Below is a list of available APIs and their status:
Icon
Status
β
Implemented and go to go as documented
β
Not implemented
π§
In progress
Express Endpoints
In our current MVP state, our express endpoints list are small, as the interaction between client
and server is small. Below structures how the endpoints work:
Status
Verb
Route
Description
β
POST
/me
Creates an account for the user and returns the user's data
β
GET
/me
Login given user cookies and verifies the data aligns w/ the server
All content types will be in the application/json form:
Header Parameter
Description
Content-Type
Always set to application/json
Authentication
Authentication occurs with a JSON Web Token (JWT). JWT let's us cryptographically store the user's
id through a hash. This allows us to verify the identity of a user securely, and immediately access
their information. See POST /me to see how to get a user's token.
Header Parameter
Description
Authorization
The token for a user: Bearer TOKEN
POST /me
This POST request serves as a method for a user to login if there is no cookie information stored
on the client. When a user successfully logs in, Aurgy will send the client the user's info
that will be used to populate the client.
Request Body Parameter
Description
refreshToken
A user's refresh token
Responses
Status Code
Description
200
A user response (detailed below)
403
A bad refresh token
User Response
The response sent to the user if the authentication is successful.
{
"name": "string", // The user's name
"id": "string", // The user's spotify id
"accountType": "string", // The user's spotify plan: premium or free
"country": "string", // The user's country code
"images": "string[]", // Any links to the user's images
"jwt": "string" // the jwt token for the user (lasts 7 days)
}
GET /me
The GET request is a method for the client to verify a user's information through the cookies stored
on the client.
Headers
Description
Authorization
The token for a user: Bearer TOKEN
Responses
Status Code
Description
200
A user response (detailed below)
401
Token is not present in headers
403
Token does not pass verification (expired)
404
User is not found in database
User Response
The response sent to the user if the authentication is successful.
{
"name": "string", // The user's name
"id": "string", // The user's spotify id
"accountType": "string", // The user's spotify plan: premium or free
"country": "string", // The user's country code
"images": "string[]", // Any links to the user's images
}
DELETE /me
The DELETE request is a method for the client to delete their account. This will result in the entire
entry for the user to be deleted.
Headers
Description
Authorization
The token for a user: Bearer TOKEN
Responses
Status Code
Description
200
User has been succesfully deleted from database
401
Token is not present in headers
403
Token does not pass verification (expired)
404
User is not found in database
POST /lobby
The POST request for /lobby serves as a way to create a lobby. Aurgy will then
return the lobby information. In order to understand who is making the request,
we will be sending both the id and the refresh token of the user.
Headers
Description
Authorization
The token for a user: Bearer TOKEN
Request Body Parameter
Description
lobbyName
The name of the lobby
theme
The theme of the lobby
Responses
Status Code
Description
200
User has been succesfully deleted from database
401
Token is not present in headers
403
Token does not pass verification (expired)
404
User is not found in database
406
User has exceeded their lobby count, the name is invalid, or the theme is invalid
500
Failed to create Lobby
Lobby Response
The response sent to the user regarding the lobby information.
{
"name": "string", // The lobby name
"id": "string", // The lobby id
}
GET /lobby
The GET request for /lobby is a way for the user to get what lobbies they are in.
Headers
Description
Authorization
The token for a user: Bearer TOKEN
Responses
Status Code
Description
200
User has been authenticated and returns the lobbies response
401
Token is not present in headers
403
Token does not pass verification (expired)
404
User is not found in database
POST /lobby/:id
The POST request for /lobby/:id is a way for a user to join a lobby.
Verification happens in two stages:
User verification: make sure the user is valid
Lobby token verification: Make sure the lobby token to join the lobby is valid (not expired)
Headers
Description
Authorization
The token for a user: Bearer TOKEN
Request Body Parameter
Description
lobbyToken
The expirable token to verify a lobby
Responses
Status Code
Description
200
User has been added to the lobby and the lobby info is sent
401
Token is not present in headers
403
Token does not pass verification (expired)
404
User is not found in database
406
The lobby token is invalid
GET /lobby/:id
The GET request for /lobby/:id is a way for a user to get lobby info. It might be a good idea
to turn this into a websocket. That way updates to the lobby when a user is on the page is updated
on the client in real time. We can investigate this solution at a later day.
Verification happens in two stages:
User verification: make sure the user is valid
Lobby Status: Make sure the user is part of the lobby
Headers
Description
Authorization
The token for a user: Bearer TOKEN
Responses
Status Code
Description
200
User is in lobby and the lobby data is sent to the user
401
Token is not present in headers
403
Token does not pass verification (expired)
404
User is not found in database
406
User is not part of the lobby
PATCH /lobby/:id
The PATCH request for /lobby/:id is a way for a user to update lobby information.
Verification happens in two stages:
User verification: make sure the user is valid
Lobby Permissions: Make sure the user is the manager of the lobby
Headers
Description
Authorization
The token for a user: Bearer TOKEN
Request Body Parameter
Description
name
The lobby name you want
Responses
Status Code
Description
200
Lobby has been succesfully updated from database
401
Token is not present in headers
403
Token does not pass verification (expired)
404
User is not found in database
406
User is not a manager of the lobby
DELETE /lobby/:id
The DELETE request for /lobby/:id is a way for a user to delete a lobby.
Verification happens in two stages:
User verification: make sure the user is valid
Lobby Permissions: Make sure the user is the manager of the lobby
Headers
Description
Authorization
The token for a user: Bearer TOKEN
Responses
Status Code
Description
200
Lobby has been succesfully deleted from database
401
Token is not present in headers
403
Token does not pass verification (expired)
404
User is not found in database
406
User is not a manager of the lobby
DELETE /lobby/:id/user:id
The DELETE request for /lobby/:id/user/:id is a way for the manager of a
lobby to remove another user from the lobby.
Verification happens in two stages:
User verification: make sure the user is valid
Lobby Permissions: Make sure the user is the manager of the lobby
Below is a list of available APIs and their status:
Express Endpoints
In our current MVP state, our express endpoints list are small, as the interaction between client and server is small. Below structures how the endpoints work:
/me/me/me/lobby/lobby/lobby/:id/lobby/:id/lobby/:id/lobby/:id/lobby/:id/user/:idContent Types
All content types will be in the
application/jsonform:application/jsonAuthentication
Authentication occurs with a JSON Web Token (JWT). JWT let's us cryptographically store the user's id through a hash. This allows us to verify the identity of a user securely, and immediately access their information. See
POST /meto see how to get a user's token.Bearer TOKENPOST /me
This POST request serves as a method for a user to login if there is no cookie information stored on the client. When a user successfully logs in, Aurgy will send the client the user's info that will be used to populate the client.
Responses
User Response
The response sent to the user if the authentication is successful.
GET /me
The GET request is a method for the client to verify a user's information through the cookies stored on the client.
Bearer TOKENResponses
User Response
The response sent to the user if the authentication is successful.
DELETE /me
The DELETE request is a method for the client to delete their account. This will result in the entire entry for the user to be deleted.
Bearer TOKENResponses
POST /lobby
The POST request for
/lobbyserves as a way to create a lobby. Aurgy will then return the lobby information. In order to understand who is making the request, we will be sending both the id and the refresh token of the user.Bearer TOKENResponses
Lobby Response
The response sent to the user regarding the lobby information.
GET /lobby
The GET request for
/lobbyis a way for the user to get what lobbies they are in.Bearer TOKENResponses
POST /lobby/:id
The POST request for
/lobby/:idis a way for a user to join a lobby.Verification happens in two stages:
Bearer TOKENResponses
GET /lobby/:id
The GET request for
/lobby/:idis a way for a user to get lobby info. It might be a good idea to turn this into a websocket. That way updates to the lobby when a user is on the page is updated on the client in real time. We can investigate this solution at a later day.Verification happens in two stages:
Bearer TOKENResponses
PATCH /lobby/:id
The PATCH request for
/lobby/:idis a way for a user to update lobby information.Verification happens in two stages:
Bearer TOKENResponses
DELETE /lobby/:id
The DELETE request for
/lobby/:idis a way for a user to delete a lobby.Verification happens in two stages:
Bearer TOKENResponses
DELETE /lobby/:id/user:id
The DELETE request for
/lobby/:id/user/:idis a way for the manager of a lobby to remove another user from the lobby.Verification happens in two stages:
Bearer TOKENResponses
This is a π Tracking Issue