Skip to main content

Stores Management API

Audience: Frontend engineers and administrators managing store data.
  • Base URL: https://jethings-backend.fly.dev
  • Content-Type: application/json

Conventions

  • All responses are JSON.
  • Errors follow standard HTTP status codes with { message: string } body.
  • Unless noted, successful responses are 200 OK.
  • Admin endpoints require admin or super_admin role.
  • All endpoints require authentication via Bearer token.

Create Store

POST /stores Requires Authentication: Bearer token in Authorization header

Request Body

Success Response

Possible Errors

  • 400 Bad Request: Invalid request data or validation errors

Example Request


Update Store (Admin Only)

PUT /stores/:id Requires Authentication: Bearer token in Authorization header
Requires Role: Admin or Super Admin

Path Parameters

  • id (string): Store ID (UUID format)

Request Body

Success Response

Possible Errors

  • 404 Not Found: { "message": "Store not found" }

Example Request


Update Store (User)

PUT /stores/:id/user Requires Authentication: Bearer token in Authorization header

Path Parameters

  • id (string): Store ID (UUID format)

Request Body

Note: Users can only update their own stores and cannot change status or isActive fields.

Success Response

Possible Errors

  • 404 Not Found: { "message": "Store not found or you do not have permission to update it" }

Example Request


Get User’s Stores

GET /stores/my Requires Authentication: Bearer token in Authorization header

Query Parameters

Success Response

Example Requests

Get all user’s stores:
Search stores:
Filter by status:

Get All Stores (Admin Only)

GET /stores Requires Authentication: Bearer token in Authorization header
Requires Role: Admin or Super Admin

Query Parameters

Success Response

Example Requests

Get all stores with pagination:
Search stores:
Filter by user:

Get Store by ID

GET /stores/:id Requires Authentication: Bearer token in Authorization header

Path Parameters

  • id (string): Store ID (UUID format)

Success Response

Possible Errors

  • 404 Not Found: { "message": "Store not found" }

Example Request


Delete Store (Admin Only)

DELETE /stores/:id Requires Authentication: Bearer token in Authorization header
Requires Role: Admin or Super Admin

Path Parameters

  • id (string): Store ID (UUID format)

Success Response

Possible Errors

  • 404 Not Found: { "message": "Store not found" }
Note: This performs a soft delete by setting the deletedAt timestamp. The store data is preserved but hidden from normal queries.

Example Request


Store Status Values

The store status field can have the following values:

Error Responses

Common Error Codes

  • 400 Bad Request: Invalid request data or validation errors
  • 401 Unauthorized: Missing or invalid authentication token
  • 403 Forbidden: Insufficient permissions (not admin for admin-only endpoints)
  • 404 Not Found: Resource not found
  • 500 Internal Server Error: Server error

Error Response Format


Business Logic

Store Creation Flow

  1. User creates a store with name, description, and optional icon
  2. Store is created with status: "pending" and isActive: true
  3. Store names can be duplicated (no uniqueness constraint)
  4. Admin can later approve/reject the store

Store Update Permissions

  • Users: Can update name, description, and icon of their own stores
  • Admins: Can update any field including status and isActive
  • Status Changes: Only admins can change store status (pending/rejected/accepted)

Store Deletion

  • Only admins can delete stores
  • Deletion is soft (sets deletedAt timestamp)
  • Deleted stores are hidden from normal queries but data is preserved