API Routes
All API routes are prefixed with /api/v1/.
Auth Routes — /api/v1/auth
All routes are public (no authentication required).
| Method | Path | Description |
|---|---|---|
| POST | /signin | Authenticate with email + password |
| POST | /signup | Register a new user account |
| POST | /verify-signup | Verify email address with token |
| POST | /signup-send-verification | Resend signup verification email |
| POST | /forgot-password | Send password reset email |
| POST | /reset-password | Set new password using reset token |
User Routes — /api/v1/user
All routes require authCheck (valid JWT cookie).
| Method | Path | Description |
|---|---|---|
| POST | /signup | (legacy) Register user |
| POST | /signin | (legacy) Sign in |
| GET | /profile | Get current user's profile |
| PUT | /profile | Update user profile fields |
| PUT | /update-preferences | Update user preferences (e.g. enable_humidity) |
| POST | /update-password | Change password (requires current_password) |
| POST | /logout | Invalidate session token |
Unit Routes — /api/v1/unit
All routes require authCheck.
| Method | Path | Description |
|---|---|---|
| POST | / | Create a new monitoring unit |
| GET | / | List all units for the authenticated user |
| PATCH | / | Update unit settings (thresholds, device link) |
| GET | /live-alerts | Get all units with active threshold alerts |
| PATCH | /recipient | Update email/SMS recipients for unit(s) |
Unit Create/Update Body Fields
json
{
"name": "Cold Room A",
"min_temperature": 2,
"max_temperature": 8,
"min_humidity": 40,
"max_humidity": 80,
"min_volt": 210,
"max_volt": 240,
"device_id": "<objectId>"
}Device Routes — /api/v1/device
All routes require authCheck.
| Method | Path | Description |
|---|---|---|
| GET | / | List devices owned by the authenticated user |
| PATCH | / | Update one or more device names |
| PATCH | /:deviceId/sensor-config | Update the sensor configuration for a device |
Query Parameters for GET /
| Param | Type | Description |
|---|---|---|
page | number | Page number (default: 1) |
limit | number | Items per page (default: 10) |
order_by | string | Field to sort by |
order_type | string | asc or desc |
get_all | boolean | Return all records (no pagination) |
Report Routes — /api/v1/report
All routes require authCheck.
| Method | Path | Description |
|---|---|---|
| GET | /download | Download sensor data report (CSV or PDF) |
| GET | /generate-pdf | Generate and stream a PDF report |
Query Parameters for /download
| Param | Type | Description |
|---|---|---|
unit_id | string | Target unit (must be owned by user) |
from_date | string | Start date (ISO 8601) |
to_date | string | End date (ISO 8601) |
file_type | string | csv or pdf |
Recipient Routes — /api/v1/recipient
All routes require authCheck.
| Method | Path | Description |
|---|---|---|
| POST | / | Create a new notification recipient |
| GET | / | List all active recipients for the user |
| PATCH | /:id | Update recipient (name, email, phone) |
| DELETE | /:id | Soft-delete recipient (removes from units) |
Recipient Body Fields
json
{
"name": "John Doe",
"email": "john@example.com",
"phone": "+1234567890"
}INFO
Deleting a recipient is a soft delete — the status is set to "deleted", the email is mangled, and the recipient is removed from all unit configurations atomically in a MongoDB transaction.
IoT Sensor Data — /api/v1/devices/sensor-data
Device Auth
This route uses deviceAuthCheck (static token), NOT the user JWT cookie. It is exclusively for IoT hardware devices.
| Method | Path | Description |
|---|---|---|
| POST | / | Ingest sensor + network data from device |
Request Headers
Authorization: Au@jsjKAKL9IJK@@Kks
Content-Type: application/jsonRequest Body
json
{
"id": "DEVICE-CODE-001",
"temperature": 5.2,
"humidity": 62.1,
"volt": 220.5,
"seq_no": 1234
}Admin — Devices /api/v1/admin/devices
All routes require adminAuthCheck (user with type === 'admin').
| Method | Path | Description |
|---|---|---|
| POST | / | Create one or more new devices |
| GET | / | List all devices (with filters) |
| POST | /users | Assign devices to a user |
| DELETE | /users | Remove devices from a user |
| PATCH | /batch-settings | Update settings for multiple devices |
| GET | /logs | View device assignment logs |
| GET | /:device_id/sensor-data | View sensor data for a device |
| GET | /:device_id/raw-sensor-data | View raw sensor data for a device |
| GET | /:device_id/diagnostic-data | View diagnostic data for a device |
Admin Device Query Parameters
| Param | Description |
|---|---|
user_id | Filter devices by assigned user |
unassigned_only | Return only unassigned devices |
search_string | Text search on device code/name |
drop_down | Return minimal fields for dropdown use |
page / limit | Pagination |
Admin — Users /api/v1/admin/users
All routes require adminAuthCheck.
| Method | Path | Description |
|---|---|---|
| GET | / | List all users (paginated) |
| GET | /:user_id/units | List units for a specific user |
| GET | /:user_id/devices | List devices for a specific user |
Common Response Format
Success (200 / 201)
json
{
"success": true,
"message": "Fetched successfully",
"data": { }
}Paginated Response
json
{
"success": true,
"message": "...",
"total": 42,
"page": 1,
"limit": 10,
"total_pages": 5,
"has_more": true,
"items": [ ]
}Error (400 / 401 / 403 / 404 / 500)
json
{
"success": false,
"message": "Descriptive error message"
}All responses are generated by helper functions in src/helpers/response.helper.js.