{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"5556e6a3-fdb6-4a2e-9cd3-9fe0001104ec","name":"Finance Backend API","description":"\\# Finance Backend API  \nComplete backend API for financial data processing with role-based access control.  \n\\---  \nEnvironment (All Token)-[https://www.postman.com/satyamtiwari454obra-786100/workspace/satyam-tiwari-s-workspace/environment/50990912-7e18714b-89c0-4ab4-9327-343556a5127c?action=share&amp;creator=50990912&amp;active-environment=50990912-50d00a24-f7ee-40cd-b57e-97775bd41424](https://www.postman.com/satyamtiwari454obra-786100/workspace/satyam-tiwari-s-workspace/environment/50990912-7e18714b-89c0-4ab4-9327-343556a5127c?action=share&creator=50990912&active-environment=50990912-50d00a24-f7ee-40cd-b57e-97775bd41424)  \n\\## 🌐 Base URL  \n**Production (Live):**\n\n[https://finance-data-processing-and-access-control-production-7fa6.up.railway.app](https://finance-data-processing-and-access-control-production-7fa6.up.railway.app)  \nStartFragment\n\nPlain Text\n\nCOMPLETE API ENDPOINTS LIST  \nBase URL Variable: {{base_url}}  \nLive URL: [https://finance-data-processing-and-access-control-production-7fa6.up.railway.app](https://finance-data-processing-and-access-control-production-7fa6.up.railway.app)\n\n1️⃣ AUTHENTICATION\n\nMethod Endpoint Description Auth Required  \nPOST {{base_url}}/api/auth/register Register Viewer/Analyst ❌ No  \nPOST {{base_url}}/api/auth/login Login (All users) ❌ No  \nPOST {{base_url}}/api/auth/register-admin Register Admin (needs secret key) ❌ No\n\nFull URLs:\n\nPOST {{base_url}}/api/auth/register  \nPOST {{base_url}}/api/auth/login  \nPOST {{base_url}}/api/auth/register-admin\n\n2️⃣ USER MANAGEMENT (Admin Only)\n\nMethod Endpoint Description Auth Required  \nGET {{base_url}}/api/users Get all users ✅ Admin  \nPATCH {{base_url}}/api/users/:userId/role Update user role ✅ Admin  \nPATCH {{base_url}}/api/users/:userId/status Activate/Deactivate user ✅ Admin  \nDELETE {{base_url}}/api/users/:userId Delete user ✅ Admin\n\nFull URLs:\n\nGET {{base_url}}/api/users  \nPATCH {{base_url}}/api/users/:userId/role  \nPATCH {{base_url}}/api/users/:userId/status  \nDELETE {{base_url}}/api/users/:userId\n\n3️⃣ TRANSACTIONS\n\nMethod Endpoint Description Auth Required  \nGET {{base_url}}/api/transactions Get all transactions ✅ All Users  \nGET {{base_url}}/api/transactions/:id Get single transaction ✅ All Users  \nPOST {{base_url}}/api/transactions Create transaction ✅ Admin  \nPUT {{base_url}}/api/transactions/:id Update transaction ✅ Admin  \nDELETE {{base_url}}/api/transactions/:id Delete transaction ✅ Admin\n\nFull URLs:\n\nGET {{base_url}}/api/transactions  \nGET {{base_url}}/api/transactions/:id  \nPOST {{base_url}}/api/transactions  \nPUT {{base_url}}/api/transactions/:id  \nDELETE {{base_url}}/api/transactions/:id\n\nFilter Options:\n\nGET {{base_url}}/api/transactions?type=income  \nGET {{base_url}}/api/transactions?type=expense  \nGET {{base_url}}/api/transactions?category=Salary  \nGET {{base_url}}/api/transactions?startDate=2025-01-01&endDate=2025-01-31\n\n4️⃣ DASHBOARD & ANALYTICS\n\nMethod Endpoint Description Auth Required  \nGET {{base_url}}/api/dashboard/summary Get financial summary ✅ Analyst, Admin  \nGET {{base_url}}/api/dashboard/category-breakdown Category-wise breakdown ✅ Analyst, Admin  \nGET {{base_url}}/api/dashboard/monthly-trends Monthly trends ✅ Analyst, Admin  \nGET {{base_url}}/api/dashboard/recent Recent activity ✅ All Users\n\nFull URLs:\n\nGET {{base_url}}/api/dashboard/summary  \nGET {{base_url}}/api/dashboard/category-breakdown  \nGET {{base_url}}/api/dashboard/monthly-trends  \nGET {{base_url}}/api/dashboard/recent?limit=10\n\n🔐 TEST CREDENTIALS\n\nUser Email Password Role Token Variable\n\nAdmin [admin@company.com](https://mailto:admin@company.com) Admin@123 Admin {{admin_token}}  \nLisa Director [lisa@company.com](https://mailto:lisa@company.com) lisa123 Admin {{lisa_token}}  \nMichael Manager [michael@company.com](https://mailto:michael@company.com) michael123 Admin {{michael_token}}  \nJaya Analyst [jaya@company.com](https://mailto:jaya@company.com) jaya123 Analyst {{jaya_token}}  \nAmogh Viewer [amogh@company.com](https://mailto:amogh@company.com) amogh123 Viewer {{amogh_token}}  \nSarah Johnson [sarah@company.com](https://mailto:sarah@company.com) sarah123 Viewer {{sarah_token}}  \nAdmin Secret Key: superSecretAdminKey999\n\n📝 SAMPLE REQUESTS  \nLogin (Get Token)  \ntext  \nPOST {{base_url}}/api/auth/login  \nHeaders:  \nContent-Type: application/json  \nBody:  \n{  \n\"email\": \"[admin@company.com](https://mailto:admin@company.com)\",  \n\"password\": \"Admin@123\"  \n}  \nGet All Users (Admin)\n\nGET {{base_url}}/api/users  \nHeaders:  \nAuthorization: Bearer {{admin_token}}  \nCreate Transaction (Admin)\n\nPOST {{base_url}}/api/transactions  \nHeaders:  \nAuthorization: Bearer {{admin_token}}  \nContent-Type: application/json  \nBody:  \n{  \n\"amount\": 5000,  \n\"type\": \"income\",  \n\"category\": \"Salary\",  \n\"date\": \"2025-01-20\",  \n\"description\": \"Monthly salary\"  \n}  \nGet Dashboard Summary (Analyst/Admin)\n\nGET {{base_url}}/api/dashboard/summary  \nHeaders:  \nAuthorization: Bearer {{jaya_token}}  \nView Transactions (Viewer)\n\nGET {{base_url}}/api/transactions  \nHeaders:  \nAuthorization: Bearer {{amogh_token}}  \n**Local (Development):**\n\n[http://localhost:5000](http://localhost:5000)\n\n\\## Authentication & Tokens  \nAll protected endpoints require JWT token in Authorization header:\n\nAuthorization: Bearer YOUR_JWT_TOKEN\n\n\\### Available Test Users  \n| User | Email | Password | Role | Token Variable |  \n|------|-------|----------|------|----------------|  \n| **Admin** | \\`[admin@company.com](https://mailto:admin@company.com)\\` | \\`Admin@123\\` | Admin | \\`{{admin_token}}\\` |  \n| **Lisa Director** | \\`[lisa@company.com](https://mailto:lisa@company.com)\\` | \\`lisa123\\` | Admin | \\`{{lisa_token}}\\` |  \n| **Michael Manager** | \\`[michael@company.com](https://mailto:michael@company.com)\\` | \\`michael123\\` | Admin (Promoted) | \\`{{michael_token}}\\` |  \n| **Jaya Analyst** | \\`[jaya@company.com](https://mailto:jaya@company.com)\\` | \\`jaya123\\` | Analyst | \\`{{jaya_token}}\\` |  \n| **Amogh Viewer** | \\`[amogh@company.com](https://mailto:amogh@company.com)\\` | \\`amogh123\\` | Viewer | \\`{{amogh_token}}\\` |  \n| **Sarah Johnson** | \\`[sarah@company.com](https://mailto:sarah@company.com)\\` | \\`sarah123\\` | Viewer | \\`{{sarah_token}}\\` |  \n\\### Admin Secret Key (for creating new admins)\n\nsuperSecretAdminKey999\n\n\\---  \n\\## How to Use Tokens  \n\\### Step 1: Login First  \nRun any **\"Login as...\"** request to get a fresh token.  \nExample:\n\nPOST /api/auth/login  \nBody: { \"email\": \"[admin@company.com](https://mailto:admin@company.com)\", \"password\": \"Admin@123\" }\n\n\\### Step 2: Token Auto-Saved  \nThe login request automatically saves the token to environment variable.  \n\\### Step 3: Use Token in Requests  \nIn any protected endpoint, add header:\n\nAuthorization: Bearer {{admin_token}}\n\nOr use different role:\n\nAuthorization: Bearer {{jaya_token}}  \nAuthorization: Bearer {{amogh_token}}\n\n\\### Token Expiration  \n⚠️ Tokens expire after **24 hours**. If you get \\`401 Unauthorized\\`, re-run the login request.  \n\\---  \n\\## 👥 User Roles & Permissions  \n| Role | Can View Data | Can View Analytics | Can Create/Edit | Can Manage Users |  \n|------|---------------|-------------------|-----------------|------------------|  \n| **Viewer**| ✅ | ❌ | ❌ | x |  \n| **Analyst** | ✅ | ✅ | ❌ | ❌ |  \n| **Admin** | ✅ | ✅ | ✅ | ✅ |\n\n  \n\\### What Each Role Can Do\n\n  \n**Viewer** (Amogh, Sarah):  \n\\- ✅ View all transactions  \n\\- ✅ View recent activity  \n\\- ❌ Cannot create/edit/delete transactions  \n\\- ❌ Cannot access analytics dashboard  \n\\- ❌ Cannot manage users\n\n  \n**Analyst** (Jaya):  \n\\- ✅ All Viewer permissions  \n\\- ✅ Access dashboard summary  \n\\- ✅ View category breakdown  \n\\- ✅ View monthly trends  \n\\- ❌ Cannot create/edit/delete transactions  \n\\- ❌ Cannot manage users\n\n  \n**Admin** (Admin, Lisa, Michael):  \n\\- ✅ All Analyst permissions  \n\\- ✅ Create/Update/Delete transactions  \n\\- ✅ Manage users (promote, demote, deactivate)  \n\\- ✅ Full system access  \n\\---  \n\\## Rate Limits  \n| Endpoint Type | Limit | Window |  \n|--------------|-------|--------|  \n| General API | 100 requests | 15 minutes |  \n| Authentication (Login/Register) | 20 attempts | 15 minutes |  \n| Admin Registration | 15 attempts | 1 hour |  \n| Transaction Creation | 10 requests | 1 minute |  \n\\---  \n\\## 🚀 Quick Start Testing  \n\\### 1️⃣ Test Basic Authentication  \nRun: **\"Login as Admin\"**  \n\\- ✅ Should return token  \n\\- ✅ Token auto-saved to \\`{{admin_token}}\\`  \n\\### 2️⃣ Test Admin Access  \nRun: **\"Get All Users\"** (with \\`{{admin_token}}\\`)  \n\\- ✅ Should return list of users  \n\\- ✅ Shows you have admin access  \n\\### 3️⃣ Test Transaction Creation  \nRun: **\"Admin Creates Income\"** (with \\`{{admin_token}}\\`)  \n\\- ✅ Should create transaction  \n\\- ✅ Returns transaction details  \n\\### 4️⃣ Test Viewer Access  \nRun: **\"Amogh Views Transactions\"** (with \\`{{amogh_token}}\\`)  \n\\- ✅ Viewer CAN view transactions  \n\\### 5️⃣ Test Access Control  \nRun: **\"Amogh Tries to Create\"** (with \\`{{amogh_token}}\\`)  \n\\- ❌ Should return **403 Forbidden**  \n\\- ✅ Proves access control works  \n\\### 6️⃣ Test Analytics Access  \nRun: **\"Get Dashboard Summary\"** (with \\`{{jaya_token}}\\`)  \n\\- ✅ Analyst CAN access analytics  \nRun: **\"Amogh Tries Dashboard\"** (with \\`{{amogh_token}}\\`)  \n\\- ❌ Should return **403 Forbidden**  \n\\- ✅ Viewer cannot access analytics  \n\\---  \n\\## Resources  \n\\- **GitHub Repository:** [https://github.com/yourusername/finance-backend](https://github.com/yourusername/finance-backend)  \n\\- **Live API Base URL:** [https://finance-data-processing-and-access-control-production-7fa6.up.railway.app](https://finance-data-processing-and-access-control-production-7fa6.up.railway.app)  \n\\- **Documentation:** Complete README with setup instructions in repository  \n\\- **Support:** satyamtiwari454obra@gmail.com  \n\\---  \n\\## 🆘 Troubleshooting  \n\\### \"401 Unauthorized\"  \n\\- **Cause:** Token expired or missing  \n\\- **Solution:** Run login request again to get fresh token  \n\\### \"403 Forbidden\"  \n\\- **Cause:** User doesn't have permission for this action  \n\\- **Solution:** Use admin token for admin-only endpoints  \n\\### \"429 Too Many Requests\"  \n\\- **Cause:** Rate limit exceeded  \n\\- **Solution:** Wait 15 minutes or test with different endpoint  \n\\### \"400 Bad Request\"  \n\\- **Cause:** Missing or invalid request body  \n\\- **Solution:** Check required fields in request documentation","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":true,"owner":"50990912","team":12335035,"collectionId":"5556e6a3-fdb6-4a2e-9cd3-9fe0001104ec","publishedId":"2sBXiqG9oq","public":true,"publicUrl":"https://documenter-api.postman.tech/view/50990912/2sBXiqG9oq","privateUrl":"https://go.postman.co/documentation/50990912-5556e6a3-fdb6-4a2e-9cd3-9fe0001104ec","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":""}],"appearance":{"default":"light","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.10.1","publishDate":"2026-04-06T21:09:50.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[{"name":"Finance API - Production","id":"09e8f675-181f-47c1-8385-cca4ab3e1ccf","owner":"50990912","values":[{"key":"base_url","value":"https://finance-data-processing-and-access-control-production-7fa6.up.railway.app","enabled":true,"type":"default"},{"key":"admin_token","value":"<JSON_WEB_TOKEN>","enabled":true,"type":"default"},{"key":"lisa_token","value":"<JSON_WEB_TOKEN>","enabled":true,"type":"default"},{"key":"michael_token","value":"<JSON_WEB_TOKEN>","enabled":true,"type":"default"},{"key":"jaya_token","value":"<JSON_WEB_TOKEN>","enabled":true,"type":"default"},{"key":"amogh_token","value":"<JSON_WEB_TOKEN>","enabled":true,"type":"default"},{"key":"sarah_token","value":"<JSON_WEB_TOKEN>","enabled":true,"type":"default"}],"published":true}],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/2e2d532285a32c89a950dd78c5a99bb7abad6f6e3b31559e31773a754152d51a","favicon":""},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"},{"label":"Finance API - Production","value":"50990912-09e8f675-181f-47c1-8385-cca4ab3e1ccf"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/2sBXiqG9oq"}