The Finance Dashboard System is a secure RESTful API built with Node.js, Express, and MongoDB for managing organizational financial records. It supports full CRUD operations, smart filtering, and a financial summary dashboard — all protected behind a multi-step JWT authentication system.
\nhttps://finance-dashboard-service.onrender.com/\n\nThis API uses a 3-step login system to ensure only authorized company employees can access finance data.
\nNew User (First Time Login)
\nPOST /user/login — Submit company email → OTP is sent
POST /user/login/otp — Verify OTP received on email
POST /user/login/password — Create password → Receive JWT Token
Returning User
\nPOST /user/login — Submit company email
POST /user/login/password — Enter existing password → Receive JWT Token
\n\nAll Finance endpoints require the JWT token in the Authorization header:
\nAuthorization: Bearer
This API implements role-based access control (RBAC) derived automatically from the user's email address. The role is extracted from the email format:
\n\nEmail Format
\nRoleAccess Level
\njohn_finance@company.com
Analyst
\nCan view the finance records
\njohn_admin@company.com
Admin
\nFull system access
\njohn_hr@company.com
Viewer
\nView-only access to dashboard
\n\n\nNote: Any role other than
\nfinanceoradminis treated as a Viewer with restricted access.
Examples
\nsarah_finance@sharklasers.com → Role: Analyst
admin_admin@sharklasers.com → Role: Admin
mark_hr@sharklasers.com → Role: Viewer
The role is automatically assigned at account creation and embedded in the JWT token — no manual role assignment is required.
\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"38959583","collectionId":"c675da43-8b8a-4f26-bd85-6018e0505679","publishedId":"2sBXiqEp7N","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"publishDate":"2026-04-06T08:12:41.000Z"},"item":[{"name":"User Authentication","item":[{"name":"Email Validation","id":"0ba84b20-9cb6-45da-bd00-922796d45b44","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"Initiates the login process by validating the submitted email against the company domain.
\nNew User: If the email is not registered, an OTP is sent to the email address. Proceed to the OTP Validation endpoint.
\nReturning User: If the email is already registered, proceed directly to Password Authentication — no OTP required.
\n\n\nOnly company-authorized email domains are accepted. Invalid domains will be rejected.
\n
Request Body
\nSuccess Response — New User
\n{\n \"message\": \"OTP sent successfully to mail testuser_finance@company.com\",\n \"isuser\": false\n}\n\nSuccess Response — Returning User
\n{\n \"message\": \"Please Login\",\n \"isuser\": true\n}\n\nError Response
\n{\n \"message\": \"Invalid Email\"\n}\n\nVerifies the One-Time Password (OTP) sent to the user's email in Step 1.
\n\n\nThis step is only required for first-time users. Returning users skip directly to Password Authentication.
\n
Request Body
\nSuccess Response
\n{\n \"message\": \"Email ID authenticated successfully\"\n}\n\nError Response
\n{\n \"message\": \"OTP not valid\"\n}\n\nNew User: Creates a password and registers the account. Returns a JWT token.
\nReturning User: Validates the existing password. Returns a JWT token on success.
\n\n\nThe JWT token returned here must be passed as
\nAuthorization: Bearerin all Finance API requests.
Request Body
\nSuccess Response
\n{\n \"message\": \"User authenticated successfully\",\n \"token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\"\n}\n\nError Response
\n{\n \"message\": \"Invalid credentials\"\n}\n\nHandles the complete multi-step login flow for company employees.
\nNew users go through email verification → OTP validation → password creation
\nReturning users go through email verification → password login
\nA JWT Bearer Token is returned upon successful authentication and must be used in all Finance API requests.
\n","_postman_id":"af06cae5-32ac-4978-bfdd-db4aea978d02"},{"name":"Finance Operations","item":[{"name":"Get all financial records","id":"a4130a39-1af8-4c57-90b7-4ce8a537e0d2","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"Returns a paginated list of all financial records for the authenticated user.
\nSupports pagination via query parameters to efficiently handle large datasets.
\nQuery Parameters
\nSuccess Response
\n[\n {\n \"_id\": \"69d28c9533f3177eb67ea72a\",\n \"amount\": 5000,\n \"financeType\": \"Income\",\n \"category\": \"Salary\",\n \"date\": \"2026-04-05T16:23:47.439Z\",\n \"notes\": \"Monthly salary credited\",\n \"createdAt\": \"2026-04-05T16:23:49.423Z\",\n \"updatedAt\": \"2026-04-05T16:23:49.423Z\",\n \"__v\": 0\n },\n {\n \"_id\": \"69d28cb933f3177eb67ea72c\",\n \"amount\": 300,\n \"financeType\": \"Expense\",\n \"category\": \"Travel\",\n \"date\": \"2026-04-05T16:23:47.439Z\",\n \"notes\": \"Client site visit travel\",\n \"createdAt\": \"2026-04-05T16:24:25.899Z\",\n \"updatedAt\": \"2026-04-05T16:24:25.899Z\",\n \"__v\": 0\n },\n {\n \"_id\": \"69d28cc133f3177eb67ea72d\",\n \"amount\": 8000,\n \"financeType\": \"Income\",\n \"category\": \"Project\",\n \"date\": \"2026-04-05T16:23:47.439Z\",\n \"notes\": \"Project milestone payment received\",\n \"createdAt\": \"2026-04-05T16:24:33.129Z\",\n \"updatedAt\": \"2026-04-05T16:24:33.129Z\",\n \"__v\": 0\n }\n]\n\nRetrieves a single financial record by its unique MongoDB ID.
\nPath Parameter
\nSuccess Response
\n{\n \"_id\": \"69d28cb133f3177eb67ea72b\",\n \"amount\": 900,\n \"financeType\": \"Expense\",\n \"category\": \"Equipment\",\n \"date\": \"2024-03-15\",\n \"notes\": \"Purchased keyboard and mouse\"\n}\n\nError Response
\n{\n \"message\": \"Record not found\"\n}\n\nCreates a new financial record (income or expense) for the organization.
\nRequest Body
\nSuccess Response
\n{\n \"message\": \"Financial record added successfully\"\n}\n\nUpdates one or more fields of an existing financial record by ID. Only the fields provided in the request body will be updated.
\nPath Parameter
\nRequest Body (all fields optional — send only what needs updating)
\nSuccess Response
\n{\n \"message\": \"Financial record updated successfully\"\n}\n\nError Response
\n{\n \"message\": \"Financial Record not found\"\n}\n\nPermanently deletes a financial record by its ID.
\n\n\n⚠️ This action is irreversible.
\n
Path Parameter
\nSuccess Response
\n{\n \"message\": \"Financial record deleted successfully\"\n}\n\nError Response
\n{\n \"message\": \"Financial Record not found\"\n}\n\nFilters financial records by finance type and/or category. Useful for generating targeted reports.
\nQuery Parameters
\n\n\nAt least one query parameter should be provided.
\n
Success Response
\n[\n {\n \"_id\": \"69d28cd733f3177eb67ea730\",\n \"amount\": 3500,\n \"financeType\": \"Income\",\n \"category\": \"Bonus\",\n \"date\": \"2026-04-05T16:23:47.439Z\",\n \"notes\": \"Quarterly performance bonus\",\n \"createdAt\": \"2026-04-05T16:24:55.440Z\",\n \"updatedAt\": \"2026-04-05T16:24:55.440Z\",\n \"__v\": 0\n }\n]\n\nReturns an overall financial summary including total income, total expenses, and net balance. Useful for high-level reporting and decision making.
\nSuccess Response
\n{\n \"totalIncome\": 18500,\n \"totalExpense\": 3050,\n \"netBalance\": 15450,\n \"categoryWiseTotal\": [\n {\n \"category\": \"Project\",\n \"totalIncome\": 8000,\n \"totalExpense\": 0\n },\n {\n \"category\": \"Equipment\",\n \"totalIncome\": 0,\n \"totalExpense\": 2300\n },\n {\n \"category\": \"Salary\",\n \"totalIncome\": 5000,\n \"totalExpense\": 0\n },\n {\n \"category\": \"Travel\",\n \"totalIncome\": 0,\n \"totalExpense\": 300\n },\n {\n \"category\": \"Bonus\",\n \"totalIncome\": 3500,\n \"totalExpense\": 0\n },\n {\n \"category\": \"Freelance\",\n \"totalIncome\": 2000,\n \"totalExpense\": 0\n },\n {\n \"category\": \"Utilities\",\n \"totalIncome\": 0,\n \"totalExpense\": 450\n }\n ],\n \"MonthlyTrends\": [\n {\n \"Apr-2026\": {\n \"income\": 18500,\n \"expense\": 3050\n }\n }\n ]\n}\n\nContains full CRUD operations for finance records, including listing, retrieving by ID, creating, updating, deleting, filtering/searching, and a dashboard summary endpoint.
\n","_postman_id":"8bcb5cbf-5f63-4663-b2c4-fff7e30977d5"}]}