{"info":{"_postman_id":"b7e0dc21-a80f-4846-b901-474a1d54a6e4","name":"Voya-api","description":"<html><head></head><body><p>The Voya API is a RESTful tour booking service built with Node.js, Express, and MongoDB. It allows users to browse available tours, leave reviews, manage their bookings, and handle account authentication securely. This API supports role-based access control (admin, lead-guide, guide, user) and includes robust validation, error handling, and geospatial queries.</p>\n<p>This documentation provides details on all available endpoints, including:</p>\n<ul>\n<li><p>Public and protected routes</p>\n</li>\n<li><p>Role-based permissions</p>\n</li>\n<li><p>Query and path parameters</p>\n</li>\n<li><p>Request/response examples</p>\n</li>\n<li><p>Authenticated workflows using JWT</p>\n</li>\n</ul>\n<p><strong>Authentication is required for most routes.</strong> Use the <code>/users/login</code> or <code>/users/signup</code> endpoints to obtain a JWT token, and include it in the <code>Authorization</code> header as <code>Bearer</code> .</p>\n</body></html>","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"19410057","collectionId":"b7e0dc21-a80f-4846-b901-474a1d54a6e4","publishedId":"2sB2qcCgM9","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"55C57A"},"publishDate":"2025-05-25T22:37:39.000Z"},"item":[{"name":"Tours","item":[{"name":"Get All Tours","id":"d50934e7-3b81-4ddb-ba60-afd76f1894f7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"{{URL}}api/v1/tours","description":"<p><strong>Description:</strong> Fetches all available tours with query/filter options.<br /><strong>Auth Required:</strong> ❌<br /><strong>Query Parameters:</strong> <code>sort</code>, <code>fields</code>, <code>limit</code>, <code>page</code>, etc.<br /><strong>Response:</strong> List of tours</p>\n","urlObject":{"path":["v1","tours"],"host":["{{URL}}api"],"query":[{"disabled":true,"description":{"content":"<p>Supports easy, medium, hard</p>\n","type":"text/plain"},"key":"difficulty","value":"easy"},{"disabled":true,"key":"page","value":"1"},{"disabled":true,"key":"limit","value":"2"},{"disabled":true,"description":{"content":"<p>Query for Tour Duration. Supports lte, lt, gte, gt operators</p>\n","type":"text/plain"},"key":"duration[gte]","value":"10"},{"disabled":true,"key":"price[lt]","value":"1500"},{"disabled":true,"key":"sort","value":"price,-ratingsAverage"},{"disabled":true,"description":{"content":"<p>Fields available to select from: [<code>name</code>,<code>duration</code>,<code>difficulty</code>,<code>price</code>,<code>ratingsAverage</code>,<code>summary</code>,<code>maxGroupSize</code>,<code>startDates</code>,<code>description</code> ]</p>\n","type":"text/plain"},"key":"fields","value":"name,difficulty,duration,price"},{"disabled":true,"key":"limit","value":"3"},{"disabled":true,"key":"sort","value":"-ratingsAverage,price"}],"variable":[]}},"response":[],"_postman_id":"d50934e7-3b81-4ddb-ba60-afd76f1894f7"},{"name":"Get Tour","id":"f45c49cf-e9f6-43d5-a95f-b10ca7e3af53","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"noauth","isInherited":false},"method":"GET","header":[],"url":"{{URL}}api/v1/tours/5c88fa8cf4afda39709c295a","description":"<p><strong>Description:</strong> Fetches details for a specific tour by ID.<br /><strong>Auth Required:</strong> ❌<br /><strong>Response:</strong> Tour object</p>\n","urlObject":{"path":["v1","tours","5c88fa8cf4afda39709c295a"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"f45c49cf-e9f6-43d5-a95f-b10ca7e3af53"},{"name":"Create New Tour","id":"279e4f3d-04d4-48a1-b7ae-38d7474818d4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":" {\n                \"name\": \"The Mountain Hiker\",\n                \"duration\": 5,\n                \"maxGroupSize\": 25,\n                \"difficulty\": \"easy\",\n                \"price\": 397,\n                \"summary\": \"Breathtaking hike through the Canadian Banff National Park\",\n                \"imageCover\": \"tour-1-cover.jpg\",\n                \"ratingsAverage\": 3,\n                \"guides\": [\n                    \"681c4699effc25b5ac1d39bb\",\n                    \"6818ee777519073437db1aeb\"\n                ]\n}","options":{"raw":{"language":"json"}}},"url":"{{URL}}api/v1/tours","description":"<p><strong>Description:</strong> Creates a new tour.<br /><strong>Auth Required:</strong> ✅ (Admin or Lead Guide)<br /><strong>Body Parameters:</strong> <code>name</code>, <code>price</code>, <code>duration</code>, <code>summary</code>, etc.<br /><strong>Response:</strong> New tour object</p>\n","urlObject":{"path":["v1","tours"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"279e4f3d-04d4-48a1-b7ae-38d7474818d4"},{"name":"Update Tour","id":"eb0803f6-19cb-4180-a0b7-8763b3ca9716","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\n    \"ratingsAverage\": 15,\n    \"difficulty\": \"whatever\",\n    \"name\": \"short\"\n}","options":{"raw":{"language":"json"}}},"url":"{{URL}}api/v1/tours/67fe6a154a533aeb6c129277","description":"<p><strong>Description:</strong> Updates a tour’s data by ID.<br /><strong>Auth Required:</strong> ✅ (Admin or Lead Guide)<br /><strong>Response:</strong> Updated tour object</p>\n","urlObject":{"path":["v1","tours","67fe6a154a533aeb6c129277"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"eb0803f6-19cb-4180-a0b7-8763b3ca9716"},{"name":"Delete Tour","event":[{"listen":"test","script":{"id":"da51a508-9859-419d-94ca-fc8d728931fe","exec":["postman.setEnvironmentVariable(\"jwt\", JSON.parse(responseBody).token);"],"type":"text/javascript","packages":{}}}],"id":"c14eba9f-d724-46d5-91b4-828edc0ccc98","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"DELETE","header":[],"url":"{{URL}}api/v1/tours/5c88fa8cf4afda39709c2966","description":"<p><strong>Description:</strong> Deletes a tour by ID.<br /><strong>Auth Required:</strong> ✅ (Admin or Lead Guide)<br /><strong>Response:</strong> Success message</p>\n","urlObject":{"path":["v1","tours","5c88fa8cf4afda39709c2966"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"c14eba9f-d724-46d5-91b4-828edc0ccc98"},{"name":"Get Top 5 Cheapest Tours","id":"3b6fc561-2010-49b1-9414-79611297c8f9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"noauth","isInherited":false},"method":"GET","header":[],"url":"{{URL}}api/v1/tours/top-5-cheap","description":"<p><strong>Description:</strong> Fetches top 5 cheapest tours based on price and ratings.<br /><strong>Auth Required:</strong> ❌<br /><strong>Response:</strong> List of top 5 tours</p>\n","urlObject":{"path":["v1","tours","top-5-cheap"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"3b6fc561-2010-49b1-9414-79611297c8f9"},{"name":"Get Monthly Plan","id":"4d4aa670-96cf-48ba-b78a-4949e86b186f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{URL}}api/v1/tours//monthly-plan/2021","description":"<p><strong>Description:</strong> Shows the monthly plan of tours for a specific year.<br /><strong>Auth Required:</strong> ✅ (Admin or Lead Guide)<br /><strong>Params:</strong> <code>year</code> (e.g., 2025)<br /><strong>Response:</strong> Monthly grouped tours</p>\n","urlObject":{"path":["v1","tours","","monthly-plan","2021"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"4d4aa670-96cf-48ba-b78a-4949e86b186f"},{"name":"Get Tour Stats","id":"651c01c5-44a1-4d61-a0ec-e0de33260b59","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"noauth","isInherited":false},"method":"GET","header":[],"url":"{{URL}}api/v1/tours/tour-stats","description":"<p><strong>Description:</strong> Provides statistical data about tours (avg price, ratings, etc.)<br /><strong>Auth Required:</strong> ✅ (Admin or Lead Guide)<br /><strong>Response:</strong> Aggregated tour stats</p>\n","urlObject":{"path":["v1","tours","tour-stats"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"651c01c5-44a1-4d61-a0ec-e0de33260b59"},{"name":"Get Tours Within Radius","id":"d33a560c-ff60-4e43-a71f-24415d41d9d7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"noauth","isInherited":false},"method":"GET","header":[],"url":"{{URL}}api/v1/tours/tours-within/233/center/34.111745,-118.113491/unit/mi","description":"<p><strong>Description:</strong> Find tours within a specific radius of a location.<br /><strong>Auth Required:</strong> ❌<br /><strong>Params:</strong></p>\n<ul>\n<li><p><code>distance</code>: Numeric value (e.g., 50)</p>\n</li>\n<li><p><code>latlng</code>: latitude and longitude (e.g., 34.111745,-118.113491)</p>\n</li>\n<li><p><code>unit</code>: \"mi\" or \"km\"</p>\n</li>\n</ul>\n<p><strong>Response:</strong> List of tours in area</p>\n","urlObject":{"path":["v1","tours","tours-within","233","center","34.111745,-118.113491","unit","mi"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"d33a560c-ff60-4e43-a71f-24415d41d9d7"},{"name":"Get Tours Distances","id":"3308b493-3e46-4ca4-a6b4-3f8baa7ba76d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"noauth","isInherited":false},"method":"GET","header":[],"url":"{{URL}}api/v1/tours/distances/34.111745,-118.113491/unit/mi","description":"<p><strong>Description:</strong> Get distances from a point to all tours.<br /><strong>Auth Required:</strong> ❌<br /><strong>Params:</strong></p>\n<ul>\n<li><p><code>latlng</code>: Latitude and longitude</p>\n</li>\n<li><p><code>unit</code>: \"mi\" or \"km\"</p>\n</li>\n</ul>\n<p><strong>Response:</strong> Array with tour distances</p>\n","urlObject":{"path":["v1","tours","distances","34.111745,-118.113491","unit","mi"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"3308b493-3e46-4ca4-a6b4-3f8baa7ba76d"}],"id":"e8b957a9-9c60-4c0c-8448-6a8c7a057fc8","description":"<p><strong>Description:</strong></p>\n<blockquote>\n<p>Endpoints related to <strong>managing and retrieving tour data</strong>. These routes allow users to fetch all tours, get individual tour details, and access specialized queries like top cheapest tours or tours within a certain location. Admins and guides can also create, update, or delete tours. Some routes are <strong>public</strong>, while others require <code>admin</code> or <code>lead-guide</code> privileges. </p>\n</blockquote>\n<p><strong>Key Features:</strong></p>\n<ul>\n<li><p>Get all tours with filtering, sorting, pagination</p>\n</li>\n<li><p>Create, update, delete tours (admin/guide only)</p>\n</li>\n<li><p>Aggregation endpoints for stats &amp; monthly plans</p>\n</li>\n<li><p>Geospatial queries (within radius, distances)</p>\n</li>\n</ul>\n","_postman_id":"e8b957a9-9c60-4c0c-8448-6a8c7a057fc8"},{"name":"Reviews","item":[{"name":"Get All Reviews","id":"d92727bb-42a3-400a-9deb-3a14f25de175","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{URL}}api/v1/reviews/?rating=4","description":"<p><strong>Description:</strong> Get all reviews across all tours.<br /><strong>Auth Required:</strong> ✅ Yes<br /><strong>Response:</strong> List of reviews</p>\n","urlObject":{"path":["v1","reviews",""],"host":["{{URL}}api"],"query":[{"description":{"content":"<p>Ranges from 1 (lowest) to 5 (highest)</p>\n","type":"text/plain"},"key":"rating","value":"4"}],"variable":[]}},"response":[],"_postman_id":"d92727bb-42a3-400a-9deb-3a14f25de175"},{"name":"Get Review","id":"3895dff5-81bf-40f4-b7c4-b4f4092c5874","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{URL}}api/v1/reviews/5c8a3c3b14eb5c17645c9135","description":"<p><strong>Description:</strong> Get a specific review by its ID.<br /><strong>Auth Required:</strong> ✅ Yes<br /><strong>Response:</strong> Review object</p>\n","urlObject":{"path":["v1","reviews","5c8a3c3b14eb5c17645c9135"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"3895dff5-81bf-40f4-b7c4-b4f4092c5874"},{"name":"Create New Review","id":"3238856e-6a01-45ae-a2a8-4eb441f8106d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"review\": \"amazing tourr!!!\",\n    \"rating\": 4.6,\n    \"tour\": \"5c88fa8cf4afda39709c2955\",\n    \"user\": \"680fa82d17eae7d470aa37d2\"\n}","options":{"raw":{"language":"json"}}},"url":"{{URL}}api/v1/reviews/","description":"<p><strong>Description:</strong> Create a new review (user must be booked on the tour).<br /><strong>Auth Required:</strong> ✅ (User)<br /><strong>Body Parameters:</strong></p>\n<ul>\n<li><p><code>review</code>: Text</p>\n</li>\n<li><p><code>rating</code>: Number (1–5)</p>\n</li>\n<li><p><code>tour</code>: ID of tour</p>\n</li>\n<li><p><code>user</code>: ID of user</p>\n</li>\n</ul>\n<p><strong>Response:</strong> Review object</p>\n","urlObject":{"path":["v1","reviews",""],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"3238856e-6a01-45ae-a2a8-4eb441f8106d"},{"name":"Update Review","id":"c19b51a2-c878-44dd-873d-06077dbe3785","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\n    \"rating\": 4\n}","options":{"raw":{"language":"json"}}},"url":"{{URL}}api/v1/reviews/6822dcd601e4039bb47d585b","description":"<p><strong>Description:</strong> Update a review you created.<br /><strong>Auth Required:</strong> ✅ (User who created the review or Admin)<br /><strong>Response:</strong> Updated review object</p>\n","urlObject":{"path":["v1","reviews","6822dcd601e4039bb47d585b"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"c19b51a2-c878-44dd-873d-06077dbe3785"},{"name":"Delete Review","id":"09a7faf9-ea60-43d7-85d8-ab5ce7cf1292","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"DELETE","header":[],"url":"{{URL}}api/v1/reviews/68205e65e50eef41aaefadb8","description":"<p><strong>Description:</strong> Delete a review by ID.<br /><strong>Auth Required:</strong> ✅ (User who created the review or Admin)<br /><strong>Response:</strong> Success message</p>\n","urlObject":{"path":["v1","reviews","68205e65e50eef41aaefadb8"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"09a7faf9-ea60-43d7-85d8-ab5ce7cf1292"}],"id":"bdfd732a-d0de-4814-88d3-78e4a3d6678e","description":"<p><strong>Description:</strong></p>\n<blockquote>\n<p>These endpoints provide <strong>CRUD operations for tour reviews</strong>. Users can create reviews for tours they've booked, and view or manage reviews depending on their role. Only the <strong>review owner or an admin</strong> can update or delete a review. Authenticated users can post reviews for a specific tour. </p>\n</blockquote>\n<p><strong>Key Features:</strong></p>\n<ul>\n<li><p>Post reviews linked to tours</p>\n</li>\n<li><p>View all reviews or a specific review</p>\n</li>\n<li><p>Update/delete own reviews (or as admin)</p>\n</li>\n</ul>\n","_postman_id":"bdfd732a-d0de-4814-88d3-78e4a3d6678e"},{"name":"Tours/Reviews","item":[{"name":"Create New Review on Tour","id":"614b568c-3fe9-4376-b9ed-22be0e79c77f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"rating\": 3,\n    \"review\": \"was okay\"\n}","options":{"raw":{"language":"json"}}},"url":"{{URL}}api/v1/tours/5c88fa8cf4afda39709c295a/reviews","description":"<p><strong>Description:</strong> Post a new review directly to a tour.<br /><strong>Auth Required:</strong> ✅ (User)<br /><strong>Response:</strong> Created review object</p>\n","urlObject":{"path":["v1","tours","5c88fa8cf4afda39709c295a","reviews"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"614b568c-3fe9-4376-b9ed-22be0e79c77f"},{"name":"Get Review on Tour","id":"33465e4a-3a9c-4f74-a81b-9e972b83c9a7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{URL}}api/v1/tours/5c88fa8cf4afda39709c295a/reviews","description":"<p><strong>Description:</strong> Get all reviews for a specific tour.<br /><strong>Auth Required:</strong> ✅<br /><strong>Response:</strong> List of reviews for that tour</p>\n","urlObject":{"path":["v1","tours","5c88fa8cf4afda39709c295a","reviews"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"33465e4a-3a9c-4f74-a81b-9e972b83c9a7"}],"id":"b53d730d-bc1e-49aa-a4ab-daecedcbb672","description":"<p><strong>Description:</strong></p>\n<blockquote>\n<p>These nested routes provide a <strong>convenient way to interact with reviews based on a specific tour</strong> using nested routing. They follow the format: <code>/tours/:tourId/reviews</code> This enables consumers to <strong>create and retrieve reviews for a specific tour</strong> without needing to know review IDs. </p>\n</blockquote>\n<p><strong>Key Features:</strong></p>\n<ul>\n<li><p><code>POST /tours/:tourId/reviews</code>: Add a review to a specific tour</p>\n</li>\n<li><p><code>GET /tours/:tourId/reviews</code>: Get all reviews for a specific tour</p>\n</li>\n</ul>\n","_postman_id":"b53d730d-bc1e-49aa-a4ab-daecedcbb672"},{"name":"Users","item":[{"name":"Get All Users","id":"361d8726-9d53-4735-9a36-f2dfbe551bc4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{URL}}api/v1/users?role=admin","description":"<p><strong>Description:</strong> Retrieves all users.<br /><strong>Auth Required:</strong> ✅ (Admin)<br /><strong>Response:</strong> List of users</p>\n","urlObject":{"path":["v1","users"],"host":["{{URL}}api"],"query":[{"description":{"content":"<p>Select from:  [ admin, user, guide, lead-guide ]</p>\n","type":"text/plain"},"key":"role","value":"admin"}],"variable":[]}},"response":[],"_postman_id":"361d8726-9d53-4735-9a36-f2dfbe551bc4"},{"name":"Get User","id":"e2965a68-3592-4919-ae65-965fde635547","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{URL}}api/v1/users/6","description":"<p><strong>Description:</strong> Get a single user by ID.<br /><strong>Auth Required:</strong> ✅ (Admin)<br /><strong>Response:</strong> User object</p>\n","urlObject":{"path":["v1","users","6"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"e2965a68-3592-4919-ae65-965fde635547"},{"name":"Update User","id":"098d72ea-e018-4bde-9e5f-9da25c76f4f6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\n    \"name\": \"Administrator\"\n}","options":{"raw":{"language":"json"}}},"url":"{{URL}}api/v1/users/6825a6a805ffed206b6fd0ef","description":"<p><strong>Description:</strong> Updates a user’s role or data by ID.<br /><strong>Auth Required:</strong> ✅ (Admin)<br /><strong>Response:</strong> Updated user object</p>\n","urlObject":{"path":["v1","users","6825a6a805ffed206b6fd0ef"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"098d72ea-e018-4bde-9e5f-9da25c76f4f6"},{"name":"Delete User","id":"4f42df30-5a6e-4d52-ad5b-f2b87079941b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"DELETE","header":[],"url":"{{URL}}api/v1/users/6825a6a805ffed206b6fd0ef","description":"<p><strong>Description:</strong> Deletes a user account by ID.<br /><strong>Auth Required:</strong> ✅ (Admin)<br /><strong>Response:</strong> Success message</p>\n","urlObject":{"path":["v1","users","6825a6a805ffed206b6fd0ef"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"4f42df30-5a6e-4d52-ad5b-f2b87079941b"},{"name":"Get Current User","id":"4929fdf0-bfd2-4009-a1b1-3e3708f0a54b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"GET","header":[],"url":"{{URL}}api/v1/users/me","description":"<p><strong>Description:</strong> Retrieves the currently logged-in user's profile.<br /><strong>Auth Required:</strong> ✅ (User)<br /><strong>Response:</strong> User object</p>\n","urlObject":{"path":["v1","users","me"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"4929fdf0-bfd2-4009-a1b1-3e3708f0a54b"},{"name":"Update Current User","id":"68fb1a03-d93d-4af9-bee8-e7126091548f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\n    \"name\": \"Jonas\",\n    \"role\": \"admin\"\n}","options":{"raw":{"language":"json"}}},"url":"{{URL}}api/v1/users/updateMe","description":"<p><strong>Description:</strong> Allows the user to update their own data (name or email).<br /><strong>Auth Required:</strong> ✅ (User)<br /><strong>Body Parameters:</strong></p>\n<ul>\n<li><code>name</code> / <code>email</code></li>\n</ul>\n<p><strong>Response:</strong> Updated user object</p>\n","urlObject":{"path":["v1","users","updateMe"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"68fb1a03-d93d-4af9-bee8-e7126091548f"},{"name":"Delete Current User","id":"2fcbba00-d522-48a5-8eb2-c73ba0484261","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"DELETE","header":[],"url":"{{URL}}api/v1/users/deleteMe","description":"<p><strong>Description:</strong> Deactivates the currently authenticated user account.<br /><strong>Auth Required:</strong> ✅ (User)<br /><strong>Response:</strong> Success message</p>\n","urlObject":{"path":["v1","users","deleteMe"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"2fcbba00-d522-48a5-8eb2-c73ba0484261"}],"id":"2b59d451-53d0-4798-a22f-3444ba290cc7","description":"<p><strong>Description:</strong></p>\n<blockquote>\n<p>Endpoints for <strong>user management</strong> and administrative control over user accounts. These routes allow viewing and modifying user data, either by the user themselves or by an admin. Users can manage their profiles, while admins have full access to all user records. </p>\n</blockquote>\n<p><strong>Key Features:</strong></p>\n<ul>\n<li><p>View, update, and delete users (admin-only)</p>\n</li>\n<li><p>Users can update/delete their own profiles</p>\n</li>\n<li><p>Password update endpoint (<code>PATCH /updateMyPassword</code>) available <a href=\"https://go.postman.co/workspace/cb71d99a-9770-4db4-8767-dc08c7a1cb34/documentation/19410057-b7e0dc21-a80f-4846-b901-474a1d54a6e4?entity=request-d934a599-171a-482f-a88e-e3e980b35386\">here</a>.</p>\n</li>\n</ul>\n","_postman_id":"2b59d451-53d0-4798-a22f-3444ba290cc7"},{"name":"Authentication","item":[{"name":"Sign Up User","event":[{"listen":"test","script":{"id":"3c0a0b6c-ae57-4c38-9cd7-f9a5a619a2c8","exec":["postman.setEnvironmentVariable(\"jwt\", JSON.parse(responseBody).token);"],"type":"text/javascript","packages":{}}}],"id":"4f37fa56-78c5-4e7d-963c-98d875cb6e86","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"name\": \"adminuser\",\n    \"email\": \"delete@jonas.io\",\n    \"password\": \"pass1234\",\n    \"passwordConfirm\": \"pass1234\",\n    \"role\": \"admin\"\n}","options":{"raw":{"language":"json"}}},"url":"{{URL}}api/v1/users/signup","description":"<p><strong>Description:</strong> Register a new user account.<br /><strong>Auth Required:</strong> ❌<br /><strong>Body Parameters:</strong></p>\n<ul>\n<li><p><code>name</code>: string – Full name (required)</p>\n</li>\n<li><p><code>email</code>: string – User email (required)</p>\n</li>\n<li><p><code>password</code>: string – User password (required)</p>\n</li>\n<li><p><code>passwordConfirm</code>: string – Must match password</p>\n</li>\n<li><p><code>role</code>: string - Defaults to <code>user</code> if not provided</p>\n</li>\n</ul>\n<p><strong>Response:</strong> User data with JWT token</p>\n","urlObject":{"path":["v1","users","signup"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"4f37fa56-78c5-4e7d-963c-98d875cb6e86"},{"name":"Login User","event":[{"listen":"test","script":{"id":"06a5a16a-aa30-4de4-b4d1-ef0517e2f85e","exec":["postman.setEnvironmentVariable(\"jwt\", JSON.parse(responseBody).token);"],"type":"text/javascript","packages":{}}}],"id":"6d1bfc44-f2b0-487c-adc7-9c2949580cdc","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"email\": \"admin@voya.io\",\n    \"password\": \"{{password}}\"\n}","options":{"raw":{"language":"json"}}},"url":"{{URL}}api/v1/users/login","description":"<p><strong>Description:</strong> Log in a registered user and receive a JWT token.<br /><strong>Auth Required:</strong> ❌<br /><strong>Body Parameters:</strong></p>\n<ul>\n<li><p><code>email</code>: string</p>\n</li>\n<li><p><code>password</code>: string</p>\n</li>\n</ul>\n<p><strong>Response:</strong> User data with JWT token</p>\n","urlObject":{"path":["v1","users","login"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"6d1bfc44-f2b0-487c-adc7-9c2949580cdc"},{"name":"User Forgot Password","event":[{"listen":"test","script":{"id":"c6b08c27-1064-4da7-8faa-3ca422693d5f","exec":[""],"type":"text/javascript","packages":{}}}],"id":"b46adaf4-81b9-429f-98f5-482422996c81","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"noauth","isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"email\": \"hello@toshita.io\"\n}","options":{"raw":{"language":"json"}}},"url":"{{URL}}api/v1/users/forgotPassword","description":"<p><strong>Description:</strong> Sends a password reset link to the user's email.<br /><strong>Auth Required:</strong> ❌<br /><strong>Body Parameters:</strong></p>\n<ul>\n<li><code>email</code>: string – Registered user email</li>\n</ul>\n<p><strong>Response:</strong> Success message with token sent to email</p>\n","urlObject":{"path":["v1","users","forgotPassword"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"b46adaf4-81b9-429f-98f5-482422996c81"},{"name":"Reset Password","event":[{"listen":"test","script":{"id":"17c13cd6-d96c-4fe5-bd9f-480ebe05128f","exec":["postman.setEnvironmentVariable(\"jwt\", JSON.parse(responseBody).token);"],"type":"text/javascript","packages":{}}}],"id":"76011cfe-984e-45f2-bdc9-e7ada270b6f9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"noauth","isInherited":false},"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\n    \"password\": \"newpass123\",\n    \"passwordConfirm\": \"newpass123\"\n}","options":{"raw":{"language":"json"}}},"url":"{{URL}}api/v1/users/resetPassword/f5653af0de3e639d60c670ca6066cb484157076e23236053b8676adf0b45a31f","description":"<p><strong>Description:</strong> Resets the user’s password using the token sent by email.<br /><strong>Auth Required:</strong> ❌<br /><strong>Body Parameters:</strong></p>\n<ul>\n<li><p><code>password</code>: string</p>\n</li>\n<li><p><code>passwordConfirm</code>: string</p>\n</li>\n</ul>\n<p><strong>Response:</strong> User data with new JWT token</p>\n","urlObject":{"path":["v1","users","resetPassword","f5653af0de3e639d60c670ca6066cb484157076e23236053b8676adf0b45a31f"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"76011cfe-984e-45f2-bdc9-e7ada270b6f9"},{"name":"Update Current User Password","event":[{"listen":"test","script":{"id":"355ae0c5-782d-456b-80d7-279959fb0f51","exec":["postman.setEnvironmentVariable(\"jwt\", JSON.parse(responseBody).token);"],"type":"text/javascript","packages":{}}}],"id":"d934a599-171a-482f-a88e-e3e980b35386","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"{{jwt}}"}]},"isInherited":false},"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\n    \"passwordCurrent\": \"newpass123\",\n    \"password\": \"password1234\",\n    \"passwordConfirm\": \"password1234\"\n}","options":{"raw":{"language":"json"}}},"url":"{{URL}}api/v1/users/updateMyPassword","description":"<p><strong>Description:</strong> Updates the password for the currently authenticated user.<br /><strong>Auth Required:</strong> ✅ (User)<br /><strong>Body Parameters:</strong></p>\n<ul>\n<li><p><code>passwordCurrent</code>: string</p>\n</li>\n<li><p><code>password</code>: string</p>\n</li>\n<li><p><code>passwordConfirm</code>: string</p>\n</li>\n</ul>\n<p><strong>Response:</strong> Success message with new token</p>\n","urlObject":{"path":["v1","users","updateMyPassword"],"host":["{{URL}}api"],"query":[],"variable":[]}},"response":[],"_postman_id":"d934a599-171a-482f-a88e-e3e980b35386"}],"id":"48fa1ec1-2d9f-458e-a2d0-e8d97e353164","description":"<p><strong>Description:</strong></p>\n<blockquote>\n<p>Handles <strong>user authentication and security workflows</strong>, including registration, login, password resets, and account protection. JWT-based authentication is implemented with token expiration and refresh support. These routes are <strong>public</strong> and used to acquire access tokens, reset forgotten passwords, and manage login state. </p>\n</blockquote>\n<p><strong>Key Features:</strong></p>\n<ul>\n<li><p><code>POST /signup</code> – Register a new user</p>\n</li>\n<li><p><code>POST /login</code> – Login and receive JWT token</p>\n</li>\n<li><p><code>POST /forgotPassword</code> – Initiate password reset</p>\n</li>\n<li><p><code>PATCH /resetPassword/:token</code> – Reset using token</p>\n</li>\n<li><p><code>PATCH /updateMyPassword</code> – Authenticated password update</p>\n</li>\n</ul>\n","_postman_id":"48fa1ec1-2d9f-458e-a2d0-e8d97e353164"}]}