Xpensely Server — API Reference

Last updated: 2026-05-09 · Branch: feature/security-hardening

Overview
Authentication
Rate Limiting
Endpoints
- 4.1 Home
- 4.2 Users
- 4.3 Expense Lists
Data Models
Error Handling
Recent Changes — feature/security-hardening

1. Overview

Xpensely Server is a Spring Boot REST API that manages shared expense lists for pairs of users. It uses Google OAuth2 JWT tokens for authentication. All protected endpoints require a valid Bearer token in the Authorization header.

Base URL (local dev): http://localhost:8080

Content-Type: application/json for all request and response bodies.

Public endpoints (no auth required):

Method	Path	Description
GET	`/`	Health check — returns `"Welcome"`
POST	`/api/users/createUser`	Register a new user
GET	`/api/users/byName`	Look up a user by username

All other endpoints require authentication (see Section 2).

2. Authentication

TODO

3. Rate Limiting

TODO

4. Endpoints

4.1 Home

TODO

4.2 Users

TODO

4.3 Expense Lists

TODO

5. Data Models

TODO

6. Error Handling

TODO

7. Recent Changes — `feature/security-hardening`

TODO

1.5 KiB Raw Blame History

Xpensely Server — API Reference

Table of Contents

1. Overview

2. Authentication

3. Rate Limiting

4. Endpoints

4.1 Home

4.2 Users

4.3 Expense Lists

5. Data Models

6. Error Handling

7. Recent Changes — feature/security-hardening

1.5 KiB

Raw Blame History

7. Recent Changes — `feature/security-hardening`