{"info":{"_postman_id":"364b6eba-18b8-4cf0-9fd3-32200aa1986c","name":"Finance Backend API","description":"

Finance Data Processing & Access Control API

This is the backend API for a finance management system where a team of users with different roles interact with shared financial data.

The system is built around the idea that not everyone in an organization should have the same level of access. An Admin manages the system — creating users, adding financial records, and overseeing everything. An Analyst can explore and analyze the financial data but cannot modify it. A Viewer gets a high-level summary of the finances without access to the raw records.

Key Highlights

JWT based stateless authentication with role enforcement at middleware level
\n
Soft delete preserves financial history and audit integrity
\n
Dashboard analytics computed via SQL aggregations — not in memory
\n
Every critical action is logged with old and new values for full traceability
\n
Consistent error handling and input validation across all endpoints
\n
Clean layered architecture — Routes, Controllers, Services, Repositories
\n

\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[{"content":"Finance Data Processing & Access Control API","slug":"finance-data-processing-access-control-api"}],"owner":"52380998","collectionId":"364b6eba-18b8-4cf0-9fd3-32200aa1986c","publishedId":"2sBXiqFUh5","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"publishDate":"2026-04-06T12:31:34.000Z"},"item":[{"name":"Auth","item":[{"name":"Login","id":"c7f70f0b-e7d5-43d4-8d70-26ae0db2b8be","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"email\" : \"admin@example.com\",\r\n \"password\" : \"Admin@123\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/v1/auth/login","description":"\n

Authenticates a user with their email and password. Returns a signed JWT token and user profile on success.

Access

Public — no authentication required

Responses

200 Login successful — returns token and user profile
\n
400 Validation failed — email or password missing or invalid format
\n
401 Invalid email or password
\n
403 Your account is inactive. Please contact admin
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","auth","login"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"10308b3f-defe-425f-a239-b4ddb4389eb9","name":"Response","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"email\" : \"admin@example.com\",\r\n \"password\" : \"Admin@123\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/v1/auth/login"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"360"},{"key":"ETag","value":"W/\"168-yr/ozhetkhd8sDf640aOsnud/Xc\""},{"key":"Date","value":"Mon, 06 Apr 2026 10:48:57 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 200,\n \"message\": \"Login successful\",\n \"data\": {\n \"token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwicm9sZSI6IkFETUlOIiwic3RhdHVzIjoiQUNUSVZFIiwiaWF0IjoxNzc1NDcyNTM3LCJleHAiOjE3NzU1NTg5Mzd9.tw4ARtX9OqQuSx59KqJ2OlTuLlgrLCNqq4Ffq778lh0\",\n \"user\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\",\n \"status\": \"ACTIVE\"\n }\n }\n}"}],"_postman_id":"c7f70f0b-e7d5-43d4-8d70-26ae0db2b8be"},{"name":"currentUser","id":"1aac45d3-8fea-4be2-be6e-067cd7502f98","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/auth/me","description":"

Get Current User

Returns the profile of the currently authenticated user based on the provided JWT token.

Access

All roles — ADMIN, ANALYST, VIEWER

How to use

Set the Authorization header with your JWT token:
Authorization: Bearer

Notes

Does not hit the database with credentials — identity is derived from the token
\n
Useful for frontend apps to fetch the logged-in user's profile on load
\n

Responses

200 Current user fetched successfully — returns user profile
\n
401 Access token is missing or invalid
\n
401 Invalid or expired token
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","auth","me"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"ec49d60e-20c5-4cc5-90c6-44a2108b716d","name":"currentUser","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/auth/me"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"176"},{"key":"ETag","value":"W/\"b0-NMI09VbvcVDEwNKXAlD9xUSBq1E\""},{"key":"Date","value":"Mon, 06 Apr 2026 11:01:26 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 200,\n \"message\": \"Current user fetched successfully\",\n \"data\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\",\n \"status\": \"ACTIVE\"\n }\n}"}],"_postman_id":"1aac45d3-8fea-4be2-be6e-067cd7502f98"}],"id":"100ad7c2-4d49-44f9-b21b-644082bb057c","description":"

Authentication & Session Management

This module handles user authentication using JWT (JSON Web Tokens).

How it works

Call POST /auth/login with valid credentials
\n
Receive a signed JWT token in the response
\n
Include the token in every subsequent request:
Authorization: Bearer
\n
Token expires based on server configuration (default: 1 day)
\n

Security

Passwords are hashed using bcrypt before storage — plain text is never saved
\n
Tokens are stateless — no session is stored on the server
\n
Inactive accounts are blocked at login even with correct credentials
\n
Expired or tampered tokens are rejected with a clear error message
\n

Endpoints

POST /auth/login — Public — Login and receive JWT token
\n
GET /auth/me — All roles — Get currently authenticated user
\n

\n","_postman_id":"100ad7c2-4d49-44f9-b21b-644082bb057c"},{"name":"Users","item":[{"name":"createUser","id":"ca7a9630-3448-49aa-a8d6-ae50cfa7d266","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"name\": \"Harsh Goel\",\r\n \"email\": \"harsh@zorvyn.com\",\r\n \"password\": \"hello@123\",\r\n \"role\": \"ANALYST\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/v1/users/","description":"

Create User

Creates a new user in the system with the specified role. Only admins can create users.

Access

ADMIN only — returns 403 for Analyst and Viewer

Notes

Default role is VIEWER if role is not provided
\n
Password is hashed with bcrypt before storage — never stored as plain text
\n
Email must be unique — duplicate emails are rejected with 409
\n
Newly created users are ACTIVE by default
\n
Creation is logged in the audit trail with the admin's ID
\n

Responses

201 User created successfully — returns created user profile
\n
400 Validation failed — missing or invalid fields
\n
401 Access token is missing or invalid
\n
403 You do not have permission to perform this action
\n
409 User with this email already exists
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","users",""],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"a887ed98-16b3-4c04-93f3-998e1d1cde19","name":"createUser","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"name\": \"Harsh Goel\",\r\n \"email\": \"harsh@zorvyn.com\",\r\n \"password\": \"hello@123\",\r\n \"role\": \"ANALYST\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/v1/users/"},"status":"Created","code":201,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"321"},{"key":"ETag","value":"W/\"141-VFBltD+IzUtQTqUmiWvnT8+hkBA\""},{"key":"Date","value":"Mon, 06 Apr 2026 11:08:35 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 201,\n \"message\": \"User created successfully\",\n \"data\": {\n \"status\": \"ACTIVE\",\n \"id\": 8,\n \"name\": \"Harsh Goel\",\n \"email\": \"harsh@zorvyn.com\",\n \"password\": \"$2b$10$/pMJ6sKvC4f9zvxMRA1A0OWYIEUiOfgJ8/k20ebpHrDXtXpnVyUfK\",\n \"role\": \"ANALYST\",\n \"updatedAt\": \"2026-04-06T11:08:35.944Z\",\n \"createdAt\": \"2026-04-06T11:08:35.944Z\"\n }\n}"}],"_postman_id":"ca7a9630-3448-49aa-a8d6-ae50cfa7d266"},{"name":"getUser","id":"7c47163b-48da-4420-9b5f-edd5db015c56","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"description":"

Get All Users

Returns a list of all users registered in the system.

Access

ADMIN only — returns 403 for Analyst and Viewer

Notes

Passwords are never returned in the response
\n
Returns all users regardless of their status (ACTIVE or INACTIVE)
\n
Useful for admin dashboard to manage and monitor all system users
\n

Responses

200 Users fetched successfully — returns array of user profiles
\n
401 Access token is missing or invalid
\n
403 You do not have permission to perform this action
\n

\n","urlObject":{"query":[],"variable":[]},"url":""},"response":[{"id":"cc329858-a7a5-4951-9767-9954499eea45","name":"getUser","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/users/"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"1450"},{"key":"ETag","value":"W/\"5aa-jalt5LtuwnUIEuZ4tIShJMO7F6w\""},{"key":"Date","value":"Mon, 06 Apr 2026 11:10:09 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 200,\n \"message\": \"Users fetched successfully\",\n \"data\": [\n {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\",\n \"status\": \"ACTIVE\",\n \"createdAt\": \"2026-04-05T06:19:54.000Z\",\n \"updatedAt\": \"2026-04-05T06:19:54.000Z\"\n },\n {\n \"id\": 2,\n \"name\": \"Riya Sharma\",\n \"email\": \"analyst@example.com\",\n \"role\": \"ANALYST\",\n \"status\": \"ACTIVE\",\n \"createdAt\": \"2026-04-05T06:19:54.000Z\",\n \"updatedAt\": \"2026-04-06T04:02:39.000Z\"\n },\n {\n \"id\": 3,\n \"name\": \"Amit Verma\",\n \"email\": \"viewer@example.com\",\n \"role\": \"VIEWER\",\n \"status\": \"ACTIVE\",\n \"createdAt\": \"2026-04-05T06:19:54.000Z\",\n \"updatedAt\": \"2026-04-05T06:19:54.000Z\"\n },\n {\n \"id\": 4,\n \"name\": \"Zorvyn employee\",\n \"email\": \"zorvyn@gmail.in\",\n \"role\": \"ANALYST\",\n \"status\": \"ACTIVE\",\n \"createdAt\": \"2026-04-05T12:53:53.000Z\",\n \"updatedAt\": \"2026-04-05T12:57:31.000Z\"\n },\n {\n \"id\": 5,\n \"name\": \"iya Sharma\",\n \"email\": \"anayst@example.com\",\n \"role\": \"ANALYST\",\n \"status\": \"ACTIVE\",\n \"createdAt\": \"2026-04-05T18:17:36.000Z\",\n \"updatedAt\": \"2026-04-05T18:17:36.000Z\"\n },\n {\n \"id\": 6,\n \"name\": \"Virat Sharma\",\n \"email\": \"analyst@zorvyn.com\",\n \"role\": \"ANALYST\",\n \"status\": \"ACTIVE\",\n \"createdAt\": \"2026-04-05T19:23:34.000Z\",\n \"updatedAt\": \"2026-04-05T19:23:34.000Z\"\n },\n {\n \"id\": 7,\n \"name\": \"Virat Sharma\",\n \"email\": \"anayst@zorvyn.com\",\n \"role\": \"ANALYST\",\n \"status\": \"ACTIVE\",\n \"createdAt\": \"2026-04-05T19:42:36.000Z\",\n \"updatedAt\": \"2026-04-05T19:42:36.000Z\"\n },\n {\n \"id\": 8,\n \"name\": \"Harsh Goel\",\n \"email\": \"harsh@zorvyn.com\",\n \"role\": \"ANALYST\",\n \"status\": \"ACTIVE\",\n \"createdAt\": \"2026-04-06T11:08:35.000Z\",\n \"updatedAt\": \"2026-04-06T11:08:35.000Z\"\n }\n ]\n}"}],"_postman_id":"7c47163b-48da-4420-9b5f-edd5db015c56"},{"name":"getUserbyID","id":"7d922b80-5b9d-4fa3-a5a4-dc5b27a33fc4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/users/1","description":"

Get User by ID

Returns a single user profile by their unique ID.

Access

ADMIN only — returns 403 for Analyst and Viewer

Path Parameter

id — integer — the unique ID of the user to fetch

Notes

Passwords are never returned in the response
\n
Returns 404 if no user exists with the provided ID
\n
Useful for viewing detailed profile of a specific user before making role or status changes
\n

Responses

200 User fetched successfully — returns user profile
\n
401 Access token is missing or invalid
\n
403 You do not have permission to perform this action
\n
404 User not found
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","users","1"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"41d2977c-cd17-4150-a6f3-befa5f9955a8","name":"getUserbyID","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/users/1"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"246"},{"key":"ETag","value":"W/\"f6-owzxSkL3p4wWPY9A9hlUHTTgOF8\""},{"key":"Date","value":"Mon, 06 Apr 2026 11:11:28 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 200,\n \"message\": \"User fetched successfully\",\n \"data\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\",\n \"status\": \"ACTIVE\",\n \"createdAt\": \"2026-04-05T06:19:54.000Z\",\n \"updatedAt\": \"2026-04-05T06:19:54.000Z\"\n }\n}"}],"_postman_id":"7d922b80-5b9d-4fa3-a5a4-dc5b27a33fc4"},{"name":"updateUserRole","id":"3f1fd285-72a7-44bb-b129-3793dd41fba1","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\r\n \"role\" : \"ADMIN\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/v1/users/2/role","description":"

Update User Role

Updates the role of a specific user. Role change takes effect immediately on their next request.

Access

ADMIN only — returns 403 for Analyst and Viewer

Path Parameter

id — integer — the unique ID of the user to update

Notes

Valid roles are ADMIN, ANALYST, VIEWER
\n
Role change is recorded in the audit log with old and new values
\n
Changing a user's role immediately affects what endpoints they can access
\n

Responses

200 User role updated successfully
\n
400 Validation failed — invalid or missing role
\n
401 Access token is missing or invalid
\n
403 You do not have permission to perform this action
\n
404 User not found
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","users","2","role"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"d616991f-95b2-4fc1-a993-1ac9c31e6378","name":"updateUserRole","originalRequest":{"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\r\n \"role\" : \"ADMIN\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/v1/users/2/role"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"328"},{"key":"ETag","value":"W/\"148-nJAaXJq0j4zFqZYPRx3+rmjRa7M\""},{"key":"Date","value":"Mon, 06 Apr 2026 11:14:26 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 200,\n \"message\": \"User role updated successfully\",\n \"data\": {\n \"id\": 2,\n \"name\": \"Riya Sharma\",\n \"email\": \"analyst@example.com\",\n \"password\": \"$2b$10$06/yc9alw40YXcDmYUUMkehWQjeM/F.5hkVYUA/oghS6PwIDa74pi\",\n \"role\": \"ADMIN\",\n \"status\": \"ACTIVE\",\n \"createdAt\": \"2026-04-05T06:19:54.000Z\",\n \"updatedAt\": \"2026-04-06T11:14:26.307Z\"\n }\n}"}],"_postman_id":"3f1fd285-72a7-44bb-b129-3793dd41fba1"},{"name":"updateUserStatus","id":"0aa84181-ce11-4f9d-9982-3d90aaecc735","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\r\n \"status\" : \"INACTIVE\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/v1/users/2/status","description":"

Update User Status

Activates or deactivates a user account. Deactivated users cannot login even with correct credentials.

Access

ADMIN only — returns 403 for Analyst and Viewer

Path Parameter

id — integer — the unique ID of the user to update

Notes

Valid statuses are ACTIVE and INACTIVE
\n
Status change is recorded in the audit log with old and new values
\n
Deactivating a user does not invalidate their existing JWT token — token will still pass authentication but active user check will block them
\n

Responses

200 User status updated successfully
\n
400 Validation failed — invalid or missing status
\n
401 Access token is missing or invalid
\n
403 You do not have permission to perform this action
\n
404 User not found
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","users","2","status"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"e502fd95-6eaf-433c-8218-ab926f236423","name":"updateUserStatus","originalRequest":{"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\r\n \"status\" : \"INACTIVE\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/v1/users/2/status"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"332"},{"key":"ETag","value":"W/\"14c-T7U++NbIkLvyVEw1uU+t5zamJA0\""},{"key":"Date","value":"Mon, 06 Apr 2026 11:15:28 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 200,\n \"message\": \"User status updated successfully\",\n \"data\": {\n \"id\": 2,\n \"name\": \"Riya Sharma\",\n \"email\": \"analyst@example.com\",\n \"password\": \"$2b$10$06/yc9alw40YXcDmYUUMkehWQjeM/F.5hkVYUA/oghS6PwIDa74pi\",\n \"role\": \"ADMIN\",\n \"status\": \"INACTIVE\",\n \"createdAt\": \"2026-04-05T06:19:54.000Z\",\n \"updatedAt\": \"2026-04-06T11:15:28.440Z\"\n }\n}"}],"_postman_id":"0aa84181-ce11-4f9d-9982-3d90aaecc735"}],"id":"fc43566c-97c2-4d7c-b6f3-4fdfbd283d07","description":"

User Management

This module handles all user-related operations including creation, retrieval, and role/status management.

Access

All endpoints in this module are restricted to ADMIN only.

User Roles

ADMIN — full access to users, records, and dashboard
\n
ANALYST — read access to records and full dashboard analytics
\n
VIEWER — access to summary and recent activity only
\n

User Status

ACTIVE — user can login and access the system
\n
INACTIVE — user is blocked from logging in even with correct credentials
\n

Security

Passwords are hashed with bcrypt — never stored or returned as plain text
\n
Every user mutation (create, role update, status update) is recorded in the audit log with the acting admin's ID
\n
Role and status changes take effect immediately on the next request
\n

Endpoints

POST /users — ADMIN — Create a new user
\n
GET /users — ADMIN — Get all users
\n
GET /users/:id — ADMIN — Get user by ID
\n
PATCH /users/:id/role — ADMIN — Update user role
\n
PATCH /users/:id/status — ADMIN — Update user status
\n

\n","_postman_id":"fc43566c-97c2-4d7c-b6f3-4fdfbd283d07"},{"name":"Financial Records","item":[{"name":"newRecord","id":"0e2ae13a-9abe-4fe0-a524-fda997ee39b1","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"amount\": 5000.00,\r\n \"type\": \"EXPENSE\",\r\n \"category\": \"Marketing\",\r\n \"date\": \"2026-04-06\",\r\n \"notes\": \"Ad campaign\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/v1/records/","description":"

Create Financial Record

Creates a new financial record linked to the authenticated admin user.

Access

ADMIN only — returns 403 for Analyst and Viewer

Notes

Amount must be at least 0.01 and supports up to 2 decimal places
\n
Amount is stored as DECIMAL(10,2) in the database for financial precision
\n
Date must be a valid ISO8601 date format (YYYY-MM-DD)
\n
Category must be between 2 and 50 characters
\n
Notes are optional and capped at 500 characters
\n
Record is automatically linked to the authenticated user via createdBy
\n
Creation is recorded in the audit log
\n

Responses

201 Financial record created successfully — returns created record
\n
400 Validation failed — missing or invalid fields
\n
401 Access token is missing or invalid
\n
403 You do not have permission to perform this action
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","records",""],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"8ebf6e29-5876-4341-988d-4f9d93c4d030","name":"newRecord","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"amount\": 5000.00,\r\n \"type\": \"EXPENSE\",\r\n \"category\": \"Marketing\",\r\n \"date\": \"2026-04-06\",\r\n \"notes\": \"Ad campaign\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/v1/records/"},"status":"Created","code":201,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"306"},{"key":"ETag","value":"W/\"132-XFKn4mCEpKrw7IKM1YA8GdrSVZw\""},{"key":"Date","value":"Mon, 06 Apr 2026 11:39:51 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 201,\n \"message\": \"Financial record created successfully\",\n \"data\": {\n \"isDeleted\": false,\n \"id\": 56,\n \"amount\": 5000,\n \"type\": \"EXPENSE\",\n \"category\": \"Marketing\",\n \"date\": \"2026-04-06\",\n \"notes\": \"Ad campaign\",\n \"createdBy\": 1,\n \"updatedAt\": \"2026-04-06T11:39:51.329Z\",\n \"createdAt\": \"2026-04-06T11:39:51.329Z\"\n }\n}"}],"_postman_id":"0e2ae13a-9abe-4fe0-a524-fda997ee39b1"},{"name":"getRecordbyFilter","id":"38f4f9e5-bb75-4e01-84a0-789093ee55f8","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/records/?type=INCOME&page=1&limit=5&sortBy=date&sortOrder=DESC","description":"

Get All Financial Records

Returns a paginated list of financial records. Supports advanced filtering, searching, and sorting.

Access

ANALYST and ADMIN only — returns 403 for Viewer

Query Parameters

type — filter by INCOME or EXPENSE
\n
category — filter by exact category name
\n
startDate — filter records from this date (YYYY-MM-DD, inclusive)
\n
endDate — filter records up to this date (YYYY-MM-DD, inclusive)
\n
search — partial match search across notes and category fields
\n
page — page number, default 1
\n
limit — records per page, default 10, max 100
\n
sortBy — field to sort by: date, amount, category, createdAt (default: date)
\n
sortOrder — ASC or DESC (default: DESC)
\n

Notes

Soft deleted records are never returned
\n
Returns creator details with each record
\n
Pagination metadata is included in every response (total, page, limit, totalPages)
\n

Responses

200 Financial records fetched successfully — returns paginated records
\n
401 Access token is missing or invalid
\n
403 You do not have permission to perform this action
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","records",""],"host":["localhost"],"query":[{"key":"type","value":"INCOME"},{"key":"page","value":"1"},{"key":"limit","value":"5"},{"key":"sortBy","value":"date"},{"key":"sortOrder","value":"DESC"}],"variable":[]}},"response":[{"id":"aebff38d-5e21-41ac-896a-2092dd268a98","name":"getRecordbyFilter","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":{"raw":"http://localhost:4000/api/v1/records/?type=INCOME&page=1&limit=5&sortBy=date&sortOrder=DESC","protocol":"http","host":["localhost"],"port":"4000","path":["api","v1","records",""],"query":[{"key":"type","value":"INCOME"},{"key":"page","value":"1"},{"key":"limit","value":"5"},{"key":"sortBy","value":"date"},{"key":"sortOrder","value":"DESC"}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"1717"},{"key":"ETag","value":"W/\"6b5-1sC/77vWzJWrOq/zWgM6kOvvEJ4\""},{"key":"Date","value":"Mon, 06 Apr 2026 11:46:02 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 200,\n \"message\": \"Financial records fetched successfully\",\n \"data\": [\n {\n \"id\": 49,\n \"amount\": \"32000.00\",\n \"type\": \"INCOME\",\n \"category\": \"Freelance\",\n \"date\": \"2026-03-22\",\n \"notes\": \"Freelance project - March\",\n \"createdBy\": 1,\n \"isDeleted\": false,\n \"createdAt\": \"2026-04-05T06:19:54.000Z\",\n \"updatedAt\": \"2026-04-05T06:19:54.000Z\",\n \"records\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\"\n }\n },\n {\n \"id\": 46,\n \"amount\": \"85000.00\",\n \"type\": \"INCOME\",\n \"category\": \"Salary\",\n \"date\": \"2026-03-15\",\n \"notes\": \"Monthly salary - March\",\n \"createdBy\": 1,\n \"isDeleted\": false,\n \"createdAt\": \"2026-04-05T06:19:54.000Z\",\n \"updatedAt\": \"2026-04-05T06:19:54.000Z\",\n \"records\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\"\n }\n },\n {\n \"id\": 52,\n \"amount\": \"32000.00\",\n \"type\": \"INCOME\",\n \"category\": \"Freelance\",\n \"date\": \"2026-03-03\",\n \"notes\": \"Freelance project - March\",\n \"createdBy\": 1,\n \"isDeleted\": false,\n \"createdAt\": \"2026-04-05T13:01:27.000Z\",\n \"updatedAt\": \"2026-04-05T13:01:27.000Z\",\n \"records\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\"\n }\n },\n {\n \"id\": 44,\n \"amount\": \"15000.00\",\n \"type\": \"INCOME\",\n \"category\": \"Consulting\",\n \"date\": \"2026-02-20\",\n \"notes\": \"Consulting fees - Q1\",\n \"createdBy\": 1,\n \"isDeleted\": false,\n \"createdAt\": \"2026-04-05T06:19:54.000Z\",\n \"updatedAt\": \"2026-04-05T06:19:54.000Z\",\n \"records\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\"\n }\n },\n {\n \"id\": 36,\n \"amount\": \"85000.00\",\n \"type\": \"INCOME\",\n \"category\": \"Salary\",\n \"date\": \"2026-01-15\",\n \"notes\": \"Monthly salary - January\",\n \"createdBy\": 1,\n \"isDeleted\": false,\n \"createdAt\": \"2026-04-05T06:19:54.000Z\",\n \"updatedAt\": \"2026-04-05T06:19:54.000Z\",\n \"records\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\"\n }\n }\n ],\n \"meta\": {\n \"total\": 5,\n \"page\": 1,\n \"limit\": 5,\n \"totalPages\": 1\n }\n}"}],"_postman_id":"38f4f9e5-bb75-4e01-84a0-789093ee55f8"},{"name":"getUserbyId","id":"7918bd99-91af-4784-9694-0d91784811a6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/records/49","description":"

Get Financial Record by ID

Returns a single financial record by its unique ID including full creator details.

Access

ANALYST and ADMIN only — returns 403 for Viewer

Path Parameter

id — integer — the unique ID of the financial record to fetch

Notes

Soft deleted records return 404 — they are treated as non-existent
\n
Creator details (id, name, email, role) are included in the response
\n
Useful for viewing full details of a specific transaction
\n

Responses

200 Financial record fetched successfully — returns record with creator
\n
401 Access token is missing or invalid
\n
403 You do not have permission to perform this action
\n
404 Financial record not found
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","records","49"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"8e9b2707-2646-4643-beb0-2aceea11e706","name":"getUserbyId","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/records/49"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"407"},{"key":"ETag","value":"W/\"197-qLOFMWBMQ+VO6RdM41NySJSJUXY\""},{"key":"Date","value":"Mon, 06 Apr 2026 11:47:22 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 200,\n \"message\": \"Financial record fetched successfully\",\n \"data\": {\n \"id\": 49,\n \"amount\": \"32000.00\",\n \"type\": \"INCOME\",\n \"category\": \"Freelance\",\n \"date\": \"2026-03-22\",\n \"notes\": \"Freelance project - March\",\n \"createdBy\": 1,\n \"isDeleted\": false,\n \"createdAt\": \"2026-04-05T06:19:54.000Z\",\n \"updatedAt\": \"2026-04-05T06:19:54.000Z\",\n \"records\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\"\n }\n }\n}"}],"_postman_id":"7918bd99-91af-4784-9694-0d91784811a6"},{"name":"updateRecord","id":"228be5ba-d5d1-44a5-8cf7-183f8e122c36","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\r\n \"amount\" : \"90000\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/v1/records/49","description":"

Update Financial Record

Updates one or more fields of an existing financial record.

Access

ADMIN only — returns 403 for Analyst and Viewer

Path Parameter

id — integer — the unique ID of the financial record to update

Notes

At least one field must be provided
\n
Submitted values must differ from existing record — identical values return 400
\n
Amount must be at least 0.01 with max 2 decimal places
\n
Date must be in YYYY-MM-DD format
\n
Update is recorded in the audit log with oldValues and newValues
\n
Soft deleted records cannot be updated — returns 404
\n

Responses

200 Financial record updated successfully
\n
400 Validation failed or no changes detected
\n
401 Access token is missing or invalid
\n
403 You do not have permission to perform this action
\n
404 Financial record not found
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","records","49"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"87ae9317-8a7c-4aa1-b27e-5ec4a566404c","name":"updateRecord","originalRequest":{"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\r\n \"amount\" : \"90000\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/v1/records/49"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"402"},{"key":"ETag","value":"W/\"192-qljdeHZnHTPOhI6P0Mb9SiGYNwI\""},{"key":"Date","value":"Mon, 06 Apr 2026 11:49:05 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 200,\n \"message\": \"Financial record updated successfully\",\n \"data\": {\n \"id\": 49,\n \"amount\": 90000,\n \"type\": \"INCOME\",\n \"category\": \"Freelance\",\n \"date\": \"2026-03-22\",\n \"notes\": \"Freelance project - March\",\n \"createdBy\": 1,\n \"isDeleted\": false,\n \"createdAt\": \"2026-04-05T06:19:54.000Z\",\n \"updatedAt\": \"2026-04-06T11:49:05.598Z\",\n \"records\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\"\n }\n }\n}"}],"_postman_id":"228be5ba-d5d1-44a5-8cf7-183f8e122c36"},{"name":"softDeleteRecord","id":"26cf1aef-3c15-41b7-bb1a-1e7dfe52b98c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"DELETE","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/records/49","description":"

Delete Financial Record

Soft deletes a financial record by setting isDeleted to true. Record is preserved in the database for audit and historical purposes.

Access

ADMIN only — returns 403 for Analyst and Viewer

Path Parameter

id — integer — the unique ID of the financial record to delete

Notes

Record is NOT permanently removed from the database
\n
Soft deleted records are excluded from all GET queries automatically
\n
Deletion is recorded in the audit log with the full record snapshot as oldValues
\n
This approach preserves data integrity and audit trail
\n

Responses

200 Financial record deleted successfully
\n
401 Access token is missing or invalid
\n
403 You do not have permission to perform this action
\n
404 Financial record not found
\n

Financial Records

This module handles all financial record operations including creation, retrieval, updating, and soft deletion.

Access

Create, Update, Delete — ADMIN only
\n
Read — ANALYST and ADMIN only
\n
VIEWER has no access to any record endpoints
\n

Record Types

INCOME — money coming in (salary, freelance, consulting)
\n
EXPENSE — money going out (rent, utilities, marketing)
\n

Soft Delete

Records are never hard deleted from the database. Instead an isDeleted flag is set to true. This preserves historical data integrity and keeps the audit trail meaningful.

Filtering & Pagination

GET /records supports:

Filter by type, category, startDate, endDate
\n
Full-text search across notes and category
\n
pagination with page and limit
\n
sorting by date, amount, category, or createdAt
\n

Audit Logging

Every create, update, and delete operation is recorded in the audit log with:

Who performed the action
\n
What changed (oldValues and newValues)
\n
When it happened
\n

Endpoints

POST /records — ADMIN — Create a financial record
\n
GET /records — ANALYST, ADMIN — Get all records with filters
\n
GET /records/:id — ANALYST, ADMIN — Get record by ID
\n
PATCH /records/:id — ADMIN — Update a record
\n
DELETE /records/:id — ADMIN — Soft delete a record
\n

\n","_postman_id":"48b1cea8-bcdf-4ee3-a236-c1e7dffc2d97"},{"name":"Dashboard","item":[{"name":"summary","id":"4e727a94-e8ab-49ee-9970-e5b317ca9859","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/dashboard/summary","description":"

Dashboard Summary

Returns the overall financial summary including total income, total expenses, and net balance. Supports optional date range filtering for period-specific insights.

Access

All roles — ADMIN, ANALYST, VIEWER

Query Parameters

startDate — filter from this date (YYYY-MM-DD, inclusive)
\n
endDate — filter up to this date (YYYY-MM-DD, inclusive)
\n

Notes

Both startDate and endDate are optional — omitting them returns all-time totals
\n
Net balance is calculated as totalIncome - totalExpenses
\n
Computed directly from the database using SQL SUM aggregation — efficient for large datasets
\n
Soft deleted records are excluded from all calculations
\n

Responses

200 Dashboard summary fetched successfully — returns totalIncome, totalExpenses, netBalance
\n
401 Access token is missing or invalid
\n
403 Your account is inactive. Please contact admin
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","dashboard","summary"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"b77d7fdf-7e94-465b-86bb-5ea09bdbe8d7","name":"summary","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/dashboard/summary"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"160"},{"key":"ETag","value":"W/\"a0-jT7ApGbctLLhpOeeLo3NTF+ZuzA\""},{"key":"Date","value":"Mon, 06 Apr 2026 12:03:20 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 200,\n \"message\": \"Dashboard summary fetched successfully\",\n \"data\": {\n \"totalIncome\": 217000,\n \"totalExpenses\": 49500.5,\n \"netBalance\": 167499.5\n }\n}"}],"_postman_id":"4e727a94-e8ab-49ee-9970-e5b317ca9859"},{"name":"categoryBreakdown","id":"66e1d118-a22d-43d9-b656-2ffd77d3fb99","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/dashboard/category-breakdown","description":"

Category Breakdown

Returns aggregated totals grouped by record type and category, ordered by highest total first.

Access

ANALYST and ADMIN only — returns 403 for Viewer

Notes

Results are ordered by total amount descending — highest spending/earning categories appear first
\n
Useful for visualizing where money is going and coming from
\n
Computed using SQL GROUP BY and SUM — efficient and scalable
\n
Soft deleted records are excluded
\n

Responses

200 Category breakdown fetched successfully — returns array of type, category, total
\n
401 Access token is missing or invalid
\n
403 You do not have permission to perform this action
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","dashboard","category-breakdown"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"a800cc70-76b0-4272-973b-4e04440cc718","name":"categoryBreakdown","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/dashboard/category-breakdown"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"528"},{"key":"ETag","value":"W/\"210-YjGp+yuPFIAB1HCdPHT7hkJvr1Y\""},{"key":"Date","value":"Mon, 06 Apr 2026 12:04:00 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 200,\n \"message\": \"Category breakdown fetched successfully\",\n \"data\": [\n {\n \"type\": \"INCOME\",\n \"category\": \"Salary\",\n \"total\": 170000\n },\n {\n \"type\": \"INCOME\",\n \"category\": \"Freelance\",\n \"total\": 32000\n },\n {\n \"type\": \"EXPENSE\",\n \"category\": \"Marketing\",\n \"total\": 28500\n },\n {\n \"type\": \"INCOME\",\n \"category\": \"Consulting\",\n \"total\": 15000\n },\n {\n \"type\": \"EXPENSE\",\n \"category\": \"Travel\",\n \"total\": 11000\n },\n {\n \"type\": \"EXPENSE\",\n \"category\": \"Software\",\n \"total\": 5300\n },\n {\n \"type\": \"EXPENSE\",\n \"category\": \"Rent\",\n \"total\": 3600\n },\n {\n \"type\": \"EXPENSE\",\n \"category\": \"Utilities\",\n \"total\": 1100.5\n }\n ]\n}"}],"_postman_id":"66e1d118-a22d-43d9-b656-2ffd77d3fb99"},{"name":"recent-activity","id":"9a619982-17e7-4d2e-892e-6ab5c3edd3bd","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/dashboard/recent-activity?limit=4","description":"

Recent Activity

Returns the most recent financial records ordered by creation time. Default limit is 5.

Access

All roles — ADMIN, ANALYST, VIEWER
Creator details (name, email, role) are hidden for VIEWER role.

Query Parameters

limit — number of recent records to return, default 5

Notes

Returns up to the requested limit — if fewer records exist, returns all available
\n
Ordered by createdAt descending — most recent first
\n
VIEWER sees record data but not who created it — creator field is excluded
\n
Soft deleted records are excluded
\n

Responses

200 Recent activity fetched successfully — returns array of recent records
\n
401 Access token is missing or invalid
\n
403 Your account is inactive. Please contact admin
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","dashboard","recent-activity"],"host":["localhost"],"query":[{"key":"limit","value":"4"}],"variable":[]}},"response":[{"id":"b0f03ec6-2168-4bc8-9aa0-fe223c69eb86","name":"recent-activity","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":{"raw":"http://localhost:4000/api/v1/dashboard/recent-activity?limit=4","protocol":"http","host":["localhost"],"port":"4000","path":["api","v1","dashboard","recent-activity"],"query":[{"key":"limit","value":"4"}]}},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"1306"},{"key":"ETag","value":"W/\"51a-WAm9/t8ksVU0eRhFbq+U/0NrvcM\""},{"key":"Date","value":"Mon, 06 Apr 2026 12:05:03 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 200,\n \"message\": \"Recent activity fetched successfully\",\n \"data\": [\n {\n \"id\": 56,\n \"amount\": \"5000.00\",\n \"type\": \"EXPENSE\",\n \"category\": \"Marketing\",\n \"date\": \"2026-04-06\",\n \"notes\": \"Ad campaign\",\n \"createdBy\": 1,\n \"isDeleted\": false,\n \"createdAt\": \"2026-04-06T11:39:51.000Z\",\n \"updatedAt\": \"2026-04-06T11:39:51.000Z\",\n \"records\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\"\n }\n },\n {\n \"id\": 55,\n \"amount\": \"5000.00\",\n \"type\": \"EXPENSE\",\n \"category\": \"Marketing\",\n \"date\": \"2026-03-15\",\n \"notes\": \"Social media\",\n \"createdBy\": 1,\n \"isDeleted\": false,\n \"createdAt\": \"2026-04-06T03:53:29.000Z\",\n \"updatedAt\": \"2026-04-06T03:53:29.000Z\",\n \"records\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\"\n }\n },\n {\n \"id\": 54,\n \"amount\": \"5000.00\",\n \"type\": \"EXPENSE\",\n \"category\": \"Marketing\",\n \"date\": \"2026-03-15\",\n \"notes\": \"Social media\",\n \"createdBy\": 1,\n \"isDeleted\": false,\n \"createdAt\": \"2026-04-05T19:44:15.000Z\",\n \"updatedAt\": \"2026-04-05T19:44:15.000Z\",\n \"records\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\"\n }\n },\n {\n \"id\": 53,\n \"amount\": \"5000.00\",\n \"type\": \"EXPENSE\",\n \"category\": \"Marketing\",\n \"date\": \"2026-03-15\",\n \"notes\": \"Social media\",\n \"createdBy\": 1,\n \"isDeleted\": false,\n \"createdAt\": \"2026-04-05T19:26:15.000Z\",\n \"updatedAt\": \"2026-04-05T19:26:15.000Z\",\n \"records\": {\n \"id\": 1,\n \"name\": \"Harsh Goel\",\n \"email\": \"admin@example.com\",\n \"role\": \"ADMIN\"\n }\n }\n ]\n}"}],"_postman_id":"9a619982-17e7-4d2e-892e-6ab5c3edd3bd"},{"name":"trends","id":"d4572c96-f256-41af-a83a-b39591432183","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":""}]},"isInherited":false},"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/dashboard/trends","description":"

Monthly Trends

Returns monthly aggregated income and expense totals, useful for visualizing financial trends over time.

Access

ANALYST and ADMIN only — returns 403 for Viewer

Notes

Results are grouped by month in YYYY-MM format and ordered ascending
\n
Each month entry contains separate income and expense totals
\n
Months with only income or only expense will show 0 for the missing type
\n
Computed using SQL DATE_FORMAT and GROUP BY — efficient for large datasets
\n
Soft deleted records are excluded
\n

Responses

200 Monthly trends fetched successfully — returns array of month, income, expense
\n
401 Access token is missing or invalid
\n
403 You do not have permission to perform this action
\n

\n","urlObject":{"protocol":"http","port":"4000","path":["api","v1","dashboard","trends"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"15e44144-d64d-4649-90c1-058c83bb13b9","name":"trends","originalRequest":{"method":"GET","header":[],"body":{"mode":"raw","raw":""},"url":"http://localhost:4000/api/v1/dashboard/trends"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Powered-By","value":"Express"},{"key":"Access-Control-Allow-Origin","value":"*"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"291"},{"key":"ETag","value":"W/\"123-dr4by516C49cUKa8PC9FCpLN76Y\""},{"key":"Date","value":"Mon, 06 Apr 2026 12:05:37 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": true,\n \"statusCode\": 200,\n \"message\": \"Monthly trends fetched successfully\",\n \"data\": [\n {\n \"month\": \"2026-01\",\n \"income\": 85000,\n \"expense\": 4850.5\n },\n {\n \"month\": \"2026-02\",\n \"income\": 15000,\n \"expense\": 10350\n },\n {\n \"month\": \"2026-03\",\n \"income\": 117000,\n \"expense\": 29300\n },\n {\n \"month\": \"2026-04\",\n \"income\": 0,\n \"expense\": 5000\n }\n ]\n}"}],"_postman_id":"d4572c96-f256-41af-a83a-b39591432183"}],"id":"90dd661d-6e41-45d8-9b8b-af283fd1c921","description":"

Dashboard Analytics

This module provides aggregated financial insights and analytics for monitoring the overall financial health of the system.

Access

Summary & Recent Activity — all roles (ADMIN, ANALYST, VIEWER)
\n
Category Breakdown & Monthly Trends — ANALYST and ADMIN only
\n
VIEWER has limited access — creator details are hidden in recent activity
\n

Notes

All analytics are computed directly from the database using SQL aggregations — no in-memory computation
\n
Soft deleted records are excluded from all analytics
\n
Summary supports optional date range filtering for period-specific insights
\n
Monthly trends are returned in ascending order by month
\n

Endpoints

GET /dashboard/summary — All roles — Total income, expenses and net balance
\n
GET /dashboard/recent-activity — All roles — Latest N financial records
\n
GET /dashboard/category-breakdown — ANALYST, ADMIN — Totals grouped by type and category
\n
GET /dashboard/monthly-trends — ANALYST, ADMIN — Monthly income vs expense trends
\n

\n","_postman_id":"90dd661d-6e41-45d8-9b8b-af283fd1c921"}]}