Backend Developer Guide

Complete API documentation with professional examples for all backend services

Authentication

Admin Login

POST /api/admin/auth/login

{
  "email": "admin@example.com",
  "password": "<your_password>"
}

Response (200 OK):

{
  "success": true,
  "token": "...",
  "user": {
    "id": "user_id",
    "email": "admin@example.com",
    "role": "SYSTEM_SUPER_ADMIN",
    "businessId": "business_id"
  }
}

Headers Required: Include the token in Authorization header: Bearer {token}

Messenger User Login

POST /api/messenger/auth/login

{
  "email": "user@business.com",
  "password": "<your_password>",
  "businessId": "business_id"
}

Response (200 OK):

{
  "success": true,
  "token": "...",
  "user": {
    "id": "user_id",
    "email": "user@business.com",
    "name": "John Doe",
    "businessId": "business_id"
  }
}

Real-time Messaging

Send Direct Message

POST /api/messenger/messages

{
  "recipientId": "user_id",
  "content": "Hello! How are you?",
  "type": "text",
  "attachments": []
}

Response (201 Created):

{
  "success": true,
  "message": {
    "id": "msg_id",
    "senderId": "your_id",
    "recipientId": "user_id",
    "content": "Hello! How are you?",
    "type": "text",
    "timestamp": "2025-11-22T10:30:00Z",
    "read": false
  }
}

Socket.IO Message Events

Receive Message

socket.on('message:received', (data) => {
  console.log(data)
  // {
  //   id: "msg_id",
  //   senderId: "user_id",
  //   content: "Hello!",
  //   senderName: "John",
  //   timestamp: "2025-11-22T10:30:00Z"
  // }
})

// Send read receipt
socket.emit('message:read', {
  messageId: "msg_id"
})

Video Calling

Initiate Audio/Video Call

POST /api/messenger/calls

{
  "recipientId": "user_id",
  "callType": "video",  // or "audio"
  "roomId": "room_123"
}

Response (201 Created):

{
  "success": true,
  "call": {
    "id": "call_id",
    "callerId": "your_id",
    "callerName": "You",
    "receiverId": "user_id",
    "receiverName": "John Doe",
    "receiverAvatar": "https://...",
    "callType": "video",
    "roomId": "room_123",
    "status": "ringing",
    "createdAt": "2025-11-22T10:30:00Z"
  }
}

Call Socket Events

Incoming Call Event

socket.on('call:incoming', (data) => {
  // {
  //   callId: "call_id",
  //   callerId: "caller_id",
  //   callerName: "John Doe",
  //   callerAvatar: "https://...",
  //   callType: "video",
  //   roomId: "room_123"
  // }
})

// Accept call
socket.emit('call:accept', { callId: "call_id" })

// Reject call
socket.emit('call:reject', { callId: "call_id" })

// End call
socket.emit('call:end', { callId: "call_id" })

User Management

List Business Users

GET /api/admin/users?businessId=business_id

Response (200 OK):
{
  "success": true,
  "users": [
    {
      "id": "user_id",
      "email": "user@business.com",
      "name": "John Doe",
      "role": "BUSINESS_ADMIN",
      "businessId": "business_id",
      "avatar": "https://...",
      "status": "active",
      "createdAt": "2025-11-22T10:30:00Z"
    }
  ],
  "total": 45,
  "page": 1
}

Create New User

POST /api/admin/users

{
  "email": "newuser@business.com",
  "name": "Jane Smith",
  "password": "<your_password>",
  "role": "BUSINESS_ADMIN",
  "businessId": "business_id"
}

Response (201 Created):

{
  "success": true,
  "user": {
    "id": "new_user_id",
    "email": "newuser@business.com",
    "name": "Jane Smith",
    "role": "BUSINESS_ADMIN",
    "businessId": "business_id"
  }
}

Presence & Online Status

Socket.IO Presence Events

Presence Updates

// Listen for users coming online
socket.on('user:online', (userId) => {
  console.log('User came online:', userId)
  // Update UI to show user as online
})

// Listen for users going offline
socket.on('user:offline', (userId) => {
  console.log('User went offline:', userId)
  // Update UI to show user as offline
})

// Get list of online users
socket.on('users:online', (userIds) => {
  console.log('Online users:', userIds)
  // {
  //   users: ["user1_id", "user2_id"]
  // }
})

Typing Indicators

Send Typing Indicator

// User started typing
socket.emit('typing:start', {
  recipientId: "user_id"
})

// Listen for typing indicator
socket.on('typing:indicator', (data) => {
  // { userId: "user_id" }
  console.log('User is typing...')
})

// User stopped typing
socket.emit('typing:stop', {
  recipientId: "user_id"
})

Error Handling

Standard Error Response Format:

{
  "success": false,
  "error": "User not found",
  "errorCode": "NOT_FOUND",
  "statusCode": 404
}

// Common Error Codes:
// UNAUTHORIZED - Missing or invalid auth token
// FORBIDDEN - Insufficient permissions
// NOT_FOUND - Resource doesn't exist
// VALIDATION_ERROR - Invalid request data
// INTERNAL_ERROR - Server error
// RATE_LIMIT - Too many requests

401 Unauthorized

Invalid or expired token. Include valid Bearer token in Authorization header.

403 Forbidden

User doesn't have permission to access this resource.

422 Validation Error

Request data is invalid. Check field names and data types.

429 Rate Limited

Too many requests. Implement exponential backoff retry logic.

Best Practices

✅ Do's

• Always include Authorization header with Bearer token
• Validate all input data on client side before sending
• Implement exponential backoff for failed API requests
• Listen to Socket.IO events for real-time updates
• Cache frequently accessed data client-side
• Handle connection drops and auto-reconnect
• Log errors for debugging and monitoring

❌ Don'ts

• Don't expose tokens in browser console or logs
• Don't make API calls without error handling
• Don't hardcode API endpoints or credentials
• Don't ignore Socket.IO connection status
• Don't make synchronous blocking requests
• Don't forget to clean up event listeners
• Don't send sensitive data in query parameters

Rate Limits

Authentication Endpoints

100 req/min

Per user account

API Endpoints

1000 req/min

Per authenticated session

File Upload

50 MB/file

Max file size

Recommended SDKs & Libraries

Frontend

React: UI framework with hooks
Socket.IO Client: Real-time communication
SWR: Data fetching and caching
Tailwind CSS: Styling framework
VideoSDK.live React SDK: Video conferencing

Backend

Next.js API Routes: Serverless endpoints
MongoDB: NoSQL database
Socket.IO: Real-time events
JWT: Token-based authentication
Vercel Blob: File storage

Need Help?

Check the Architecture Guide for system design details.

For issues, bugs, or feature requests, please contact our development team through the appropriate channels.

Backend Developer Guide

Complete API documentation with professional examples for all backend services

Authentication

Admin Login

POST /api/admin/auth/login

{
  "email": "admin@example.com",
  "password": "<your_password>"
}

Response (200 OK):

{
  "success": true,
  "token": "...",
  "user": {
    "id": "user_id",
    "email": "admin@example.com",
    "role": "SYSTEM_SUPER_ADMIN",
    "businessId": "business_id"
  }
}

Headers Required: Include the token in Authorization header: Bearer {token}

Messenger User Login

POST /api/messenger/auth/login

{
  "email": "user@business.com",
  "password": "<your_password>",
  "businessId": "business_id"
}

Response (200 OK):

{
  "success": true,
  "token": "...",
  "user": {
    "id": "user_id",
    "email": "user@business.com",
    "name": "John Doe",
    "businessId": "business_id"
  }
}

Real-time Messaging

Send Direct Message

POST /api/messenger/messages

{
  "recipientId": "user_id",
  "content": "Hello! How are you?",
  "type": "text",
  "attachments": []
}

Response (201 Created):

{
  "success": true,
  "message": {
    "id": "msg_id",
    "senderId": "your_id",
    "recipientId": "user_id",
    "content": "Hello! How are you?",
    "type": "text",
    "timestamp": "2025-11-22T10:30:00Z",
    "read": false
  }
}

Socket.IO Message Events

Receive Message

socket.on('message:received', (data) => {
  console.log(data)
  // {
  //   id: "msg_id",
  //   senderId: "user_id",
  //   content: "Hello!",
  //   senderName: "John",
  //   timestamp: "2025-11-22T10:30:00Z"
  // }
})

// Send read receipt
socket.emit('message:read', {
  messageId: "msg_id"
})

Video Calling

Initiate Audio/Video Call

POST /api/messenger/calls

{
  "recipientId": "user_id",
  "callType": "video",  // or "audio"
  "roomId": "room_123"
}

Response (201 Created):

{
  "success": true,
  "call": {
    "id": "call_id",
    "callerId": "your_id",
    "callerName": "You",
    "receiverId": "user_id",
    "receiverName": "John Doe",
    "receiverAvatar": "https://...",
    "callType": "video",
    "roomId": "room_123",
    "status": "ringing",
    "createdAt": "2025-11-22T10:30:00Z"
  }
}

Call Socket Events

Incoming Call Event

socket.on('call:incoming', (data) => {
  // {
  //   callId: "call_id",
  //   callerId: "caller_id",
  //   callerName: "John Doe",
  //   callerAvatar: "https://...",
  //   callType: "video",
  //   roomId: "room_123"
  // }
})

// Accept call
socket.emit('call:accept', { callId: "call_id" })

// Reject call
socket.emit('call:reject', { callId: "call_id" })

// End call
socket.emit('call:end', { callId: "call_id" })

User Management

List Business Users

GET /api/admin/users?businessId=business_id

Response (200 OK):
{
  "success": true,
  "users": [
    {
      "id": "user_id",
      "email": "user@business.com",
      "name": "John Doe",
      "role": "BUSINESS_ADMIN",
      "businessId": "business_id",
      "avatar": "https://...",
      "status": "active",
      "createdAt": "2025-11-22T10:30:00Z"
    }
  ],
  "total": 45,
  "page": 1
}

Create New User

POST /api/admin/users

{
  "email": "newuser@business.com",
  "name": "Jane Smith",
  "password": "<your_password>",
  "role": "BUSINESS_ADMIN",
  "businessId": "business_id"
}

Response (201 Created):

{
  "success": true,
  "user": {
    "id": "new_user_id",
    "email": "newuser@business.com",
    "name": "Jane Smith",
    "role": "BUSINESS_ADMIN",
    "businessId": "business_id"
  }
}

Presence & Online Status

Socket.IO Presence Events

Presence Updates

// Listen for users coming online
socket.on('user:online', (userId) => {
  console.log('User came online:', userId)
  // Update UI to show user as online
})

// Listen for users going offline
socket.on('user:offline', (userId) => {
  console.log('User went offline:', userId)
  // Update UI to show user as offline
})

// Get list of online users
socket.on('users:online', (userIds) => {
  console.log('Online users:', userIds)
  // {
  //   users: ["user1_id", "user2_id"]
  // }
})

Typing Indicators

Send Typing Indicator

// User started typing
socket.emit('typing:start', {
  recipientId: "user_id"
})

// Listen for typing indicator
socket.on('typing:indicator', (data) => {
  // { userId: "user_id" }
  console.log('User is typing...')
})

// User stopped typing
socket.emit('typing:stop', {
  recipientId: "user_id"
})

Error Handling

Standard Error Response Format:

{
  "success": false,
  "error": "User not found",
  "errorCode": "NOT_FOUND",
  "statusCode": 404
}

// Common Error Codes:
// UNAUTHORIZED - Missing or invalid auth token
// FORBIDDEN - Insufficient permissions
// NOT_FOUND - Resource doesn't exist
// VALIDATION_ERROR - Invalid request data
// INTERNAL_ERROR - Server error
// RATE_LIMIT - Too many requests

401 Unauthorized

Invalid or expired token. Include valid Bearer token in Authorization header.

403 Forbidden

User doesn't have permission to access this resource.

422 Validation Error

Request data is invalid. Check field names and data types.

429 Rate Limited

Too many requests. Implement exponential backoff retry logic.

Best Practices

✅ Do's

• Always include Authorization header with Bearer token
• Validate all input data on client side before sending
• Implement exponential backoff for failed API requests
• Listen to Socket.IO events for real-time updates
• Cache frequently accessed data client-side
• Handle connection drops and auto-reconnect
• Log errors for debugging and monitoring

❌ Don'ts

• Don't expose tokens in browser console or logs
• Don't make API calls without error handling
• Don't hardcode API endpoints or credentials
• Don't ignore Socket.IO connection status
• Don't make synchronous blocking requests
• Don't forget to clean up event listeners
• Don't send sensitive data in query parameters

Rate Limits

Authentication Endpoints

100 req/min

Per user account

API Endpoints

1000 req/min

Per authenticated session

File Upload

50 MB/file

Max file size

Recommended SDKs & Libraries

Frontend

React: UI framework with hooks
Socket.IO Client: Real-time communication
SWR: Data fetching and caching
Tailwind CSS: Styling framework
VideoSDK.live React SDK: Video conferencing

Backend

Next.js API Routes: Serverless endpoints
MongoDB: NoSQL database
Socket.IO: Real-time events
JWT: Token-based authentication
Vercel Blob: File storage

Need Help?

Check the Architecture Guide for system design details.

For issues, bugs, or feature requests, please contact our development team through the appropriate channels.