69 lines
1.5 KiB
Markdown
69 lines
1.5 KiB
Markdown
# Xpensely Server — API Reference
|
|
|
|
> Last updated: 2026-05-09 · Branch: `feature/security-hardening`
|
|
|
|
## Table of Contents
|
|
1. [Overview](#1-overview)
|
|
2. [Authentication](#2-authentication)
|
|
3. [Rate Limiting](#3-rate-limiting)
|
|
4. [Endpoints](#4-endpoints)
|
|
- 4.1 [Home](#41-home)
|
|
- 4.2 [Users](#42-users)
|
|
- 4.3 [Expense Lists](#43-expense-lists)
|
|
5. [Data Models](#5-data-models)
|
|
6. [Error Handling](#6-error-handling)
|
|
7. [Recent Changes — `feature/security-hardening`](#7-recent-changes)
|
|
|
|
---
|
|
|
|
## 1. Overview
|
|
|
|
Xpensely Server is a Spring Boot REST API that manages shared expense lists for pairs of users. It uses Google OAuth2 JWT tokens for authentication. All protected endpoints require a valid Bearer token in the `Authorization` header.
|
|
|
|
**Base URL (local dev):** `http://localhost:8080`
|
|
|
|
**Content-Type:** `application/json` for all request and response bodies.
|
|
|
|
**Public endpoints (no auth required):**
|
|
| Method | Path | Description |
|
|
|--------|------|-------------|
|
|
| GET | `/` | Health check — returns `"Welcome"` |
|
|
| POST | `/api/users/createUser` | Register a new user |
|
|
| GET | `/api/users/byName` | Look up a user by username |
|
|
|
|
All other endpoints require authentication (see [Section 2](#2-authentication)).
|
|
|
|
## 2. Authentication
|
|
|
|
_TODO_
|
|
|
|
## 3. Rate Limiting
|
|
|
|
_TODO_
|
|
|
|
## 4. Endpoints
|
|
|
|
### 4.1 Home
|
|
|
|
_TODO_
|
|
|
|
### 4.2 Users
|
|
|
|
_TODO_
|
|
|
|
### 4.3 Expense Lists
|
|
|
|
_TODO_
|
|
|
|
## 5. Data Models
|
|
|
|
_TODO_
|
|
|
|
## 6. Error Handling
|
|
|
|
_TODO_
|
|
|
|
## 7. Recent Changes — `feature/security-hardening`
|
|
|
|
_TODO_
|