Div Solution API Documentation
The Div Solution API is designed to facilitate secure and efficient user authentication, account management, and role-based access control. This API is developed using Flask and PostgreSQL, leveraging JWT tokens for session handling and bcrypt for secure password hashing. It is built to ensure scalability and robust handling of user data and roles.
- User Authentication: Secure login and signup endpoints.
- Account Management: Admin-level functionalities to manage accounts.
- Role-Based Access Control: Ensures users have the appropriate permissions based on their roles.
- Flask: A lightweight web framework used to build the API.
- PostgreSQL: A reliable and powerful database system for storing user and account data.
- JWT (JSON Web Tokens): Used for secure and stateless user sessions.
- bcrypt: Implements password hashing for secure credential storage.
Ensure you have Python installed along with pip.
-
Clone the repository:
git clone https://github.com/shaik-zaheeruddin/div-solution-api.git cd div-solution-api -
Install dependencies:
pip install -r requirements.txt -
Run the application:
python app.py -
Access the API:
By default, the API will be available at
http://localhost:5000.
Configure the environment variables needed for the API in a .env file or set them in your environment:
SECRET_KEYDATABASE_URLJWT_SECRET_KEY
Description: Registers a new user with a unique username and hashed password.
Request Body:
{
"username": "string",
"password": "string"
}
Responses:
201 Created: User created successfully.400 Bad Request: Missing username or password, or the username already exists.
Description: Authenticates a user and provides a JWT token.
Request Body:
{
"username": "string",
"password": "string"
}
Responses:
200 OK: Returns an access token.401 Unauthorized: Invalid credentials.
Description: Creates a new account managed by the current admin.
Request Body:
{
"name": "string",
"email": "string",
"contact_number": "string"
}
Responses:
201 Created: Account created successfully.400 Bad Request: Missing required fields.409 Conflict: An account with this email already exists.
Description: Updates an existing account's information.
Request Body:
{
"name": "string",
"email": "string",
"contact_number": "string"
}
Responses:
200 OK: Account updated successfully.404 Not Found: Account not found.409 Conflict: Email already exists.
Description: Retrieves details of a specific account.
Responses:
200 OK: Returns account details.404 Not Found: Account not found.
Description: Deletes a specific account.
Responses:
200 OK: Account deleted successfully.404 Not Found: Account not found.
Description: Allows a super admin to update a user's role.
Headers:
Authorization: Super Admin Key
Request Body:
{
"role": "admin" | "client"
}
Responses:
200 OK: User role updated successfully.403 Forbidden: Unauthorized access.400 Bad Request: Invalid role.
The API uses JWT tokens for secure access to endpoints. After logging in, users receive a token to include in the request headers:
Authorization: Bearer <token>
The API includes role-based access control to manage user permissions:
- Client: Basic access with limited permissions.
- Admin: Permissions to manage accounts.
- Super Admin: Permissions to modify user roles and access levels.
- username: Unique identifier for the user.
- password: Securely hashed using bcrypt.
- role: Defines user access (e.g., admin, client).
- created_at: Timestamp of user creation.
- updated_at: Timestamp of last update.
- name: Name associated with the account.
- email: Unique email for communication.
- contact_number: Phone number for the account.
- added_by: Refers to the admin who created the account.
- created_at: Timestamp of account creation.