The CareLoom API is a REST service running on port 8080. All endpoints accept and return JSON. Authentication uses JWT Bearer tokens.
http://localhost:8080/api
In production, this will be behind your reverse proxy (e.g., https://api.yourorg.example.com/api).
Request body:
{
"username": "admin",
"password": "admin"
}
Returns a JWT token. Include this token in all subsequent requests:
Authorization: Bearer <token>
Tokens are valid for 30 days by default.
| Method |
Path |
Description |
Auth Required |
POST |
/api/authenticate |
Login, returns JWT |
No |
GET |
/api/account |
Get current user info |
Yes |
POST |
/api/account/change-password |
Change password |
Yes |
| Method |
Path |
Description |
GET |
/api/admin/users |
List all users (paginated) |
POST |
/api/admin/users |
Create a new user |
GET |
/api/admin/users/{id} |
Get user by ID |
PUT |
/api/admin/users/{id} |
Update a user |
DELETE |
/api/admin/users/{id} |
Delete a user |
| Method |
Path |
Description |
GET |
/api/admin/curriculums |
List curricula |
POST |
/api/admin/curriculums |
Create a curriculum |
GET |
/api/admin/curriculums/{id} |
Get curriculum by ID |
PUT |
/api/admin/curriculums/{id} |
Update a curriculum |
DELETE |
/api/admin/curriculums/{id} |
Delete a curriculum |
| Method |
Path |
Description |
GET |
/api/admin/modules |
List modules |
POST |
/api/admin/modules |
Create a module |
GET |
/api/admin/modules/{id} |
Get module by ID |
PUT |
/api/admin/modules/{id} |
Update a module |
DELETE |
/api/admin/modules/{id} |
Delete a module |
| Method |
Path |
Description |
GET |
/api/admin/babies |
List all families (paginated) |
GET |
/api/admin/babies/{id} |
Get baby/family by ID |
| Method |
Path |
Description |
GET |
/api/admin/carers |
List carers |
| Method |
Path |
Description |
GET |
/api/admin/projects |
List projects |
POST |
/api/admin/projects |
Create a project |
| Method |
Path |
Description |
GET |
/api/admin/questionnaires |
List questionnaires |
POST |
/api/admin/questionnaires |
Create a questionnaire |
| Method |
Path |
Description |
GET |
/api/admin/tags |
List tags |
POST |
/api/admin/tags |
Create a tag |
| Method |
Path |
Description |
GET |
/api/admin/reports |
Generate reports |
| Method |
Path |
Description |
POST |
/api/admin/files |
Upload a file (media for curriculum content) |
| Method |
Path |
Description |
POST |
/api/admin/init |
Initialize system (first-time setup) |
| Method |
Path |
Description |
GET |
/api/babies |
Get babies assigned to current CHW |
POST |
/api/babies |
Register a new baby |
GET |
/api/visits |
Get visits for current CHW |
POST |
/api/visits |
Create/complete a visit |
GET |
/api/lesson-resources |
Get curriculum lesson resources |
POST |
/api/questionnaire-records |
Submit questionnaire responses |
| Method |
Path |
Description |
Auth Required |
GET |
/actuator/health |
Health check |
No |
Pagination
Paginated endpoints use Spring Data's Pageable convention:
| Parameter |
Description |
Example |
page |
Page number (0-indexed) |
?page=0 |
size |
Items per page |
?size=20 |
sort |
Sort field and direction |
?sort=createdDate,desc |
Response includes pagination metadata:
{
"content": [...],
"totalPages": 5,
"totalElements": 100,
"number": 0,
"size": 20
}
Errors follow the Problem Details format (RFC 7807):
{
"type": "https://www.jhipster.tech/problem/problem-with-message",
"title": "Bad Request",
"status": 400,
"detail": "Validation failed",
"path": "/api/admin/users"
}
The API includes Swagger UI for interactive documentation. When the API is running, access it at:
http://localhost:8080/swagger-ui.html
Swagger provides a complete, auto-generated reference of all endpoints, request/response schemas, and allows you to test calls directly from the browser.
- All admin endpoints (
/api/admin/*) require an authenticated user with the ADMIN or SUPER_ADMIN role.
- App endpoints (
/api/babies, /api/visits, etc.) require an authenticated user with any role and return data scoped to the current user's assignments.
- File uploads use
multipart/form-data.
- Most delete operations are soft deletes (records are marked as deleted, not removed).