Complete API documentation for the Smart School Blog backend - a NestJS application with JWT authentication, posts, comments, events, and user management.
Register a new user.
Request Body:
{
"name": "John Doe",
"email": "user@example.com",
"password": "yourPassword123",
"role": "student",
"languagePreference": "Eng",
"isVerified": false
}Validation:
- All fields required
emailmust be valid email formatlanguagePreferencemust be "Fr" or "Eng"
Response:
{
"id": 1,
"name": "John Doe",
"email": "user@example.com",
"role": "student",
"languagePreference": "Eng",
"isVerified": false,
"createdAt": "2025-07-31T10:00:00.000Z"
}Login and get JWT access token.
Request Body:
{
"email": "user@example.com",
"password": "yourPassword123"
}Response:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}Create a new user (alternative to register).
Request Body:
{
"name": "John Doe",
"email": "user@example.com",
"password": "yourPassword123",
"role": "student",
"languagePreference": "Eng"
}Note: The isVerified field is not required for user creation (only for registration)
Get all users. Requires JWT token
Response:
[
{
"id": 1,
"name": "John Doe",
"email": "user@example.com",
"role": "student",
"languagePreference": "Eng",
"isVerified": false,
"createdAt": "2025-07-31T10:00:00.000Z"
}
]Get current user profile. Requires JWT token
Response:
{
"userId": 1,
"email": "user@example.com"
}Get user by ID. Requires JWT token
URL Parameters:
id(number) - User ID
Update current user profile. Requires JWT token
Request Body (all optional):
{
"name": "Johnny Updated",
"email": "newemail@example.com",
"role": "teacher",
"languagePreference": "Fr",
"isVerified": true
}Update any user profile (Admin only). Requires JWT token
URL Parameters:
id(number) - User ID
Request Body (all optional):
{
"name": "Updated Name",
"email": "updated@example.com",
"role": "teacher",
"languagePreference": "Fr",
"isVerified": true
}Conditions:
- User must exist (404 if not found)
- User must have admin privileges (
isVerified: true) OR be updating their own profile
Delete a user account. Requires JWT token
URL Parameters:
id(number) - User ID
Conditions:
- User must exist (404 if not found)
- User must have admin privileges (
isVerified: true) OR be deleting their own account
Create a new post. Requires JWT token
Request Body:
{
"title": "My First Post",
"content": "This is the content of my post..."
}Validation:
- Both fields required and non-empty
Get all posts.
Response:
[
{
"id": 1,
"title": "My First Post",
"content": "This is the content...",
"likes": [2, 3, 5],
"authorId": 1,
"aiSummary": "AI-generated summary of the post...",
"createdAt": "2025-07-31T10:00:00.000Z",
"author": {
"id": 1,
"name": "John Doe",
"email": "user@example.com"
}
}
]Get posts by specific author.
URL Parameters:
authorId(number) - Author's user ID
Get single post by ID.
URL Parameters:
id(number) - Post ID
Update a post. Requires JWT token
URL Parameters:
id(number) - Post ID
Request Body (both optional):
{
"title": "Updated Title",
"content": "Updated content..."
}Conditions:
- Post must exist (404 if not found)
- User must be the post author (403 if not owner)
Delete a post. Requires JWT token
URL Parameters:
id(number) - Post ID
Conditions:
- Post must exist (404 if not found)
- User must be the post author OR have admin privileges (
isVerified: true)
Like/unlike a post. Requires JWT token
URL Parameters:
id(number) - Post ID
Get AI-generated summary for a post.
URL Parameters:
id(number) - Post ID
Response:
{
"content": "AI-generated summary of the post content..."
}Conditions:
- Post must exist (404 if not found)
- If post doesn't have an AI summary, one will be generated automatically
Create a comment on a post. Requires JWT token
Request Body:
{
"content": "Great post!",
"postId": 1
}Validation:
- Both fields required
Get all comments for a specific post.
URL Parameters:
postId(number) - Post ID
Response:
[
{
"id": 1,
"content": "Great post!",
"postId": 1,
"authorId": 2,
"createdAt": "2025-07-31T10:30:00.000Z",
"author": {
"id": 2,
"name": "Jane Smith",
"email": "jane@example.com"
}
}
]Delete a comment. Requires JWT token
URL Parameters:
id(number) - Comment ID
Conditions:
- Comment must exist (404 if not found)
- User must be the comment author (403 if not owner)
Create a new event. Requires JWT token
Request Body:
{
"title": "School Science Fair",
"category": "Academic",
"location": "Main Auditorium",
"coverImage": "https://example.com/image.jpg",
"description": "Annual science fair event...",
"startDate": "2025-08-15T09:00:00.000Z",
"endDate": "2025-08-15T17:00:00.000Z"
}Validation:
- All fields are required and non-empty
- Dates must be in ISO format
Get all events. Requires JWT token
Response:
[
{
"id": 1,
"title": "School Science Fair",
"category": "Academic",
"description": "Annual science fair event...",
"location": "Main Auditorium",
"coverImage": "https://example.com/image.jpg",
"startDate": "2025-08-15T09:00:00.000Z",
"endDate": "2025-08-15T17:00:00.000Z",
"attendees": [2, 3, 5],
"hostId": 1,
"createdAt": "2025-07-31T10:00:00.000Z",
"host": {
"id": 1,
"name": "John Doe"
}
}
]Get single event by ID. Requires JWT token
URL Parameters:
id(number) - Event ID
Get events by specific host. Requires JWT token
URL Parameters:
hostId(number) - Host's user ID
Get events by category. Requires JWT token
Query Parameters:
category(string) - Event category
Example: /event/category?category=Academic
Register for an event. Requires JWT token
URL Parameters:
id(number) - Event ID
Delete an event. Requires JWT token
URL Parameters:
id(number) - Event ID
Conditions:
- Event must exist (404 if not found)
- User must be the event host OR have admin privileges (
isVerified: true)
Health check endpoint.
Response:
"Hello World!"For all protected routes, include the JWT token in the Authorization header:
Authorization: Bearer <your_jwt_token>Users with isVerified: true have admin privileges and can:
- Delete any post (not just their own)
- Delete any event (not just their own)
- Update any user profile
- Delete any user account
- Access admin-only features
id: number (auto-increment)name: stringemail: string (unique)password: string (hashed)role: stringlanguagePreference: "Fr" | "Eng"isVerified: booleancreatedAt: DateTime
id: number (auto-increment)title: stringcontent: stringlikes: number[] (array of user IDs)authorId: number (foreign key)aiSummary: string (AI-generated summary)createdAt: DateTime
id: number (auto-increment)content: stringpostId: number (foreign key)authorId: number (foreign key)createdAt: DateTime
id: number (auto-increment)title: stringcategory: stringdescription: stringlocation: stringcoverImage: stringstartDate: DateTimeendDate: DateTimeattendees: number[] (array of user IDs)hostId: number (foreign key)createdAt: DateTime
- 400 Bad Request: Invalid request body or validation errors
- 401 Unauthorized: Missing or invalid JWT token
- 403 Forbidden: User doesn't have permission for this action
- 404 Not Found: Resource not found
- 500 Internal Server Error: Server error