{"info":{"_postman_id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","name":"Nirbhaya API","description":"

Complete API collection for the Nirbhaya women safety platform. Set the baseUrl variable to your server address before testing.

Base URL: http://localhost:5001

Authentication: All protected routes require the Bearer token from login/register response. Set it in the collection-level Authorization tab or paste it per-request.

\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"50839334","collectionId":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","publishedId":"2sBXqKnzCE","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"publishDate":"2026-05-01T14:01:54.000Z"},"item":[{"name":"Auth","item":[{"name":"Register","id":"07f63b41-e7d5-40fa-9a1a-58886c73f728","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"name\": \"Priya Sharma\",\n \"email\": \"priya@example.com\",\n \"phone\": \"9876543210\",\n \"password\": \"SecurePass@123\",\n \"confirmPassword\": \"SecurePass@123\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/auth/register","description":"

Creates a new user account.

Rules:

name: minimum 2 characters
email: valid email format
phone: 10-digit Indian mobile number starting with 6-9
password: minimum 8 characters
confirmPassword: must match password

Returns accessToken and refreshToken on success. Copy the accessToken into the collection variable.

\n","auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":true,"source":{"_postman_id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","name":"Nirbhaya API","type":"collection"}},"urlObject":{"path":["api","auth","register"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[{"id":"674244cb-7371-4fe1-b660-7bfd7bd67e7f","name":"Register","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"name\": \"Priya Sharma\",\n \"email\": \"priya@example.com\",\n \"phone\": \"9876543210\",\n \"password\": \"SecurePass@123\",\n \"confirmPassword\": \"SecurePass@123\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/auth/register"},"status":"Created","code":201,"_postman_previewlanguage":null,"header":[{"key":"Content-Security-Policy","value":"default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Cross-Origin-Resource-Policy","value":"cross-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"200;w=900"},{"key":"RateLimit-Limit","value":"200"},{"key":"RateLimit-Remaining","value":"198"},{"key":"RateLimit-Reset","value":"890"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"567"},{"key":"ETag","value":"W/\"237-tTjC9JY3FVjvwR5J6Oha9RjFQdM\""},{"key":"Date","value":"Fri, 01 May 2026 13:33:25 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"message\": \"Registration successful.\",\n \"accessToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2OWY0YWJhNWE3NzljYmNkOTBjZjM3OGUiLCJpYXQiOjE3Nzc2NDI0MDUsImV4cCI6MTc3NzY0MzMwNX0.RfgGg8W6BK-Nlrnf8fKRpqv8xno30clBTk0HYW6_h-s\",\n \"refreshToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2OWY0YWJhNWE3NzljYmNkOTBjZjM3OGUiLCJpYXQiOjE3Nzc2NDI0MDUsImV4cCI6MTc4MDIzNDQwNX0.bzfPD60e3tBiPa8ZO7GejQhinJftFjwwH-nLNcItkLc\",\n \"user\": {\n \"_id\": \"69f4aba5a779cbcd90cf378e\",\n \"name\": \"Priya Sharma\",\n \"email\": \"priya@example.com\",\n \"phone\": \"9876543210\",\n \"plan\": \"free\"\n }\n}"}],"_postman_id":"07f63b41-e7d5-40fa-9a1a-58886c73f728"},{"name":"Verify Email","id":"19a5763d-4ca2-4eb7-b63f-6b806c6d7f9d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"email\": \"priya@example.com\",\n \"otp\": \"123456\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/auth/verify-email","description":"

Verifies email using the OTP sent during registration. OTP is valid for 10 minutes. Returns tokens on success.

Resends a fresh email verification OTP to the given email. Only works if the email is not yet verified.

Authenticates the user and returns accessToken (expires in 15 minutes) and refreshToken (expires in 30 days).

Account locks for 15 minutes after 5 consecutive failed attempts.

\n","auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":true,"source":{"_postman_id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","name":"Nirbhaya API","type":"collection"}},"urlObject":{"path":["api","auth","login"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[{"id":"5c7e265c-42bf-4b84-a580-fc1832788286","name":"Login","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"email\": \"priya@example.com\",\n \"password\": \"SecurePass@123\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/auth/login"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Content-Security-Policy","value":"default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Cross-Origin-Resource-Policy","value":"cross-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"200;w=900"},{"key":"RateLimit-Limit","value":"200"},{"key":"RateLimit-Remaining","value":"195"},{"key":"RateLimit-Reset","value":"865"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"548"},{"key":"ETag","value":"W/\"224-xsejBJIeckzcCRWfWSbwx0IQpKk\""},{"key":"Date","value":"Fri, 01 May 2026 13:33:49 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"accessToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2OWY0YWJhNWE3NzljYmNkOTBjZjM3OGUiLCJpYXQiOjE3Nzc2NDI0MjksImV4cCI6MTc3NzY0MzMyOX0.JC2_I4kL8BwLqIaLRIGsnuLrUijd8MrzL-ceWpBHHHE\",\n \"refreshToken\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2OWY0YWJhNWE3NzljYmNkOTBjZjM3OGUiLCJpYXQiOjE3Nzc2NDI0MjksImV4cCI6MTc4MDIzNDQyOX0.vd5j0h1E8hixU41HHOs7XtT2gh5FR6qFdrgIzId5qes\",\n \"user\": {\n \"_id\": \"69f4aba5a779cbcd90cf378e\",\n \"name\": \"Priya Sharma\",\n \"email\": \"priya@example.com\",\n \"phone\": \"9876543210\",\n \"plan\": \"free\",\n \"planExpiry\": null\n }\n}"}],"_postman_id":"e0a5a23d-ebad-4c3a-9f45-9d4a1e618491"},{"name":"Google Login","id":"b0425d4b-231b-4a2e-989d-b69b5f941a5c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"token\": \"google_id_token_from_frontend_oauth_flow\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/auth/google","description":"

Authenticates using a Google ID token obtained from the Google OAuth2 sign-in flow on the frontend. Creates a new account if the email does not exist.

Issues a new accessToken using a valid refreshToken. Use this when the accessToken expires after 15 minutes. Returns only the new accessToken.

Generates a password reset token valid for 1 hour and logs the reset link to the server console (email integration pending). Returns the same success message regardless of whether the email exists, for security.

\n","auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":true,"source":{"_postman_id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","name":"Nirbhaya API","type":"collection"}},"urlObject":{"path":["api","auth","forgot-password"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[{"id":"bce217b3-db6e-4140-bef0-f7d2c433695d","name":"Forgot Password","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"email\": \"priya@example.com\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/auth/forgot-password"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Content-Security-Policy","value":"default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Cross-Origin-Resource-Policy","value":"cross-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"200;w=900"},{"key":"RateLimit-Limit","value":"200"},{"key":"RateLimit-Remaining","value":"199"},{"key":"RateLimit-Reset","value":"900"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"78"},{"key":"ETag","value":"W/\"4e-M4tJB5VtzUXtCK5QNNbu2o1lyoA\""},{"key":"Date","value":"Fri, 01 May 2026 13:33:14 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"message\": \"If this email exists, a reset link has been sent.\"\n}"}],"_postman_id":"cd8505e9-7a02-4d16-b2ce-154ef5611801"},{"name":"Reset Password","id":"a3aea2f5-7225-4968-8f64-510e392bf95a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"token\": \"reset_token_from_email_link\",\n \"newPassword\": \"NewSecurePass@456\",\n \"confirmPassword\": \"NewSecurePass@456\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/auth/reset-password","description":"

Resets the user's password using the token from the forgot-password link. Token expires in 1 hour. Invalidates all active sessions on success.

Returns the authenticated user's full profile excluding the password field. Requires Bearer token.

\n","urlObject":{"path":["api","auth","profile"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[{"id":"2a5c354e-804d-4c7e-933d-f715c4c0e8d8","name":"Get Profile","originalRequest":{"method":"GET","header":[],"url":"http://localhost:5001/api/auth/profile"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Content-Security-Policy","value":"default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Cross-Origin-Resource-Policy","value":"cross-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"200;w=900"},{"key":"RateLimit-Limit","value":"200"},{"key":"RateLimit-Remaining","value":"173"},{"key":"RateLimit-Reset","value":"50"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"598"},{"key":"ETag","value":"W/\"256-vMXbbIYgvLP19wo7eEagtFP2oDw\""},{"key":"Date","value":"Fri, 01 May 2026 13:47:25 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"user\": {\n \"_id\": \"69f4aba5a779cbcd90cf378e\",\n \"emailVerified\": true,\n \"emailOTP\": null,\n \"emailOTPExpiry\": null,\n \"refreshToken\": \"5f2431e8ecf688a8023697e0efb2a2b8449870a32cedc01ddc67d0879eb407af\",\n \"passwordResetToken\": null,\n \"passwordResetExpiry\": null,\n \"emergencyPin\": null,\n \"profilePhoto\": null,\n \"address\": null,\n \"city\": null,\n \"lastLogin\": \"2026-05-01T13:33:49.943Z\",\n \"loginAttempts\": 0,\n \"lockUntil\": null,\n \"name\": \"Priya Sharma\",\n \"email\": \"priya@example.com\",\n \"phone\": \"9876543210\",\n \"authProvider\": \"local\",\n \"googleId\": null,\n \"plan\": \"free\",\n \"planExpiry\": null,\n \"isActive\": true,\n \"createdAt\": \"2026-05-01T13:33:25.022Z\",\n \"__v\": 0\n }\n}"}],"_postman_id":"13bbe1fa-8d75-4a24-9203-85d0c09ce80c"},{"name":"Update Profile","id":"e5144fa8-b0af-4ab1-a720-b31e4fc714be","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"PUT","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"name\": \"Priya Sharma Updated\",\n \"phone\": \"9876543211\",\n \"address\": \"123 MG Road\",\n \"city\": \"Ahmedabad\",\n \"profilePhoto\": \"https://example.com/photo.jpg\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/auth/update-profile","description":"

Updates the authenticated user's profile. All fields are optional — send only the fields you want to update. Phone validation applies if phone is provided.

\n","urlObject":{"path":["api","auth","update-profile"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[{"id":"be3e4ec3-04a6-4dec-a303-abd7891b3313","name":"Update Profile","originalRequest":{"method":"PUT","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"name\": \"Priya Sharma Updated\",\n \"phone\": \"9876543211\",\n \"address\": \"123 MG Road\",\n \"city\": \"Ahmedabad\",\n \"profilePhoto\": \"https://example.com/photo.jpg\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/auth/update-profile"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Content-Security-Policy","value":"default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Cross-Origin-Resource-Policy","value":"cross-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"200;w=900"},{"key":"RateLimit-Limit","value":"200"},{"key":"RateLimit-Remaining","value":"172"},{"key":"RateLimit-Reset","value":"40"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"649"},{"key":"ETag","value":"W/\"289-XBDL7oC72gDnrEJjIQmvBX5x1lQ\""},{"key":"Date","value":"Fri, 01 May 2026 13:47:35 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"user\": {\n \"_id\": \"69f4aba5a779cbcd90cf378e\",\n \"emailVerified\": true,\n \"emailOTP\": null,\n \"emailOTPExpiry\": null,\n \"refreshToken\": \"5f2431e8ecf688a8023697e0efb2a2b8449870a32cedc01ddc67d0879eb407af\",\n \"passwordResetToken\": null,\n \"passwordResetExpiry\": null,\n \"emergencyPin\": null,\n \"profilePhoto\": \"https://example.com/photo.jpg\",\n \"address\": \"123 MG Road\",\n \"city\": \"Ahmedabad\",\n \"lastLogin\": \"2026-05-01T13:33:49.943Z\",\n \"loginAttempts\": 0,\n \"lockUntil\": null,\n \"name\": \"Priya Sharma Updated\",\n \"email\": \"priya@example.com\",\n \"phone\": \"9876543211\",\n \"authProvider\": \"local\",\n \"googleId\": null,\n \"plan\": \"free\",\n \"planExpiry\": null,\n \"isActive\": true,\n \"createdAt\": \"2026-05-01T13:33:25.022Z\",\n \"__v\": 0\n }\n}"}],"_postman_id":"e5144fa8-b0af-4ab1-a720-b31e4fc714be"},{"name":"Change Password","id":"563e1c32-427c-4404-bbcc-4f91e83e0c92","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"PUT","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"currentPassword\": \"SecurePass@123\",\n \"newPassword\": \"NewSecurePass@456\",\n \"confirmPassword\": \"NewSecurePass@456\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/auth/change-password","description":"

Changes the password for the authenticated user. Requires the correct current password. New password must be at least 8 characters.

\n","urlObject":{"path":["api","auth","change-password"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[{"id":"e181dec8-1b3a-4cc7-bd6f-0d9a9a8bcd6d","name":"Change Password","originalRequest":{"method":"PUT","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"currentPassword\": \"SecurePass@123\",\n \"newPassword\": \"NewSecurePass@456\",\n \"confirmPassword\": \"NewSecurePass@456\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/auth/change-password"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Content-Security-Policy","value":"default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Cross-Origin-Resource-Policy","value":"cross-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"200;w=900"},{"key":"RateLimit-Limit","value":"200"},{"key":"RateLimit-Remaining","value":"171"},{"key":"RateLimit-Reset","value":"33"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"58"},{"key":"ETag","value":"W/\"3a-q68W5NWhqX5poAtHZphYySdDRQ8\""},{"key":"Date","value":"Fri, 01 May 2026 13:47:42 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"message\": \"Password changed successfully\"\n}"}],"_postman_id":"563e1c32-427c-4404-bbcc-4f91e83e0c92"},{"name":"Logout","id":"762afd84-a418-445c-9c88-0ef46a2ed4ad","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/auth/logout","description":"

Invalidates the current session by clearing the stored refresh token. The accessToken will still work until it naturally expires in 15 minutes.

\n","urlObject":{"path":["api","auth","logout"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[{"id":"a53b3c98-0aaa-4834-9a4e-94ca0298f07d","name":"Logout","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/auth/logout"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Content-Security-Policy","value":"default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Cross-Origin-Resource-Policy","value":"cross-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"200;w=900"},{"key":"RateLimit-Limit","value":"200"},{"key":"RateLimit-Remaining","value":"170"},{"key":"RateLimit-Reset","value":"25"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"52"},{"key":"ETag","value":"W/\"34-RTw5tHxjaaqEcEVbesn1aQCzRls\""},{"key":"Date","value":"Fri, 01 May 2026 13:47:50 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"message\": \"Logged out successfully\"\n}"}],"_postman_id":"762afd84-a418-445c-9c88-0ef46a2ed4ad"}],"id":"1f4422da-5c28-46cf-aa7b-6eceefa5012d","description":"

User registration, login, password management, and profile endpoints.

Public routes: Register, Verify Email, Resend OTP, Login, Google Login, Refresh Token, Forgot Password, Reset Password.\nProtected routes: Get Profile, Update Profile, Change Password, Logout.

\n","_postman_id":"1f4422da-5c28-46cf-aa7b-6eceefa5012d","auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":true,"source":{"_postman_id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","name":"Nirbhaya API","type":"collection"}}},{"name":"Guardian","item":[{"name":"Get All Guardians","id":"a18f8e07-345e-49ab-8d45-58f0bdc5f733","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"url":"http://localhost:5001/api/guardian","description":"

Returns two lists: verified guardians and pending (unverified) guardians. Each guardian entry includes an isOTPExpired flag indicating whether the verification OTP has expired.

\n","urlObject":{"path":["api","guardian"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[{"id":"8eb7c950-9b0e-495f-b71b-78c308ce1660","name":"Get All Guardians","originalRequest":{"method":"GET","header":[],"url":"http://localhost:5001/api/guardian"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Content-Security-Policy","value":"default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Cross-Origin-Resource-Policy","value":"cross-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"200;w=900"},{"key":"RateLimit-Limit","value":"200"},{"key":"RateLimit-Remaining","value":"185"},{"key":"RateLimit-Reset","value":"468"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"53"},{"key":"ETag","value":"W/\"35-eiI1M64f1Qp/pR3GRAaLSsXy1uM\""},{"key":"Date","value":"Fri, 01 May 2026 13:40:27 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"verified\": [],\n \"pending\": [],\n \"total\": 0\n}"}],"_postman_id":"a18f8e07-345e-49ab-8d45-58f0bdc5f733"},{"name":"Add Guardian","id":"41eba592-2533-4dbe-bd00-96dfa4d75d85","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"guardianName\": \"Rahul Sharma\",\n \"guardianPhone\": \"9876501234\",\n \"relation\": \"Brother\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/guardian","description":"

Adds a new guardian to the user's network and sends a 6-digit OTP to the guardian's phone via SMS. The guardian must verify with this OTP before they become active.

All three fields are required. guardianPhone must be a valid 10-digit Indian number. Duplicate phone numbers are rejected.

\n","urlObject":{"path":["api","guardian"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[{"id":"7dd01f2a-452d-4155-a826-4ecd6348d943","name":"Add Guardian","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"guardianName\": \"Rahul Sharma\",\n \"guardianPhone\": \"9876501234\",\n \"relation\": \"Brother\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/guardian"},"status":"Created","code":201,"_postman_previewlanguage":null,"header":[{"key":"Content-Security-Policy","value":"default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Cross-Origin-Resource-Policy","value":"cross-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"200;w=900"},{"key":"RateLimit-Limit","value":"200"},{"key":"RateLimit-Remaining","value":"184"},{"key":"RateLimit-Reset","value":"460"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"493"},{"key":"ETag","value":"W/\"1ed-gdeqhJdn+vDu7eIV3j5o1w71rUM\""},{"key":"Date","value":"Fri, 01 May 2026 13:40:35 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"message\": \"Guardian added. OTP sent to their number for verification.\",\n \"guardian\": {\n \"userId\": \"69f4aba5a779cbcd90cf378e\",\n \"guardianName\": \"Rahul Sharma\",\n \"guardianPhone\": \"9876501234\",\n \"relation\": \"Brother\",\n \"isVerified\": false,\n \"verificationOTP\": \"592276\",\n \"otpExpiry\": \"2026-05-01T13:55:35.436Z\",\n \"otpAttempts\": 0,\n \"acceptedAt\": null,\n \"lastAlertedAt\": null,\n \"alertCount\": 0,\n \"isActive\": true,\n \"notes\": null,\n \"_id\": \"69f4ad53a779cbcd90cf379b\",\n \"addedAt\": \"2026-05-01T13:40:35.436Z\",\n \"__v\": 0\n },\n \"otpSent\": true\n}"}],"_postman_id":"41eba592-2533-4dbe-bd00-96dfa4d75d85"},{"name":"Verify Guardian OTP","id":"b517bec0-99fe-4f66-9078-b8b0668cecad","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"guardianId\": \"\",\n \"otp\": \"123456\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/guardian/verify","description":"

Verifies a pending guardian using the OTP sent to their phone. OTP expires in 15 minutes. Locks after 5 incorrect attempts — use Resend OTP to reset. Sends a confirmation SMS to the guardian on success.

\n","urlObject":{"path":["api","guardian","verify"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"b517bec0-99fe-4f66-9078-b8b0668cecad"},{"name":"Resend Guardian OTP","id":"2dd46408-6c4a-4362-aebd-c195e14341b0","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"guardianId\": \"\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/guardian/resend-otp","description":"

Generates and sends a fresh OTP to the guardian's phone. Rate-limited: cannot resend if the previous OTP was issued less than 5 minutes ago.

\n","urlObject":{"path":["api","guardian","resend-otp"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[{"id":"a1083591-7572-49d2-9a56-715f78486109","name":"Resend Guardian OTP","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"guardianId\": \"\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/guardian/resend-otp"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Content-Security-Policy","value":"default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Cross-Origin-Resource-Policy","value":"cross-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"200;w=900"},{"key":"RateLimit-Limit","value":"200"},{"key":"RateLimit-Remaining","value":"180"},{"key":"RateLimit-Reset","value":"103"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"61"},{"key":"ETag","value":"W/\"3d-vwsn82hlo6RQLicqR9wbkwp3RzE\""},{"key":"Date","value":"Fri, 01 May 2026 13:46:32 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"message\": \"New OTP sent to guardian's phone\"\n}"}],"_postman_id":"2dd46408-6c4a-4362-aebd-c195e14341b0"},{"name":"Update Guardian","id":"f061a41d-aa02-49b8-b46e-953d1176d434","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"PUT","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"guardianName\": \"Rahul Kumar Sharma\",\n \"relation\": \"Elder Brother\",\n \"notes\": \"Primary contact in emergencies\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/guardian/","description":"

Updates the name, relation, or notes for a guardian. Phone number cannot be changed — to change a phone number, delete and re-add the guardian.

\n","urlObject":{"path":["api","guardian",""],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"f061a41d-aa02-49b8-b46e-953d1176d434"},{"name":"Send Test Alert","id":"c3ed1693-29dd-42bc-a8e9-dfafb164634f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/guardian//test-alert","description":"

Sends a test SMS to a verified guardian to confirm the alerting system is working. Guardian must be verified. Rate-limited to once per hour per guardian.

\n","urlObject":{"path":["api","guardian","","test-alert"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"c3ed1693-29dd-42bc-a8e9-dfafb164634f"},{"name":"Remove Guardian","id":"a1536b0e-188a-4d4d-aa39-7f76f3e8c839","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"DELETE","header":[],"url":"http://localhost:5001/api/guardian/","description":"

Soft-deletes a guardian by setting isActive to false. The record is retained in the database for audit purposes.

\n","urlObject":{"path":["api","guardian",""],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[{"id":"2a745b89-0a61-44bd-b769-5de778876f86","name":"Remove Guardian","originalRequest":{"method":"DELETE","header":[],"url":"http://localhost:5001/api/guardian/"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Content-Security-Policy","value":"default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Cross-Origin-Resource-Policy","value":"cross-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"200;w=900"},{"key":"RateLimit-Limit","value":"200"},{"key":"RateLimit-Remaining","value":"177"},{"key":"RateLimit-Reset","value":"80"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"63"},{"key":"ETag","value":"W/\"3f-OxcObMi1vHHtXdEbSU3NgQvCHRo\""},{"key":"Date","value":"Fri, 01 May 2026 13:46:54 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"message\": \"Guardian removed from your network\"\n}"}],"_postman_id":"a1536b0e-188a-4d4d-aa39-7f76f3e8c839"}],"id":"621b33b5-35bd-4853-99a9-2c53d1297eb9","description":"

Manage the user's trusted guardian network.

All routes are protected and require Bearer token.

Flow: Add Guardian → OTP is sent to guardian's phone → Verify Guardian with OTP → Guardian is now active.

Free plan limit: 3 guardians. Premium: unlimited.

\n","_postman_id":"621b33b5-35bd-4853-99a9-2c53d1297eb9","auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":true,"source":{"_postman_id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","name":"Nirbhaya API","type":"collection"}}},{"name":"SOS","item":[{"name":"Trigger SOS","id":"c95b85a4-e952-4460-9fc1-9da2b7f99a09","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"latitude\": 23.0225,\n \"longitude\": 72.5714,\n \"message\": \"I need immediate help!\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/sos/trigger","description":"

Triggers an emergency SOS alert. Sends SMS to all guardians with a Google Maps link of the user's location. Emits a Socket.io event to the sos_{userId} room.

latitude and longitude are required. message is optional and defaults to 'I need help!' if not provided.

Returns 409 if an active alert already exists.

\n","urlObject":{"path":["api","sos","trigger"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[{"id":"c63377ec-ffc0-47ce-9b6a-5fd113fb1085","name":"Trigger SOS","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"latitude\": 23.0225,\n \"longitude\": 72.5714,\n \"message\": \"I need immediate help!\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/sos/trigger"},"status":"Created","code":201,"_postman_previewlanguage":null,"header":[{"key":"Content-Security-Policy","value":"default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Cross-Origin-Resource-Policy","value":"cross-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"200;w=900"},{"key":"RateLimit-Limit","value":"200"},{"key":"RateLimit-Remaining","value":"169"},{"key":"RateLimit-Reset","value":"10"},{"key":"X-RateLimit-Limit","value":"10"},{"key":"X-RateLimit-Remaining","value":"9"},{"key":"Date","value":"Fri, 01 May 2026 13:48:05 GMT"},{"key":"X-RateLimit-Reset","value":"1777643346"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"514"},{"key":"ETag","value":"W/\"202-9e7yD8SdzEnCZQEK71I2NJlgtmk\""},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"message\": \"SOS alert sent to 0 guardian(s)\",\n \"alert\": {\n \"userId\": \"69f4aba5a779cbcd90cf378e\",\n \"latitude\": 23.0225,\n \"longitude\": 72.5714,\n \"message\": \"I need immediate help!\",\n \"googleMapsLink\": \"https://maps.google.com/?q=23.0225,72.5714\",\n \"status\": \"active\",\n \"audioUrl\": null,\n \"resolved\": false,\n \"resolvedAt\": null,\n \"cancelledAt\": null,\n \"guardiansAlerted\": 1,\n \"smsSentCount\": 0,\n \"smsFailedCount\": 1,\n \"_id\": \"69f4af15a779cbcd90cf37bd\",\n \"createdAt\": \"2026-05-01T13:48:05.354Z\",\n \"__v\": 0\n },\n \"guardiansAlerted\": 1,\n \"smsSent\": 0,\n \"smsFailed\": 1\n}"}],"_postman_id":"c95b85a4-e952-4460-9fc1-9da2b7f99a09"},{"name":"Cancel SOS","id":"d4387838-a2d9-4d99-8357-d0cf6d830838","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/sos/cancel","description":"

Cancels the currently active SOS alert and notifies all guardians via SMS that it was a false alarm. Emits a Socket.io sos-cancelled event.

\n","urlObject":{"path":["api","sos","cancel"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[{"id":"c0a0015e-90f6-4797-8652-cbd022ca48ce","name":"Cancel SOS","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/sos/cancel"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"Content-Security-Policy","value":"default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Cross-Origin-Resource-Policy","value":"cross-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"200;w=900"},{"key":"RateLimit-Limit","value":"200"},{"key":"RateLimit-Remaining","value":"199"},{"key":"RateLimit-Reset","value":"900"},{"key":"X-RateLimit-Limit","value":"10"},{"key":"X-RateLimit-Remaining","value":"8"},{"key":"Date","value":"Fri, 01 May 2026 13:48:14 GMT"},{"key":"X-RateLimit-Reset","value":"1777643346"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"79"},{"key":"ETag","value":"W/\"4f-zYTzGo0G35Myrql3EAIZDdMXSSI\""},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"message\": \"SOS alert cancelled. Guardians have been notified.\"\n}"}],"_postman_id":"d4387838-a2d9-4d99-8357-d0cf6d830838"},{"name":"Mark Safe","id":"7eb67b1c-e39c-4f16-9571-45bf1873ee35","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/sos/mark-safe","description":"

Resolves the active SOS alert and notifies all guardians via SMS that the user is safe. Emits a Socket.io user-safe event. Status changes to resolved.

\n","urlObject":{"path":["api","sos","mark-safe"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"7eb67b1c-e39c-4f16-9571-45bf1873ee35"},{"name":"Get Active SOS","id":"340edd24-16bd-4e77-941e-1535a476f6c7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"url":"http://localhost:5001/api/sos/active","description":"

Returns the current active SOS alert if one exists. Returns hasActiveAlert: false if there is no active alert. Use this on app startup to restore SOS UI state.

\n","urlObject":{"path":["api","sos","active"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"340edd24-16bd-4e77-941e-1535a476f6c7"},{"name":"Get SOS History","id":"d6c725c7-3c56-40a7-bb21-96272013d223","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"url":"http://localhost:5001/api/sos/history?status=resolved","description":"

Returns the last 20 SOS alerts for the authenticated user, sorted by newest first. Optional query param: status (active / resolved / cancelled).

\n","urlObject":{"path":["api","sos","history"],"host":["http://localhost:5001"],"query":[{"description":{"content":"

Optional filter. Allowed values: active, resolved, cancelled. Leave blank for all.

\n","type":"text/plain"},"key":"status","value":"resolved"}],"variable":[]}},"response":[],"_postman_id":"d6c725c7-3c56-40a7-bb21-96272013d223"}],"id":"712900b3-eea6-4452-8e50-aafca33d2094","description":"

Emergency SOS alert system.

All routes are protected and require Bearer token.

Flow: Trigger SOS → SMS sent to all guardians + Socket.io event emitted → Cancel SOS or Mark Safe to close the alert.

Only one SOS alert can be active at a time per user.

\n","_postman_id":"712900b3-eea6-4452-8e50-aafca33d2094","auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":true,"source":{"_postman_id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","name":"Nirbhaya API","type":"collection"}}},{"name":"Location","item":[{"name":"Start Location Share","id":"998c88da-f3bb-44d2-8023-ea09e11042f4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"latitude\": 23.0225,\n \"longitude\": 72.5714,\n \"journeyTitle\": \"Going to office\",\n \"destinationLat\": 23.0300,\n \"destinationLng\": 72.5800,\n \"estimatedArrival\": \"2025-06-01T10:30:00.000Z\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/location/start","description":"

Starts a live location sharing session and returns a unique 8-character shareCode. Share this code with guardians or anyone you want to track your location.

latitude and longitude are required. journeyTitle, destinationLat, destinationLng, and estimatedArrival are optional.

\n","urlObject":{"path":["api","location","start"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"998c88da-f3bb-44d2-8023-ea09e11042f4"},{"name":"Update Location","id":"8061c30d-bb97-40fd-a1a3-6e0cd779295d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"PUT","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"latitude\": 23.0250,\n \"longitude\": 72.5730\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/location/update","description":"

Pushes updated GPS coordinates during an active share session. Call this periodically (every 5–10 seconds) from the device. Emits a Socket.io location-updated event. Returns 404 if no active share session exists.

\n","urlObject":{"path":["api","location","update"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"8061c30d-bb97-40fd-a1a3-6e0cd779295d"},{"name":"Stop Location Share","id":"b8367e32-345e-4e62-8f6d-a15ba56049c3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/location/stop","description":"

Ends the active location sharing session and clears the shareCode. Emits a Socket.io location-stopped event to all connected recipients.

\n","urlObject":{"path":["api","location","stop"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"b8367e32-345e-4e62-8f6d-a15ba56049c3"},{"name":"Get My Location Status","id":"c3777e0c-cc3b-451d-9b2c-19feaaeb878e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"url":"http://localhost:5001/api/location/status","description":"

Returns the current location sharing status for the authenticated user. Returns isSharing: false if no active session. Returns the full location document including shareCode if sharing is active.

\n","urlObject":{"path":["api","location","status"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"c3777e0c-cc3b-451d-9b2c-19feaaeb878e"},{"name":"Get Shared Location (Public)","id":"7c884dbc-55ce-4db3-b337-fb07bed42c76","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"http://localhost:5001/api/location/shared?shareCode=ABCD1234","description":"

Public endpoint — no authentication required. Returns the current coordinates and user name for an active share session identified by the shareCode. Returns 404 if the code is invalid or the session has ended.

The 8-character code received from the person sharing their location

\n","type":"text/plain"},"key":"shareCode","value":"ABCD1234"}],"variable":[]}},"response":[],"_postman_id":"7c884dbc-55ce-4db3-b337-fb07bed42c76"}],"id":"e2d660ef-38cc-48c2-8f07-8dcc56607b39","description":"

Live location sharing system.

Most routes are protected and require Bearer token.

Flow: Start Share → receive a shareCode → share code with recipients → Update Location periodically → Stop Share.

Get Shared Location is public — anyone with the share code can track.

\n","_postman_id":"e2d660ef-38cc-48c2-8f07-8dcc56607b39","auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":true,"source":{"_postman_id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","name":"Nirbhaya API","type":"collection"}}},{"name":"Map","item":[{"name":"Get Nearby Safe Places","id":"bcf017e5-d05a-4fb8-8577-2c24586ad8b0","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"url":"http://localhost:5001/api/map/nearby?lat=23.0225&lng=72.5714&radius=5000&type=hospital&limit=10","description":"

Returns safe places near the given coordinates sorted by distance. Each result includes distanceMeters and distanceText (e.g., 1.2 km). Uses MongoDB $near geospatial query.

\n","urlObject":{"path":["api","map","nearby"],"host":["http://localhost:5001"],"query":[{"description":{"content":"

Required. Latitude of the user's current location.

\n","type":"text/plain"},"key":"lat","value":"23.0225"},{"description":{"content":"

Required. Longitude of the user's current location.

\n","type":"text/plain"},"key":"lng","value":"72.5714"},{"description":{"content":"

Optional. Search radius in meters. Default: 5000 (5 km).

\n","type":"text/plain"},"key":"radius","value":"5000"},{"description":{"content":"

Optional. Filter by type: hospital, police, shelter, pharmacy, fire_station, public_transport, women_helpline.

\n","type":"text/plain"},"key":"type","value":"hospital"},{"description":{"content":"

Optional. Maximum number of results. Default: 20.

\n","type":"text/plain"},"key":"limit","value":"10"}],"variable":[]}},"response":[],"_postman_id":"bcf017e5-d05a-4fb8-8577-2c24586ad8b0"},{"name":"Search Safe Places","id":"7414967b-df5b-421c-8811-8028c225c854","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"url":"http://localhost:5001/api/map/search?q=Apollo&city=ahmedabad","description":"

Text search for safe places by name. Returns up to 10 results matching the query string. Optionally filter by city.

\n","urlObject":{"path":["api","map","search"],"host":["http://localhost:5001"],"query":[{"description":{"content":"

Required. Search term matched against the place name (case-insensitive).

\n","type":"text/plain"},"key":"q","value":"Apollo"},{"description":{"content":"

Optional. Filter results to a specific city.

\n","type":"text/plain"},"key":"city","value":"ahmedabad"}],"variable":[]}},"response":[],"_postman_id":"7414967b-df5b-421c-8811-8028c225c854"},{"name":"Add Safe Place","id":"d2bbe91b-2ab2-4674-a6e5-58c877d7bf18","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"name\": \"Apollo Hospital\",\n \"type\": \"hospital\",\n \"latitude\": 23.0360,\n \"longitude\": 72.5668,\n \"address\": \"Plot 1A, Bhat GIDC, Ahmedabad\",\n \"city\": \"Ahmedabad\",\n \"state\": \"Gujarat\",\n \"phone\": \"07926733000\",\n \"openHours\": \"24/7\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/map","description":"

Submits a new safe place to the database. Required fields: name, type, latitude, longitude, address, city. Optional: state, phone, openHours.

Valid types: hospital, police, shelter, pharmacy, fire_station, public_transport, women_helpline.

Duplicates with the same name and city are rejected with 409.

\n","urlObject":{"path":["api","map"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"d2bbe91b-2ab2-4674-a6e5-58c877d7bf18"},{"name":"Report Safety of a Place","id":"bc5191eb-ad7d-4b3b-bec1-4cac55d2d92a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"rating\": 4,\n \"comment\": \"Well-lit area, security guard present.\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/map//report","description":"

Submits a safety rating for a safe place. rating must be an integer between 1 and 5. comment is optional. Updates the running average rating for the place.

\n","urlObject":{"path":["api","map","","report"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"bc5191eb-ad7d-4b3b-bec1-4cac55d2d92a"}],"id":"3d48bfff-62dc-4a29-a2d1-ba08ae16cd5e","description":"

Safe places discovery and reporting.

All routes are protected and require Bearer token.

Safe place types: hospital, police, shelter, pharmacy, fire_station, public_transport, women_helpline.

The database uses MongoDB geospatial index on the location field.

\n","_postman_id":"3d48bfff-62dc-4a29-a2d1-ba08ae16cd5e","auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":true,"source":{"_postman_id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","name":"Nirbhaya API","type":"collection"}}},{"name":"Subscription","item":[{"name":"Create Razorpay Order","id":"49072dc1-6bfc-48d3-bd10-984f3fc997db","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"plan\": \"premium\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/subscription/create-order","description":"

Creates a Razorpay order for the specified plan. Returns the order object along with the Razorpay key_id for use in the frontend payment modal.

plan must be either premium (INR 199, 30 days) or annual (INR 1499, 365 days).

Returns 409 if the user already has an active subscription. Returns 503 if Razorpay is not configured.

\n","urlObject":{"path":["api","subscription","create-order"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"49072dc1-6bfc-48d3-bd10-984f3fc997db"},{"name":"Verify Payment","id":"8385681d-72c3-4152-8471-bcb7e13f525f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"razorpay_order_id\": \"order_XXXXXXXXXXXXXXXX\",\n \"razorpay_payment_id\": \"pay_XXXXXXXXXXXXXXXX\",\n \"razorpay_signature\": \"signature_hash_from_razorpay\",\n \"plan\": \"premium\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/subscription/verify-payment","description":"

Verifies the HMAC-SHA256 signature of the completed Razorpay payment. On success, activates the subscription, updates the user's plan to premium, and returns an invoice number.

All four fields are required. The three razorpay_ fields come directly from the Razorpay payment success handler on the frontend.

\n","urlObject":{"path":["api","subscription","verify-payment"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"8385681d-72c3-4152-8471-bcb7e13f525f"},{"name":"Get Subscription Status","id":"2c7f887e-b724-4660-9bcd-b2ec72e0ffda","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"url":"http://localhost:5001/api/subscription/status","description":"

Returns the current subscription plan, expiry date, and days remaining for the authenticated user. isActive is true only if daysRemaining is greater than 0.

\n","urlObject":{"path":["api","subscription","status"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"2c7f887e-b724-4660-9bcd-b2ec72e0ffda"},{"name":"Cancel Subscription","id":"b62b58e8-422e-44c8-b05f-2136589c0edc","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"reason\": \"No longer needed\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/subscription/cancel","description":"

Cancels an active subscription. Premium access continues until the original expiry date — it is not revoked immediately. The user's plan is reverted to free after the expiry. reason is optional.

\n","urlObject":{"path":["api","subscription","cancel"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"b62b58e8-422e-44c8-b05f-2136589c0edc"},{"name":"Get Invoice","id":"7872affa-3cf5-4fd8-a740-388ba581b7d7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"url":"http://localhost:5001/api/subscription/invoice","description":"

Returns the invoice details for the most recent subscription payment including invoice number, plan, amount, currency, payment dates, and Razorpay payment ID.

\n","urlObject":{"path":["api","subscription","invoice"],"host":["http://localhost:5001"],"query":[],"variable":[]}},"response":[],"_postman_id":"7872affa-3cf5-4fd8-a740-388ba581b7d7"},{"name":"Razorpay Webhook (Public)","id":"4a997e34-b213-4566-8ab7-984cd54b8625","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"x-razorpay-signature","value":"webhook_signature_from_razorpay","description":"

Set by Razorpay automatically. For manual testing, generate the HMAC-SHA256 of the raw body using RAZORPAY_WEBHOOK_SECRET.

\n"}],"body":{"mode":"raw","raw":"{\n \"event\": \"payment.captured\",\n \"payload\": {\n \"payment\": {\n \"entity\": {\n \"id\": \"pay_XXXXXXXXXXXXXXXX\",\n \"order_id\": \"order_XXXXXXXXXXXXXXXX\",\n \"amount\": 19900,\n \"currency\": \"INR\",\n \"status\": \"captured\"\n }\n }\n }\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:5001/api/subscription/webhook","description":"

Public endpoint called by Razorpay's webhook system. Not for frontend use. Validates the x-razorpay-signature header using RAZORPAY_WEBHOOK_SECRET. Do not test this manually in production — use the Razorpay dashboard webhook simulator.

Razorpay-based subscription and payment management.

Plans available:

premium: INR 199/month (30 days)
annual: INR 1499/year (365 days)

Flow: Create Order → Open Razorpay modal on frontend using the returned order object → On payment success, call Verify Payment with the three Razorpay response fields.

The webhook endpoint is public (no auth) and is called directly by Razorpay.

\n","_postman_id":"8cb6ec50-6b42-4c6a-af33-6f31020cb9f1","auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":true,"source":{"_postman_id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","id":"a0c5383b-938d-4ec2-a7d4-d68eff6caa59","name":"Nirbhaya API","type":"collection"}}}],"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]}},"event":[{"listen":"prerequest","script":{"id":"99fe1152-e0f2-4196-80d4-8761e36c431c","type":"text/javascript","packages":{},"requests":{},"exec":[""]}},{"listen":"test","script":{"id":"c4228e7b-67c2-45e2-8054-9694c304f22a","type":"text/javascript","packages":{},"requests":{},"exec":[""]}}],"variable":[{"key":"baseUrl","value":"http://localhost:5001"},{"key":"accessToken","value":"","description":"Paste the accessToken received from Register or Login response here"},{"key":"refreshToken","value":""},{"key":"guardianId","value":"","description":"MongoDB _id of a guardian. Set after calling Add Guardian."},{"key":"placeId","value":"","description":"MongoDB _id of a safe place. Set after calling Add Safe Place."}]}