEST: /api/advisor/auth-change-password:emailToken
the user have to provide its Current Password in order to change it:
{
"currentPassword": "123abc!",
"password": "123abc!50"
}
Once the password is changed the user token will be removed forcing to login again.
If user want to change its password without an auth token. it can be made using this route passing in its email address.
POST REQUEST: /api/advisor/change-password
with the following data to body:
{
"email": [email protected]"
}
the user receive the following route:
PATCH REQUEST: /api/advisor/change-password:emailToken
the user have to provide its Current Password in order to change it:
{
"currentPassword": "123abc!",
"password": "123abc!50"
}
once the password was change the user can access using the new one.
Data structure of each Patient created by an user. note the _creator property. this will created inmmediatly when an user register a new patient. what this have is the user's id who create the patient.
{
"name": String,
"lastname": String,
"avance": Number,
"avatar": String,
"age": Number,
"_creator": "user.ObjectID"
}
the user must be loggedin in order to register a new patient. this create a new patient thats will be global to the patients collection but linked to its user creator
REQUIRE AUTH TOKEN
POST REQUEST: /api/patients
Sending to body:
{
"mame": "Jhon",
"lastname": "Doe",
"age": 4,
"avatar": "anImage.jpeg", (optional)
"avance": "80", (optional)
}
you can get information of a single patient using the patients' id. this will get all the current data oof this specific patient
REQUIRE AUTH TOKEN
GET REQUEST: /api/patients/:id
request data from all patients the user have
REQUIRE AUTH TOKEN
GET REQUEST: /api/patients/
delete an especific patient using its id
REQUIRE AUTH TOKEN
DELETE REQUEST: /api/patients/:id
the user can modify all information it needs of his patients. inclusive, he can transfer the patient to other using knowing the User id of that user (in front end application).
REQUIRE AUTH TOKEN
PATCH REQUEST: /api/patients/:id
Sending to body:
{
"mame": "Jane",
"lastname": "Doe",
"age": 5,
"avatar": "anImage.jpeg", (optional)
"avance": "82", (optional)
}
- Express.js - Server Framework
- Mongoose ODM - Database ODM
- JSON Web Tokens - for tokenize authentication
- bcrypt.js - hashing passwords
- NodeMailer - Handle emails
- Git Flow - handle Versioning
We use SemVer for versioning. For the versions available, see the tags on this repository.
See also the list of contributors who participated in this project.
This project is licensed under the MIT License.
- Osman Ochoa's tesis