{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"7954357d-f9c9-44af-bfd6-bce2cf3b66e6","name":"Unimarket-API Documentation","description":"> Welcome to the official API documentation for **UniMarket**, a robust multi-vendor campus marketplace backend. This API is built using the **PEN Stack** (PostgreSQL, Express, Node.js) and is designed with a \"Security-First\" approach to handle marketplace transactions, relational data modeling, and secure asset management. \n  \n\n---\n\n## Overview\n\nUniMarket exposes a RESTful HTTP API for:\n\n- User authentication and session management\n    \n- Browsing products and filtering by category\n    \n- Creating and managing product listings (including image uploads)\n    \n\nAll responses are JSON unless otherwise specified.\n\n- **Production base URL (recommended):** `{{base_url}}`\n    \n- **Example:** `{{base_url}}/api/products`\n    \n\nYou can switch between **Unimarket-Local** and **Unimarket-Production** environments in Postman to point the same collection to different backends.\n\n---\n\n## Authentication & Authorization\n\nMost write operations (like posting products) require a valid JSON Web Token (JWT).\n\n1. **Login**  \n    Send a `POST` (or `GET` in this collection as currently defined) request to `/api/auth/login` with your user credentials.\n    \n2. **Token**  \n    On success, the API returns a `token` value. Store this in the Postman environment variable `{{Token}}`.\n    \n3. **Using the token**  \n    All protected routes must include the token via the collection-level API key auth:\n    \n    ``` http\n                     Authorization: Bearer {{Token}}\n    \n     ```\n    \n4. **Auth failures**\n    \n    - Missing or invalid token → `401 Unauthorized` or `403 Forbidden`\n        \n    - Expired token → `401 Unauthorized` with an error message indicating expiration\n        \n\n---\n\n## Environments & Variables\n\nThis collection is designed to work with the following Postman environments:\n\n- **Unimarket-Local** – for local development and testing\n    \n- **Unimarket-Production** – for the live backend\n    \n\nCommon variables:\n\n- `base_url` – Base URL of the API (e.g., `http://localhost:5000` or `https://unimarket-d7nz.onrender.com`)\n    \n- `{{Token}}` – JWT token obtained from the **Auth › Login** endpoint\n    \n\nUpdate these via the **Environment** editor in Postman before running requests.\n\n---\n\n## Rate Limiting & Usage\n\nThe backend implements per-IP rate limiting using `express-rate-limit`. A typical configuration is **100 requests per 15 minutes per IP**. If you exceed the limit, the API returns:\n\n- `429 Too Many Requests`\n    \n\nThe API may also include standard rate limit headers such as:\n\n| Header | Description |\n| --- | --- |\n| `X-RateLimit-Limit` | Maximum number of allowed requests per window. |\n| `X-RateLimit-Remaining` | Remaining number of allowed requests in the current window. |\n| `X-RateLimit-Reset` | UNIX timestamp for when the window resets. |\n\n---\n\n## Error Handling\n\nCommon status codes:\n\n- `200 OK` – Request succeeded\n    \n- `201 Created` – New resource successfully created\n    \n- `400 Bad Request` – Validation error or malformed input\n    \n- `401 Unauthorized` – Missing/invalid auth token\n    \n- `403 Forbidden` – Authenticated but not allowed to perform this action\n    \n- `404 Not Found` – Resource does not exist\n    \n- `409 Conflict` – Duplicate resource or constraint violation\n    \n- `429 Too Many Requests` – Request limit exceeded\n    \n- `500 Internal Server Error` – Unexpected server-side error\n    \n\n---\n\n## Resources in this Collection\n\n### Auth\n\nEndpoints related to user authentication and token issuance.\n\n- `POST /api/auth/register` – Create a new user account, or returns `409 HTTP Status code` if already exists.\n    \n- `POST /api/auth/login` – Authenticate a user and obtain a `token` for subsequent requests.\n    \n\n### Products\n\nEndpoints to list, filter, and create product listings in the UniMarket marketplace.\n\n- `GET /api/products` – List all products\n    \n- `GET /api/products?category_id={id}` – Filter products by category\n    \n- `POST /api/products` – Create a new product listing (requires auth)\n    \n\nRefer to each folder and request description for details on parameters, headers, and example payloads.","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"48552920","team":10253859,"collectionId":"7954357d-f9c9-44af-bfd6-bce2cf3b66e6","publishedId":"2sBXVbGDJs","public":true,"publicUrl":"https://documenter-api.postman.tech/view/48552920/2sBXVbGDJs","privateUrl":"https://go.postman.co/documentation/48552920-7954357d-f9c9-44af-bfd6-bce2cf3b66e6","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-single-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":""}],"appearance":{"default":"light","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.10.1","publishDate":"2025-12-28T07:27:09.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[{"name":"Unimarket-Production","id":"3d69fccf-670d-4702-a38c-deea77ab5c60","owner":"48552920","values":[{"key":"base_url","value":"https://unimarket-d7nz.onrender.com","enabled":true,"type":"default"},{"key":"token ","value":"","enabled":true,"type":"default"},{"key":"token","value":"","enabled":true,"type":"any"}],"published":true}],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/28626dc1ad72e59e287bf45ec831be8320126f5681a524863cdded2a8a7f4715","favicon":""},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"},{"label":"Unimarket-Production","value":"48552920-3d69fccf-670d-4702-a38c-deea77ab5c60"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/2sBXVbGDJs"}