This collection covers the backend API endpoints for a Finance Dashboard application. It is organized into four functional modules:
\nAuth — Handles user registration for three role types: Admin, Analyst, and Viewer. All requests target POST /api/auth/register.
Users — Provides endpoints to retrieve user data. Includes fetching all users (accessible by Admins), retrieving a specific user by ID, and a role-based access check for Analysts.
\nRecords — Manages financial records. Supports creating records as an Admin, retrieving all records as an Analyst, filtering records by type (e.g., expense), and accessing a dashboard summary. Also includes an access control test to verify role-based restrictions.
\nDashboard — Contains summary endpoints for the finance dashboard, with role-specific requests for Analysts and Viewers to validate access control behavior.
\nAll requests run against a local development server at http://localhost:8080 and are designed to test both core functionality and role-based access control (RBAC) across Admin, Analyst, and Viewer roles.
Registers a new user with the ADMIN role. Sends a POST request to the auth registration endpoint with the user's name, email, and role. Use this to set up an admin account that has full access to the Finance Dashboard system.
\n","urlObject":{"protocol":"http","port":"8080","path":["api","auth","register"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"a64a6655-e758-429a-b142-d3528924a444"},{"name":"register viewer","id":"311b6fad-93a5-4784-a481-adff5542f6c4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"name\": \"dexter\",\r\n \"email\": \"dexter1992@finance.in\",\r\n \"role\": \"VIEWER\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/api/auth/register","description":"Registers a new user with the VIEWER role. Sends a POST request to the auth registration endpoint with the user's name, email, and role. Use this to create a read-only account with the most restricted level of access in the system.
\n","urlObject":{"protocol":"http","port":"8080","path":["api","auth","register"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"311b6fad-93a5-4784-a481-adff5542f6c4"},{"name":"register analyst","id":"b43e89d9-ea6e-4564-899a-516899ce6fe3","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"name\": \"Harsh Analyst\",\r\n \"email\": \"harshanalyse@finance.in\",\r\n \"role\": \"ANALYST\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:8080/api/auth/register","description":"Registers a new user with the ANALYST role. Sends a POST request to the auth registration endpoint with the user's name, email, and role. Use this to onboard an analyst who can view and analyze financial records but has restricted administrative privileges.
\n","urlObject":{"protocol":"http","port":"8080","path":["api","auth","register"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"b43e89d9-ea6e-4564-899a-516899ce6fe3"}],"id":"5664538d-cd3f-42ce-ab4f-d19d2f4fcdda","description":"Contains endpoints for user registration across all supported role types: Admin, Analyst, and Viewer. These requests handle the initial onboarding of users into the system and are the entry point for setting up role-based access control.
\n","_postman_id":"5664538d-cd3f-42ce-ab4f-d19d2f4fcdda"},{"name":"Users","item":[{"name":"GET all users — as Ayish (ADMIN)","id":"55ac9ba7-e17c-4b13-8b7a-456e7448e31c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"basicConfig":[{"key":"username","value":"Retrieves the full list of registered users in the system. Authenticated as Ayish (ADMIN) using Basic Auth. Verifies that an admin can successfully access the user management endpoint and view all user accounts.
\n","urlObject":{"protocol":"http","port":"8080","path":["api","users"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"55ac9ba7-e17c-4b13-8b7a-456e7448e31c"},{"name":"GET user by ID","id":"960a1d28-86df-4a99-9866-21d38102aacf","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"basicConfig":[{"key":"username","value":"Fetches the details of a specific user by their ID (ID: 3). Authenticated as Ayish (ADMIN) using Basic Auth. Use this to look up an individual user's profile and confirm that admin-level access allows retrieval of user-specific data.
\n","urlObject":{"protocol":"http","port":"8080","path":["api","users","3"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"960a1d28-86df-4a99-9866-21d38102aacf"},{"name":"GET users as harsh (ANALYST)","id":"ed60c8c6-9180-4dab-b969-67d63c3dc5ba","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"basicConfig":[{"key":"username","value":"Attempts to retrieve the full list of users while authenticated as Harsh (ANALYST) using Basic Auth. Use this to verify how the API handles user listing requests from a non-admin role, and to test whether access control correctly restricts or permits this operation for analysts.
\n","urlObject":{"protocol":"http","port":"8080","path":["api","users"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"ed60c8c6-9180-4dab-b969-67d63c3dc5ba"}],"id":"23b8231e-1d8c-47f4-9c28-153b69df4aa8","description":"Contains endpoints for retrieving user data. Includes requests to fetch all users (accessible by Admins) and to look up a specific user by ID. Also covers role-based access scenarios, such as verifying what user data an Analyst can access.
\n","_postman_id":"23b8231e-1d8c-47f4-9c28-153b69df4aa8"},{"name":"Records","item":[{"name":"financial records as ADMIN","id":"f5e1f579-3b38-4718-bd7a-ee356f87b8a7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"basicConfig":[{"key":"username","value":"Creates a new financial record as an ADMIN user. Sends a POST request with details of an expense entry — including amount, category (Rent), date, and notes — authenticated as Ayish (ADMIN) via Basic Auth. Use this to verify that admins can successfully add financial records to the system.
\n","urlObject":{"protocol":"http","port":"8080","path":["api","records"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"f5e1f579-3b38-4718-bd7a-ee356f87b8a7"},{"name":"GET all records — as Analyst","id":"e1c31aeb-0db8-407a-a6f2-eb416cdacaa2","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"basicConfig":[{"key":"username","value":"Retrieves all financial records in the system, authenticated as Harsh (ANALYST) using Basic Auth. Use this to confirm that analysts have read access to the full list of financial records and that the endpoint returns the expected data for this role.
\n","urlObject":{"protocol":"http","port":"8080","path":["api","records"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"e1c31aeb-0db8-407a-a6f2-eb416cdacaa2"},{"name":"Filter records — as Analyst","id":"b7c0909e-645a-4e66-b198-33a5d44a5dbe","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"basicConfig":[{"key":"username","value":"Fetches financial records filtered by type, using the query parameter type=expense. Authenticated as Harsh (ANALYST) via Basic Auth. Use this to verify that the filter endpoint works correctly and that analysts can narrow down records by transaction type.
Retrieves the dashboard summary data, authenticated as Harsh (ANALYST) using Basic Auth. Use this to confirm that analysts can access aggregated financial metrics and summary statistics from the dashboard endpoint.
\n","urlObject":{"protocol":"http","port":"8080","path":["api","dashboard","summary"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"4dec7166-7852-4ee6-bd22-00b7a0d17e1c"},{"name":"Test access control — as Analyst","id":"1fd41524-bccd-41ea-9be0-cc34bd488166","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"basicConfig":[{"key":"username","value":"Attempts to delete a financial record (ID: 1) while authenticated as Harsh (ANALYST) using Basic Auth. This is an access control test to verify that the ANALYST role is correctly restricted from performing delete operations, and that the API returns an appropriate authorization error.
\n","urlObject":{"protocol":"http","port":"8080","path":["api","records","1"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"1fd41524-bccd-41ea-9be0-cc34bd488166"}],"id":"9fcdae80-bdc9-42cf-ac2e-f9d433a5054b","description":"Contains endpoints for managing financial records. Covers creating new records (as Admin), retrieving all records (as Analyst), filtering records by type (e.g. expense), fetching the dashboard summary, and testing access control to ensure role-based restrictions are enforced correctly.
\n","_postman_id":"9fcdae80-bdc9-42cf-ac2e-f9d433a5054b"},{"name":"Dashboard","item":[{"name":"GET summary — as harsh (ANALYST)","id":"862b473b-b22d-480f-9957-4d4d3487bf05","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"basicConfig":[{"key":"username","value":"Retrieves the dashboard summary, authenticated as Harsh (ANALYST) using Basic Auth. This request duplicates the dashboard summary check to further validate that the analyst role consistently has access to summary data across multiple test runs.
\n","urlObject":{"protocol":"http","port":"8080","path":["api","dashboard","summary"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"862b473b-b22d-480f-9957-4d4d3487bf05"},{"name":"Test access control — GET summary as dexter (VIEWER)","id":"d858fae6-6c69-4aa7-98e8-079d57dd00e6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"basic","basic":{"basicConfig":[{"key":"username","value":"Attempts to access the dashboard summary endpoint as Carol (VIEWER role), authenticated via Basic Auth using the dexter1992@finance.in account. This is an access control test to verify that VIEWER-role users are either granted or denied access to the dashboard summary, confirming the role-based permission boundaries of the system.
\n","urlObject":{"protocol":"http","port":"8080","path":["api","dashboard","summary"],"host":["localhost"],"query":[],"variable":[]}},"response":[],"_postman_id":"d858fae6-6c69-4aa7-98e8-079d57dd00e6"}],"id":"a50dcd57-ff88-4a00-af0e-095aeb49e7b7","description":"Contains endpoints for accessing the finance dashboard summary. Includes role-based access tests to verify that Analysts can retrieve summary data and that Viewers are appropriately restricted, ensuring the dashboard enforces correct permission boundaries.
\n","_postman_id":"a50dcd57-ff88-4a00-af0e-095aeb49e7b7"}]}