Backend Specifications
Comprehensive API specifications for Flutter CBT Application
Backend Framework: Go with Fiber framework
API Documentation: Swagger (use fiber-swagger for automatic documentation)
Architecture: Microservices (separate services for different functionalities)
Database: Your choice (PostgreSQL/MongoDB recommended)
Handles user registration, login, password reset, and JWT token management.
/api/auth/register
Register a new user account
{
"full_name": "David Johnson",
"email": "david.johnson@email.com",
"password": "SecurePassword123!"
}| Field | Type | Required | Description |
|---|---|---|---|
| full_name | string | Yes | User's full name (min: 2, max: 100 chars) |
| string | Yes | Valid email address (unique) | |
| password | string | Yes | Password (min: 8 chars) |
{
"success": true,
"message": "Account created successfully",
"data": {
"user_id": "uuid-string",
"full_name": "David Johnson",
"email": "david.johnson@email.com",
"account_status": "none",
"created_at": "2024-01-15T10:30:00Z"
},
"token": {
"access_token": "jwt-token-string",
"refresh_token": "refresh-token-string",
"expires_in": 3600
}
}{
"success": false,
"message": "Email already exists",
"errors": [
{
"field": "email",
"message": "This email is already registered"
}
]
}/api/auth/login
Authenticate user and return access tokens
{
"email": "david.johnson@email.com",
"password": "SecurePassword123!"
}{
"success": true,
"message": "Login successful",
"data": {
"user_id": "uuid-string",
"full_name": "David Johnson",
"email": "david.johnson@email.com",
"account_status": "none",
"profile_completed": false,
"last_login": "2024-01-15T10:30:00Z"
},
"token": {
"access_token": "jwt-token-string",
"refresh_token": "refresh-token-string",
"expires_in": 3600
}
}{
"success": false,
"message": "Invalid credentials",
"errors": [
{
"field": "credentials",
"message": "Email or password is incorrect"
}
]
}/api/auth/forgot-password
Send password reset link to user's email
{
"email": "david.johnson@email.com"
}{
"success": true,
"message": "Password reset link sent to your email",
"data": {
"email": "david.johnson@email.com",
"reset_token_expires": "2024-01-15T11:30:00Z"
}
}/api/auth/reset-password
Reset user password using reset token
{
"reset_token": "reset-token-string",
"new_password": "NewSecurePassword123!"
}{
"success": true,
"message": "Password reset successfully",
"data": {
"user_id": "uuid-string",
"password_changed_at": "2024-01-15T10:30:00Z"
}
}Separate authentication system for admin users with enhanced security and different endpoints.
/api/admin/auth/register
Register a new admin account (requires super admin approval)
{
"full_name": "Admin User",
"email": "admin@cbtapp.com",
"password": "AdminSecurePassword123!",
"admin_code": "ADMIN_REGISTRATION_CODE_2024",
"department": "System Administration",
"phone": "+234801234567"
}| Field | Type | Required | Description |
|---|---|---|---|
| full_name | string | Yes | Admin's full name |
| string | Yes | Admin email address (unique) | |
| password | string | Yes | Strong password (min: 12 chars) |
| admin_code | string | Yes | Special registration code for admins |
| department | string | Yes | Admin department/role |
| phone | string | Yes | Admin phone number |
{
"success": true,
"message": "Admin account created successfully. Awaiting approval.",
"data": {
"admin_id": "admin-uuid-string",
"full_name": "Admin User",
"email": "admin@cbtapp.com",
"department": "System Administration",
"status": "pending_approval",
"created_at": "2024-01-15T10:30:00Z"
}
}{
"success": false,
"message": "Invalid admin registration code",
"errors": [
{
"field": "admin_code",
"message": "The provided admin code is invalid or expired"
}
]
}/api/admin/auth/login
Authenticate admin user and return admin access tokens
{
"email": "admin@cbtapp.com",
"password": "AdminSecurePassword123!",
"two_factor_code": "123456"
}| Field | Type | Required | Description |
|---|---|---|---|
| string | Yes | Admin email address | |
| password | string | Yes | Admin password |
| two_factor_code | string | No | 2FA code (if enabled) |
{
"success": true,
"message": "Admin login successful",
"data": {
"admin_id": "admin-uuid-string",
"full_name": "Admin User",
"email": "admin@cbtapp.com",
"department": "System Administration",
"role": "admin",
"permissions": [
"manage_users",
"manage_vouchers",
"view_analytics",
"system_settings"
],
"last_login": "2024-01-15T10:30:00Z",
"status": "active"
},
"token": {
"access_token": "admin-jwt-token-string",
"refresh_token": "admin-refresh-token-string",
"expires_in": 7200,
"token_type": "admin"
}
}{
"success": false,
"message": "Admin account not approved",
"errors": [
{
"field": "account_status",
"message": "Your admin account is pending approval. Contact super admin."
}
]
}/api/admin/auth/forgot-password
Send password reset link to admin's email
{
"email": "admin@cbtapp.com",
"admin_code": "ADMIN_RESET_CODE_2024"
}{
"success": true,
"message": "Admin password reset link sent to your email",
"data": {
"email": "admin@cbtapp.com",
"reset_token_expires": "2024-01-15T11:30:00Z"
}
}/api/admin/auth/logout
Logout admin user and invalidate tokens
Authorization: Bearer {admin_access_token}{
"success": true,
"message": "Admin logged out successfully",
"data": {
"admin_id": "admin-uuid-string",
"logged_out_at": "2024-01-15T10:30:00Z"
}
}Manages user profile information including personal details, location, and education information.
/api/profile
Get current user's profile information
Authorization: Bearer {access_token}{
"success": true,
"data": {
"user_id": "uuid-string",
"full_name": "David Johnson",
"email": "david.johnson@email.com",
"age": 20,
"phone": "+234801234567",
"date_of_birth": "2004-01-15",
"country": "Nigeria",
"state": "Lagos",
"school": "University of Lagos",
"profile_completed": true,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
}
}/api/profile
Update user profile information
Authorization: Bearer {access_token}{
"age": 20,
"phone": "+234801234567",
"date_of_birth": "2004-01-15",
"country": "Nigeria",
"state": "Lagos",
"school": "University of Lagos"
}| Field | Type | Required | Description |
|---|---|---|---|
| age | integer | Yes | User's age (10-100) |
| phone | string | Yes | Phone number with country code |
| date_of_birth | string | Yes | Date in YYYY-MM-DD format |
| country | string | Yes | Country name |
| state | string | Yes | State/Province name |
| school | string | Yes | School/University name |
{
"success": true,
"message": "Profile updated successfully",
"data": {
"user_id": "uuid-string",
"profile_completed": true,
"updated_at": "2024-01-15T10:30:00Z"
}
}Manages user agreement to disclaimer terms and conditions.
/api/disclaimer/accept
Record user's acceptance of disclaimer terms
Authorization: Bearer {access_token}{
"agreed": true,
"disclaimer_version": "1.0",
"ip_address": "192.168.1.1"
}{
"success": true,
"message": "Disclaimer accepted successfully",
"data": {
"user_id": "uuid-string",
"agreed": true,
"disclaimer_version": "1.0",
"accepted_at": "2024-01-15T10:30:00Z"
}
}/api/disclaimer/status
Check if user has accepted the current disclaimer
Authorization: Bearer {access_token}{
"success": true,
"data": {
"user_id": "uuid-string",
"has_agreed": true,
"disclaimer_version": "1.0",
"accepted_at": "2024-01-15T10:30:00Z",
"current_version": "1.0",
"needs_update": false
}
}Manages exam bodies, subjects, and user exam selections.
/api/exams/bodies
Get list of available exam bodies
{
"success": true,
"data": {
"nigerian_exams": [
{
"id": "jamb",
"name": "JAMB",
"description": "Joint Admissions and Matriculation Board",
"max_subjects": 4,
"required_subjects": ["English Language", "Mathematics"]
},
{
"id": "waec",
"name": "WAEC",
"description": "West African Examinations Council",
"max_subjects": 9,
"required_subjects": ["English Language", "Mathematics"]
},
{
"id": "neco",
"name": "NECO",
"description": "National Examinations Council",
"max_subjects": 9,
"required_subjects": ["English Language", "Mathematics"]
},
{
"id": "post-utme",
"name": "Post-UTME",
"description": "Post Unified Tertiary Matriculation Exam",
"max_subjects": 4,
"required_subjects": ["English Language", "Mathematics"]
}
],
"international_exams": [
{
"id": "ielts",
"name": "IELTS",
"description": "International English Language Testing",
"sections": ["Listening", "Reading", "Writing", "Speaking"]
},
{
"id": "toefl",
"name": "TOEFL",
"description": "Test of English as a Foreign Language",
"sections": ["Reading", "Listening", "Speaking", "Writing"]
}
]
}
}/api/exams/{exam_body_id}/subjects
Get available subjects for a specific exam body
| Parameter | Type | Description |
|---|---|---|
| exam_body_id | string | Exam body identifier (jamb, waec, neco, etc.) |
{
"success": true,
"data": {
"exam_body": "jamb",
"categories": {
"core_subjects": [
{
"id": "english",
"name": "English Language",
"required": true,
"category": "core"
},
{
"id": "mathematics",
"name": "Mathematics",
"required": true,
"category": "core"
}
],
"science_subjects": [
{
"id": "physics",
"name": "Physics",
"required": false,
"category": "science"
},
{
"id": "chemistry",
"name": "Chemistry",
"required": false,
"category": "science"
},
{
"id": "biology",
"name": "Biology",
"required": false,
"category": "science"
}
],
"arts_subjects": [
{
"id": "literature",
"name": "Literature in English",
"required": false,
"category": "arts"
},
{
"id": "government",
"name": "Government",
"required": false,
"category": "arts"
}
]
}
}
}/api/exams/user-selection
Save user's exam body and subject selections
Authorization: Bearer {access_token}{
"exam_body": "jamb",
"selected_subjects": [
"english",
"mathematics",
"physics",
"chemistry"
]
}{
"success": true,
"message": "Exam selection saved successfully",
"data": {
"user_id": "uuid-string",
"exam_body": "jamb",
"selected_subjects": [
"english",
"mathematics",
"physics",
"chemistry"
],
"created_at": "2024-01-15T10:30:00Z"
}
}/api/exams/user-selection
Get user's current exam selections
Authorization: Bearer {access_token}{
"success": true,
"data": {
"user_id": "uuid-string",
"exam_body": "jamb",
"selected_subjects": [
{
"id": "english",
"name": "English Language",
"category": "core"
},
{
"id": "mathematics",
"name": "Mathematics",
"category": "core"
},
{
"id": "physics",
"name": "Physics",
"category": "science"
},
{
"id": "chemistry",
"name": "Chemistry",
"category": "science"
}
],
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
}
}Manages user's identified weak areas and improvement goals for personalized learning.
/api/weaknesses
Save user's identified weak areas and improvement goals
Authorization: Bearer {access_token}{
"subject": "mathematics",
"weak_areas": [
"Linear equations",
"Quadratic equations",
"Differentiation"
],
"improvement_goals": [
"Speed and Accuracy",
"Problem-solving techniques",
"Time management"
]
}| Field | Type | Required | Description |
|---|---|---|---|
| subject | string | Yes | Subject identifier |
| weak_areas | array | No | List of specific topics user finds challenging |
| improvement_goals | array | No | List of skills user wants to improve |
{
"success": true,
"message": "Weakness assessment saved successfully",
"data": {
"user_id": "uuid-string",
"subject": "mathematics",
"weak_areas": [
"Linear equations",
"Quadratic equations",
"Differentiation"
],
"improvement_goals": [
"Speed and Accuracy",
"Problem-solving techniques",
"Time management"
],
"created_at": "2024-01-15T10:30:00Z"
}
}/api/weaknesses
Get user's weakness assessments for all subjects
Authorization: Bearer {access_token}{
"success": true,
"data": [
{
"subject": "mathematics",
"weak_areas": [
"Linear equations",
"Quadratic equations"
],
"improvement_goals": [
"Speed and Accuracy",
"Problem-solving techniques"
],
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"subject": "physics",
"weak_areas": [
"Motion",
"Forces"
],
"improvement_goals": [
"Understanding concepts",
"Application of knowledge"
],
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
}
]
}/api/subjects/{subject_id}/topics
Get available topics for a specific subject
| Parameter | Type | Description |
|---|---|---|
| subject_id | string | Subject identifier (mathematics, physics, etc.) |
{
"success": true,
"data": {
"subject": "mathematics",
"categories": {
"Algebra": [
"Linear equations",
"Quadratic equations",
"Polynomials",
"Factorization"
],
"Geometry": [
"Angles",
"Triangles",
"Circles",
"Area and Perimeter"
],
"Calculus": [
"Differentiation",
"Integration",
"Limits",
"Applications"
]
}
}
}Manages user account status including trial periods, premium subscriptions, and access control.
/api/account/status
Get current user's account status and subscription details
Authorization: Bearer {access_token}{
"success": true,
"data": {
"user_id": "uuid-string",
"account_status": "trial",
"subscription_type": "trial",
"is_active": true,
"trial_started_at": "2024-01-15T10:30:00Z",
"expires_at": "2024-01-26T10:30:00Z",
"days_remaining": 11,
"features_access": {
"practice_questions": true,
"progress_tracking": true,
"unlimited_access": false
},
"usage_limits": {
"daily_questions": 50,
"questions_used_today": 15
}
}
}/api/account/start-trial
Start 11-day free trial for user
Authorization: Bearer {access_token}{
"exam_type": "jamb",
"selected_subjects": [
"english",
"mathematics",
"physics",
"chemistry"
]
}{
"success": true,
"message": "Trial started successfully",
"data": {
"user_id": "uuid-string",
"account_status": "trial",
"trial_started_at": "2024-01-15T10:30:00Z",
"expires_at": "2024-01-26T10:30:00Z",
"trial_duration_days": 11,
"exam_type": "jamb",
"selected_subjects": [
"english",
"mathematics",
"physics",
"chemistry"
]
}
}{
"success": false,
"message": "Trial already used",
"errors": [
{
"field": "trial",
"message": "User has already used their free trial"
}
]
}/api/account/trial-status
Check if user's trial is still valid
Authorization: Bearer {access_token}{
"success": true,
"data": {
"user_id": "uuid-string",
"has_trial": true,
"trial_active": true,
"trial_expired": false,
"started_at": "2024-01-15T10:30:00Z",
"expires_at": "2024-01-26T10:30:00Z",
"days_remaining": 8,
"hours_remaining": 192
}
}/api/account/upgrade
Upgrade account to premium (used after voucher activation)
Authorization: Bearer {access_token}{
"subscription_type": "premium",
"duration_months": 6,
"voucher_code": "ABCD1234EFGH5678",
"payment_method": "voucher"
}{
"success": true,
"message": "Account upgraded successfully",
"data": {
"user_id": "uuid-string",
"account_status": "voucher",
"subscription_type": "premium",
"activated_at": "2024-01-15T10:30:00Z",
"expires_at": "2024-07-15T10:30:00Z",
"duration_months": 6,
"features_access": {
"practice_questions": true,
"progress_tracking": true,
"unlimited_access": true,
"detailed_analytics": true
}
}
}Manages voucher codes for account activation and premium subscriptions.
/api/vouchers/validate
Validate voucher code before activation
Authorization: Bearer {access_token}{
"voucher_code": "ABCD1234EFGH5678"
}{
"success": true,
"message": "Voucher is valid",
"data": {
"voucher_code": "ABCD1234EFGH5678",
"is_valid": true,
"is_used": false,
"subscription_type": "premium",
"duration_months": 6,
"value": "₦1,000",
"expires_at": "2025-12-31T23:59:59Z"
}
}{
"success": false,
"message": "Invalid voucher code",
"errors": [
{
"field": "voucher_code",
"message": "Voucher code is invalid or has already been used"
}
]
}/api/vouchers/activate
Activate voucher code and upgrade user account
Authorization: Bearer {access_token}{
"voucher_code": "ABCD1234EFGH5678"
}{
"success": true,
"message": "Voucher activated successfully",
"data": {
"user_id": "uuid-string",
"voucher_code": "ABCD1234EFGH5678",
"activated_at": "2024-01-15T10:30:00Z",
"subscription_type": "premium",
"duration_months": 6,
"account_expires_at": "2024-07-15T10:30:00Z",
"previous_status": "trial",
"new_status": "voucher"
}
}/api/vouchers/history
Get user's voucher activation history
Authorization: Bearer {access_token}{
"success": true,
"data": [
{
"voucher_code": "ABCD1234EFGH5678",
"activated_at": "2024-01-15T10:30:00Z",
"subscription_type": "premium",
"duration_months": 6,
"value": "₦1,000",
"status": "active"
}
]
}Manages different user roles: students and agents (voucher resellers).
/api/users/role
Get current user's role and permissions
Authorization: Bearer {access_token}{
"success": true,
"data": {
"user_id": "uuid-string",
"role": "student",
"role_details": {
"name": "Student",
"description": "Regular student account",
"permissions": [
"access_practice",
"view_progress",
"use_vouchers"
]
},
"assigned_at": "2024-01-15T10:30:00Z"
}
}/api/users/role
Update user role (admin only)
Authorization: Bearer {admin_access_token}{
"user_id": "target-user-uuid",
"new_role": "agent",
"reason": "User approved as voucher reseller"
}| Field | Type | Required | Description |
|---|---|---|---|
| user_id | string | Yes | Target user's UUID |
| new_role | string | Yes | New role: student, agent, admin |
| reason | string | No | Reason for role change |
{
"success": true,
"message": "User role updated successfully",
"data": {
"user_id": "target-user-uuid",
"previous_role": "student",
"new_role": "agent",
"updated_by": "admin-user-uuid",
"updated_at": "2024-01-15T10:30:00Z",
"reason": "User approved as voucher reseller"
}
}/api/roles
Get all available roles and their permissions
{
"success": true,
"data": {
"roles": [
{
"id": "student",
"name": "Student",
"description": "Regular student account",
"permissions": [
"access_practice",
"view_progress",
"use_vouchers",
"update_profile"
]
},
{
"id": "agent",
"name": "Agent",
"description": "Voucher reseller account",
"permissions": [
"access_practice",
"view_progress",
"use_vouchers",
"update_profile",
"sell_vouchers",
"view_sales_dashboard",
"generate_voucher_reports"
]
},
{
"id": "admin",
"name": "Administrator",
"description": "System administrator",
"permissions": [
"*"
]
}
]
}
}/api/users/role-application
Apply for role change (student to agent)
Authorization: Bearer {access_token}{
"requested_role": "agent",
"business_name": "EduTech Solutions",
"business_address": "123 Education Street, Lagos",
"phone_number": "+234801234567",
"reason": "I want to help students in my community access quality education",
"experience": "5 years in educational services",
"documents": [
{
"type": "business_registration",
"url": "https://example.com/documents/business_reg.pdf"
},
{
"type": "identification",
"url": "https://example.com/documents/id_card.pdf"
}
]
}{
"success": true,
"message": "Role application submitted successfully",
"data": {
"application_id": "app-uuid-string",
"user_id": "uuid-string",
"requested_role": "agent",
"status": "pending",
"submitted_at": "2024-01-15T10:30:00Z",
"estimated_review_time": "3-5 business days"
}
}Swagger Documentation: Use fiber-swagger to automatically generate interactive API documentation at /swagger/index.html
Authentication: All protected endpoints require JWT Bearer token in Authorization header
Admin Authentication: Separate admin endpoints with enhanced security and different token validation
Account Status Enum: Use the three account status types (none, trial, voucher) for easy access control
Error Handling: Return consistent error responses with appropriate HTTP status codes
Database: Design normalized database schema with proper relationships and indexes
Validation: Implement server-side validation for all input data
Security: Implement rate limiting, input sanitization, and CORS policies
Logging: Add comprehensive logging for debugging and monitoring