Collections are your starting point for building and testing APIs. You can use this one to:
\n• Group related requests
• Test your API in real-world scenarios
• Document and share your requests
Update the name and overview whenever you’re ready to make it yours.
\nLearn more about Postman Collections.
\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"53758015","collectionId":"8d319857-52f3-4afb-86f6-94b07735b2d5","publishedId":"2sBXiqEU2C","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"publishDate":"2026-04-05T16:23:22.000Z"},"item":[{"name":"Sanity Check","id":"4f77ef95-9094-4e6f-b931-fae1bc16e12d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"http://localhost:4000/api/health","description":"This endpoint is used to perform a health check on the API server to ensure it is running and accessible.
\nMethod: GET
Endpoint: http://localhost:4000/api/health
Status Code: 200 OK
Content-Type: application/json
Response Body:
\nok (boolean): Indicates the health status of the server. A value of true signifies that the server is operational.{\n \"ok\": true\n}\n\nThis endpoint does not require any parameters and returns a simple JSON object indicating the server's health status.
\n","urlObject":{"protocol":"http","port":"4000","path":["api","health"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"e838546e-4cfd-4c27-a722-b7a07f47e768","name":"New Request","originalRequest":{"method":"GET","header":[],"url":"http://localhost:4000/api/health"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Request-Id","value":"fb51b2e4-852e-44f8-a487-faf00118aab8"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"11"},{"key":"ETag","value":"W/\"b-Ai2R8hgEarLmHKwesT1qcY913ys\""},{"key":"Date","value":"Sun, 05 Apr 2026 15:32:05 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"ok\": true\n}"}],"_postman_id":"4f77ef95-9094-4e6f-b931-fae1bc16e12d"},{"name":"register","id":"2e19fdd7-9941-45b1-a9c3-dc539ca53734","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"email\": \"user@gmail.com\",\r\n \"password\": \"user@1234\",\r\n \"name\": \"user\",\r\n \"role\" : \"Admin\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/auth/register","description":"This endpoint is used to register a new user in the system. It allows clients to create an account by providing necessary user details.
\nMethod: POST
\nURL: http://localhost:4000/api/auth/register
The request body must be in JSON format and should include the following parameters:
\nExample Request Body:
\n{\n \"email\": \"user@example.com\",\n \"password\": \"SecurePassword123\",\n \"name\": \"John Doe\",\n \"role\": \"User\"\n}\n\nUpon successful registration, the server will respond with a JSON object containing the following structure:
\nExample Response:
\n{\n \"success\": true,\n \"message\": \"User registered successfully.\",\n \"user\": {\n \"email\": \"user@example.com\",\n \"name\": \"John Doe\",\n \"role\": \"User\"\n }\n}\n\nEnsure that the email provided is unique and not already registered in the system.
\nThe password must comply with the system's security policies.
\nThis endpoint allows users to authenticate themselves by logging in with their email and password. Upon successful authentication, the server responds with user details.
\nMethod: POST
\nURL: http://localhost:4000/api/auth/login
Content-Type: application/json
\nThe request body must be in JSON format and include the following parameters:
\nemail (string): The email address of the user attempting to log in.
\npassword (string): The password associated with the user's account.
\nExample Request Body:
\n{\n \"email\": \"user@example.com\",\n \"password\": \"your_password\"\n}\n\nOn a successful login, the API will respond with a status code of 200 and a JSON object containing user details.
Content-Type: application/json
\n{\"user\": { \"id\": \"\", \"email\": \"\", \"name\": \"\", \"role\": \"\", \"status\": \"\", \"createdAt\": \"\", \"updatedAt\": \"\"}}
\nThe response includes the following fields:
\nuser: An object containing user information.
\nid: The unique identifier for the user.
\nemail: The email address of the user.
\nname: The name of the user.
\nrole: The role assigned to the user (e.g., admin, user).
\nstatus: The current status of the user account (e.g., active, inactive).
\ncreatedAt: Timestamp of when the user account was created.
\nupdatedAt: Timestamp of the last update to the user account.
\nEnsure that the email and password provided in the request body are correct to receive a successful response.
\n","urlObject":{"protocol":"http","port":"4000","path":["api","auth","login"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"b7bbcff3-30f9-4db3-b8ab-a55e0d77e74f","name":"login","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"email\": \"harsh.ramchandani122003@gmail.com\",\r\n \"password\": \"Harsh@1234\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/auth/login"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Request-Id","value":"cf1ad779-27ca-4c38-9687-d16dcdf7729d"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"60;w=900"},{"key":"RateLimit-Limit","value":"60"},{"key":"RateLimit-Remaining","value":"58"},{"key":"RateLimit-Reset","value":"757"},{"key":"Set-Cookie","value":"token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI2OWQxNzkyNTgwYjgxNjY3ODE2ZWQ2NWEiLCJpYXQiOjE3NzU0MDU5MTQsImV4cCI6MTc3NjAxMDcxNH0.vrhvQyUhamqBHdFrzTrIzyJ2n0LbtBwJYP9qId9YBSQ; Max-Age=604800; Path=/; Expires=Sun, 12 Apr 2026 16:18:34 GMT; HttpOnly; SameSite=Lax"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"212"},{"key":"ETag","value":"W/\"d4-EcX3v+XEZ9BeKq9h5LT0xwkKnF4\""},{"key":"Date","value":"Sun, 05 Apr 2026 16:18:34 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"user\": {\n \"id\": \"69d1792580b81667816ed65a\",\n \"email\": \"harsh.ramchandani122003@gmail.com\",\n \"name\": \"Harsh\",\n \"role\": \"admin\",\n \"status\": \"active\",\n \"createdAt\": \"2026-04-04T20:48:37.144Z\",\n \"updatedAt\": \"2026-04-04T20:48:37.144Z\"\n }\n}"}],"_postman_id":"2d1ab861-d5eb-4810-a3a5-b711660a46e6"},{"name":"Using auth on other requests","id":"1d05ba18-fb35-441b-bb3b-a1d3ed4ef51a","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"bearer","bearer":{"basicConfig":[{"key":"token","value":"StartFragment
\nRequest
\nMethod: GET
URL: http://localhost:4000/api/auth/me
Body: None.
\nDescription
Returns the logged-in user as JSON. Identity comes from the JWT: either the token httpOnly cookie (if the client sends cookies) or Authorization: Bearer <jwt>. No query or body parameters.
Expected response (200)
JSON shape:
{ \"user\": { \"id\": \"\", \"email\": \"\", \"name\": \"\", \"role\": \"viewer\" | \"analyst\" | \"admin\", \"status\": \"active\" | \"inactive\", \"createdAt\": \"\", \"updatedAt\": \"\" }}
\nPasswords and internal fields are never returned.
\nError responses
\n401 — Missing/invalid/expired token, or user id in token not found.
\n403 — Account inactive (status not active).
500 — Server misconfiguration (e.g. JWT_SECRET missing).
Notes
\nIn Postman: use Bearer Token on this tab or enable the cookie jar after login/register on the same host (localhost:4000).
Do not send a body for this request.
\nYou can paste the Description / Expected Response / Notes sections into Postman’s documentation panel as separate blocks or one combined description.
\nEndFragment
\n","urlObject":{"protocol":"http","port":"4000","path":["api","auth","me"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"b9c30320-4a90-40b9-9051-7e763a3ac655","name":"Using auth on other requests","originalRequest":{"method":"GET","header":[],"url":"http://localhost:4000/api/auth/me"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Request-Id","value":"50eeb44c-cbd3-4083-8c9d-e21ac327eafb"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"60;w=900"},{"key":"RateLimit-Limit","value":"60"},{"key":"RateLimit-Remaining","value":"57"},{"key":"RateLimit-Reset","value":"745"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"212"},{"key":"ETag","value":"W/\"d4-EcX3v+XEZ9BeKq9h5LT0xwkKnF4\""},{"key":"Date","value":"Sun, 05 Apr 2026 16:18:46 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"user\": {\n \"id\": \"69d1792580b81667816ed65a\",\n \"email\": \"harsh.ramchandani122003@gmail.com\",\n \"name\": \"Harsh\",\n \"role\": \"admin\",\n \"status\": \"active\",\n \"createdAt\": \"2026-04-04T20:48:37.144Z\",\n \"updatedAt\": \"2026-04-04T20:48:37.144Z\"\n }\n}"}],"_postman_id":"1d05ba18-fb35-441b-bb3b-a1d3ed4ef51a"},{"name":"dashboard summary","id":"4fa49acb-7738-494b-b986-b65129b7d1e9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"http://localhost:4000/api/dashboard/summary","description":"This endpoint retrieves a summary of the user's financial dashboard, providing insights into total income, expenses, net balance, recent activities, and trends over specified periods.
\nMethod: GET
\nURL: http://localhost:4000/api/dashboard/summary
Headers:
\nContent-Type: application/json
(Include any authentication headers if required)
\nThe response will return a JSON object containing the following structure:
\nsummary: An object summarizing the financial data.
\ntotalIncome: Total income amount (number).
totalExpense: Total expense amount (number).
netBalance: Net balance amount (number).
categoryTotals: An array of objects representing totals for each category.
\nEach object includes:
\ncategory: Name of the category (string).
income: Total income for the category (number).
expense: Total expense for the category (number).
net: Net amount for the category (number).
recentActivity: An array of recent financial activities.
\nEach object includes:
\nid: Unique identifier for the activity (string).
amount: Amount of the activity (number).
type: Type of the activity (string).
category: Category associated with the activity (string).
date: Date of the activity (string).
notes: Any notes related to the activity (string).
createdAt: Timestamp of when the activity was created (string).
trends: An object containing trend analysis data.
\ngranularity: The granularity of the trend data (string).
buckets: An array of objects representing trend data for different periods.
Each object includes:
\nperiod: The period of the trend (string).
year: Year of the trend (number).
month: Month of the trend (number).
label: Label for the trend (string).
income: Income for the period (number).
expense: Expense for the period (number).
net: Net amount for the period (number).
filters: An object containing filter criteria.
\ndateFrom: Start date for filtering activities (nullable).
dateTo: End date for filtering activities (nullable).
This endpoint does not require a request body, as it is a GET request. The response will provide a comprehensive overview of the user's financial summary, enabling effective tracking and analysis of their financial activities.
\n","urlObject":{"protocol":"http","port":"4000","path":["api","dashboard","summary"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"d7abd1f1-30a0-433c-a9b8-2111618e9c36","name":"dashboard summary","originalRequest":{"method":"GET","header":[],"url":"http://localhost:4000/api/dashboard/summary"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Request-Id","value":"10fa58eb-4049-4f40-ad89-a9b7044acc07"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"300;w=900"},{"key":"RateLimit-Limit","value":"300"},{"key":"RateLimit-Remaining","value":"299"},{"key":"RateLimit-Reset","value":"900"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"687"},{"key":"ETag","value":"W/\"2af-FSUQv6Ctv9KMoTkw+LWaLukwoyk\""},{"key":"Date","value":"Sun, 05 Apr 2026 16:18:53 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"summary\": {\n \"totalIncome\": 241,\n \"totalExpense\": 0,\n \"netBalance\": 241\n },\n \"categoryTotals\": [\n {\n \"category\": \"salary\",\n \"income\": 241,\n \"expense\": 0,\n \"net\": 241\n }\n ],\n \"recentActivity\": [\n {\n \"id\": \"69d17ff85990cbc8fb05746c\",\n \"amount\": 120.5,\n \"type\": \"income\",\n \"category\": \"salary\",\n \"date\": \"2026-04-01T00:00:00.000Z\",\n \"notes\": \"Test\",\n \"createdAt\": \"2026-04-04T21:17:44.200Z\"\n },\n {\n \"id\": \"69d281c277e34e46300af7e3\",\n \"amount\": 120.5,\n \"type\": \"income\",\n \"category\": \"salary\",\n \"date\": \"2026-04-01T00:00:00.000Z\",\n \"notes\": \"Test\",\n \"createdAt\": \"2026-04-05T15:37:38.563Z\"\n }\n ],\n \"trends\": {\n \"granularity\": \"month\",\n \"buckets\": [\n {\n \"period\": \"month\",\n \"year\": 2026,\n \"month\": 4,\n \"label\": \"2026-04\",\n \"income\": 241,\n \"expense\": 0,\n \"net\": 241\n }\n ]\n },\n \"filters\": {\n \"dateFrom\": null,\n \"dateTo\": null\n }\n}"}],"_postman_id":"4fa49acb-7738-494b-b986-b65129b7d1e9"},{"name":"Create a finance record (admin)","id":"66b35485-0b2a-48e6-b9a5-da53dbb8281c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"amount\": 120.5,\r\n \"type\": \"income\",\r\n \"category\": \"salary\",\r\n \"date\": \"2026-04-01\",\r\n \"notes\": \"Test\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/finance/records","description":"This endpoint allows users to create a new finance record by submitting details about the transaction. The record can represent either an income or an expense, categorized accordingly.
\nMethod: POST
\nURL: http://localhost:4000/api/finance/records
Headers:
\nContent-Type: application/json
Authentication: Ensure that the request includes a valid authentication token in the headers if required by your application.
\nThe request body must be a JSON object containing the following parameters:
\n{\n \"amount\": 120.5,\n \"type\": \"income\",\n \"category\": \"salary\",\n \"date\": \"2026-04-01\",\n \"notes\": \"Test\"\n}\n\nUpon successful creation of the finance record, the server will respond with a status code of 201 Created and a JSON object containing the details of the created record.
The response will include the following fields:
\n{\n \"record\": {\n \"id\": \"unique_record_id\",\n \"amount\": 120.5,\n \"type\": \"income\",\n \"category\": \"salary\",\n \"date\": \"2026-04-01\",\n \"notes\": \"Test\",\n \"createdBy\": \"user_id\",\n \"createdAt\": \"2026-04-01T00:00:00Z\",\n \"updatedAt\": \"2026-04-01T00:00:00Z\"\n }\n}\n\nEnsure that all required fields are included in the request body.
\nValidate the input data to conform to expected formats to avoid errors.
\nThis endpoint allows users to retrieve a specific finance record by its unique identifier. It is useful for fetching detailed information about a particular financial transaction stored in the system.
\nMethod: GET
\nURL: http://localhost:4000/api/finance/records/{id}
Path Parameter:
\nid (string): The unique identifier of the finance record you wish to retrieve. In this example, the id is 69d0f45aeb88ff548e3e66a6.Status Code: 200 OK
\nContent-Type: application/json
\n{\"record\": { \"id\": \"\", // Unique identifier of the record \"amount\": 0, // Amount of the transaction \"type\": \"\", // Type of the transaction (e.g., income, expense) \"category\": \"\", // Category of the transaction (e.g., food, travel) \"date\": \"\", // Date of the transaction \"notes\": \"\", // Additional notes related to the transaction \"createdBy\": \"\", // Identifier of the user who created the record \"createdAt\": \"\", // Timestamp when the record was created \"updatedAt\": \"\" // Timestamp when the record was last updated}}
\nTo use this endpoint effectively, ensure that you replace {id} in the URL with the actual identifier of the finance record you wish to access. The response will provide you with a JSON object containing all relevant details of the specified finance record, allowing you to understand its characteristics and history.
This endpoint retrieves a list of finance records from the server. It allows users to access existing financial data, which can include various attributes related to each record.
\nMethod: GET
\nURL: http://localhost:4000/api/finance/records
Upon a successful request, the server responds with a JSON object containing the following structure:
\ndata: An array of finance records, each record includes:
\nid: A unique identifier for the finance record.
\namount: The monetary value associated with the record.
\ntype: The type of financial transaction (e.g., income, expense).
\ncategory: The category under which the transaction falls (e.g., groceries, utilities).
\ndate: The date when the transaction occurred.
\nnotes: Any additional notes related to the transaction.
\ncreatedBy: The identifier of the user who created the record.
\ncreatedAt: The timestamp when the record was created.
\nupdatedAt: The timestamp when the record was last updated.
\npage: The current page number of the returned records.
\nlimit: The maximum number of records returned per page.
\ntotal: The total number of records available.
\n{\n \"data\": [\n {\n \"id\": \"\",\n \"amount\": 0,\n \"type\": \"\",\n \"category\": \"\",\n \"date\": \"\",\n \"notes\": \"\",\n \"createdBy\": \"\",\n \"createdAt\": \"\",\n \"updatedAt\": \"\"\n }\n ],\n \"page\": 0,\n \"limit\": 0,\n \"total\": 0\n}\n\nThis endpoint is useful for users who need to review their financial records and gain insights into their financial activities.
\n","urlObject":{"protocol":"http","port":"4000","path":["api","finance","records"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"4d63f357-51ce-44eb-9f36-cf7bf1f9a551","name":"List records (GET) — analyst or admin","originalRequest":{"method":"GET","header":[],"url":"http://localhost:4000/api/finance/records"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Request-Id","value":"800ea8e6-a083-4575-a5ec-bccfe37c095d"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"300;w=900"},{"key":"RateLimit-Limit","value":"300"},{"key":"RateLimit-Remaining","value":"295"},{"key":"RateLimit-Reset","value":"854"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"793"},{"key":"ETag","value":"W/\"319-DnWtX4RZIDRRj+9igtqxAHoy6XQ\""},{"key":"Date","value":"Sun, 05 Apr 2026 16:19:40 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"data\": [\n {\n \"id\": \"69d17ff85990cbc8fb05746c\",\n \"amount\": 120.5,\n \"type\": \"income\",\n \"category\": \"salary\",\n \"date\": \"2026-04-01T00:00:00.000Z\",\n \"notes\": \"Test\",\n \"createdBy\": \"69d1792580b81667816ed65a\",\n \"createdAt\": \"2026-04-04T21:17:44.200Z\",\n \"updatedAt\": \"2026-04-04T21:17:44.200Z\"\n },\n {\n \"id\": \"69d281c277e34e46300af7e3\",\n \"amount\": 120.5,\n \"type\": \"income\",\n \"category\": \"salary\",\n \"date\": \"2026-04-01T00:00:00.000Z\",\n \"notes\": \"Test\",\n \"createdBy\": \"69d1792580b81667816ed65a\",\n \"createdAt\": \"2026-04-05T15:37:38.563Z\",\n \"updatedAt\": \"2026-04-05T15:37:38.563Z\"\n },\n {\n \"id\": \"69d28b7577e34e46300af7f2\",\n \"amount\": 120.5,\n \"type\": \"income\",\n \"category\": \"salary\",\n \"date\": \"2026-04-01T00:00:00.000Z\",\n \"notes\": \"Test\",\n \"createdBy\": \"69d1792580b81667816ed65a\",\n \"createdAt\": \"2026-04-05T16:19:01.110Z\",\n \"updatedAt\": \"2026-04-05T16:19:01.110Z\"\n }\n ],\n \"page\": 1,\n \"limit\": 20,\n \"total\": 3\n}"}],"_postman_id":"39d4caa4-53dd-4d81-b5e2-df96da222048"},{"name":"Update record (PATCH) — admin only","id":"502ee7c8-b651-4e3d-a506-0bd4e5af1b08","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\r\n \"amount\": 200,\r\n \"notes\": \"Updated via Postman\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/finance/records/69d0f45aeb88ff548e3e66a6","description":"This endpoint allows you to update an existing finance record identified by its unique ID.
\nMethod: PATCH
\nEndpoint: http://localhost:4000/api/finance/records/{id}
Path Parameter:
\nid (string): The unique identifier of the finance record to be updated.The request body must be in JSON format and can include the following parameters:
\namount (number): The updated amount for the finance record.
notes (string): Additional notes related to the finance record.
Example Request Body:
\n{\n \"amount\": 200,\n \"notes\": \"Updated via Postman\"\n}\n\nUpon a successful update, the response will return a status code of 200 and the updated finance record in JSON format.
Response Format:
\n{\n \"record\": {\n \"id\": \"\",\n \"amount\": 0,\n \"type\": \"\",\n \"category\": \"\",\n \"date\": \"\",\n \"notes\": \"\",\n \"createdBy\": \"\",\n \"createdAt\": \"\",\n \"updatedAt\": \"\"\n }\n}\n\nThe response includes the updated fields of the finance record, confirming the changes made.
\n","urlObject":{"protocol":"http","port":"4000","path":["api","finance","records","69d0f45aeb88ff548e3e66a6"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"1c1e6d87-262a-4e5e-9d2d-dd33cf474c78","name":"Update record (PATCH) — admin only","originalRequest":{"method":"PATCH","header":[],"body":{"mode":"raw","raw":"{\r\n \"amount\": 200,\r\n \"notes\": \"Updated via Postman\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4000/api/finance/records/69d0f45aeb88ff548e3e66a6"},"status":"Not Found","code":404,"_postman_previewlanguage":null,"header":[{"key":"X-Request-Id","value":"3162025f-75d7-4939-b013-ff2519890a0b"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"300;w=900"},{"key":"RateLimit-Limit","value":"300"},{"key":"RateLimit-Remaining","value":"294"},{"key":"RateLimit-Reset","value":"844"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"30"},{"key":"ETag","value":"W/\"1e-AEuiJmu5BwTG8l6l2ONcbwZ5ITA\""},{"key":"Date","value":"Sun, 05 Apr 2026 16:19:50 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"message\": \"Record not found\"\n}"}],"_postman_id":"502ee7c8-b651-4e3d-a506-0bd4e5af1b08"},{"name":"delete record","id":"83d73758-8286-4641-9bad-87e2ee7545d2","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"DELETE","header":[],"url":"http://localhost:4000/api/finance/records/69d2091c43f94b5ef16260fd","description":"This endpoint is used to delete a specific finance record identified by its unique ID. By sending a DELETE request to this endpoint, the client can remove the record from the database.
\nMethod: DELETE
\nURL: http://localhost:4000/api/finance/records/{id}
Path Parameter:
\nid (string): The unique identifier of the finance record to be deleted. In this example, the ID is 69d2091c43f94b5ef16260fd.No request body is required for this operation.
\nUpon successful deletion of the record, the server responds with:
\nStatus Code: 200 OK
\nContent-Type: application/json
\nResponse Body:
\nmessage (string): A confirmation message indicating the successful deletion of the record. In this case, the message is an empty string.{\n \"message\": \"\"\n}\n\nThis response indicates that the deletion was successful, and no additional information is provided.
\n","urlObject":{"protocol":"http","port":"4000","path":["api","finance","records","69d2091c43f94b5ef16260fd"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"88d9d75a-6e11-4964-879c-3c2fd6cec309","name":"delete record","originalRequest":{"method":"DELETE","header":[],"url":"http://localhost:4000/api/finance/records/69d28b7577e34e46300af7f2"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Request-Id","value":"d7c4119d-fe5e-4ef0-8f5c-77e04e6baaf1"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"300;w=900"},{"key":"RateLimit-Limit","value":"300"},{"key":"RateLimit-Remaining","value":"292"},{"key":"RateLimit-Reset","value":"822"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"39"},{"key":"ETag","value":"W/\"27-tdA2Exx0sT0vDUAN05U2G8fxNi4\""},{"key":"Date","value":"Sun, 05 Apr 2026 16:20:11 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"message\": \"Deleted data successfully\"\n}"}],"_postman_id":"83d73758-8286-4641-9bad-87e2ee7545d2"},{"name":"pagination","id":"2376dd19-fa14-4b67-a0ea-123554b3b0d7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"http://localhost:4000/api/users?page=1&limit=5","description":"This endpoint allows you to retrieve a list of users from the system. You can paginate the results by specifying the page and limit parameters.
page=1 retrieves the first page of results.limit=5 returns up to 5 user records.GET http://localhost:4000/api/users?page=1&limit=5\nOn a successful request, the server responds with a status code of 200 and a JSON object containing the following fields:
data (array): An array of user objects, each containing:
\npage (integer): The current page number of the results.
\nlimit (integer): The number of records returned per page.
\ntotal (integer): The total number of user records available.
\npage and limit parameters are provided to avoid errors.This endpoint retrieves financial records within a specified date range. It allows users to query for records that fall between two dates, enabling effective financial data management and reporting.
\ndateFrom (required): The start date for the records to be retrieved, formatted as YYYY-MM-DD.
dateTo (required): The end date for the records to be retrieved, formatted as YYYY-MM-DD.
GET http://localhost:4000/api/finance/records?dateFrom=2026-01-01&dateTo=2026-12-31\n\nOn a successful request, the API will return a JSON object with the following structure:
\ndata: An array of financial record objects, each containing:
\nid: A unique identifier for the record.
\namount: The monetary value associated with the record.
\ntype: The type of financial transaction (e.g., income, expense).
\ncategory: The category under which the transaction falls.
\ndate: The date of the transaction.
\nnotes: Any additional notes related to the transaction.
\ncreatedBy: The user who created the record.
\ncreatedAt: Timestamp of when the record was created.
\nupdatedAt: Timestamp of when the record was last updated.
\npage: The current page number of the results.
\nlimit: The maximum number of records returned per page.
\ntotal: The total number of records available that match the query.
\n{\n \"data\": [\n {\n \"id\": \"\",\n \"amount\": 0,\n \"type\": \"\",\n \"category\": \"\",\n \"date\": \"\",\n \"notes\": \"\",\n \"createdBy\": \"\",\n \"createdAt\": \"\",\n \"updatedAt\": \"\"\n }\n ],\n \"page\": 0,\n \"limit\": 0,\n \"total\": 0\n}\n\nEnsure that the dateFrom is earlier than dateTo to retrieve valid records.
If no records are found within the specified date range, the data array will be empty, while total will indicate the count of records found.
This endpoint is used to authenticate a user by logging them into the system.
\nPOST
http://localhost:4000/api/auth/login
The request body must be sent in JSON format and should include the following parameters:
\nemail (string): The email address of the user attempting to log in.
\npassword (string): The password associated with the user's account.
\nUpon a successful login, the server will respond with a status code indicating the result of the authentication attempt.
\nStatus Code: 429 indicates that the user has made too many requests in a given amount of time.
Content-Type: application/json
Response Body: The response will contain a JSON object with a message key, which may provide additional context regarding the status of the request.
\nEnsure that the email and password provided are correct to avoid receiving error responses. If you encounter a 429 status, consider reducing the frequency of login attempts.
This endpoint is used to log out a user from the application. When a user sends a POST request to this endpoint, it will terminate the user's session and invalidate any associated authentication tokens.
\nMethod: POST
\nURL: http://localhost:4000/api/auth/logout
Request Body: The request body is expected to be empty for this endpoint. No additional parameters are required.
\nUpon a successful logout, the server will respond with:
\nStatus Code: 200 OK
\nContent-Type: application/json
\n{\"message\": \"\"}
The response will contain a message field, which may be used to convey additional information regarding the logout operation, although it may be empty.
This endpoint effectively handles user logout operations, ensuring that the user is properly logged out and that their session is terminated without requiring any specific request body parameters.
\n","urlObject":{"protocol":"http","port":"4000","path":["api","auth","logout"],"host":["localhost"],"query":[],"variable":[]}},"response":[{"id":"87857a4a-be6c-47c6-be8b-8d50d1d3f5c0","name":"logout","originalRequest":{"method":"POST","header":[],"url":"http://localhost:4000/api/auth/logout"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"X-Request-Id","value":"8c8dc58e-8f24-44c5-a815-2603d7271f88"},{"key":"Cross-Origin-Opener-Policy","value":"same-origin"},{"key":"Origin-Agent-Cluster","value":"?1"},{"key":"Referrer-Policy","value":"no-referrer"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubDomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-DNS-Prefetch-Control","value":"off"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"X-XSS-Protection","value":"0"},{"key":"Vary","value":"Origin, Accept-Encoding"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"RateLimit-Policy","value":"60;w=900"},{"key":"RateLimit-Limit","value":"60"},{"key":"RateLimit-Remaining","value":"55"},{"key":"RateLimit-Reset","value":"628"},{"key":"Set-Cookie","value":"token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax"},{"key":"Content-Type","value":"application/json; charset=utf-8"},{"key":"Content-Length","value":"37"},{"key":"ETag","value":"W/\"25-71uUsMgZY3FdZp9j1h5YMrBIOgg\""},{"key":"Date","value":"Sun, 05 Apr 2026 16:20:42 GMT"},{"key":"Connection","value":"keep-alive"},{"key":"Keep-Alive","value":"timeout=5"}],"cookie":[],"responseTime":null,"body":"{\n \"message\": \"Logged out successfully\"\n}"}],"_postman_id":"54196500-1440-4e98-a67e-6aa3841df1b4"}]}