An API that lets users store and keep a detailed log of their health. It allow users to register with an email and password as well as store records that they create.
API currently does not support admin privileges. All data created by the user are only accessible by the user.
##API end-points
Verb | URI Pattern | Controller#Action |
---|---|---|
POST | /sign-up |
users#signup |
POST | /sign-in |
users#signin |
DELETE | /sign-out/:id |
users#signout |
PATCH | /change-password/:id |
users#changepw |
GET | /records |
records#index |
POST | /records |
records#create |
GET | /records/:id |
records#show |
PATCH | /records/:id |
records#update |
All data returned from API actions is formatted as JSON.
Summary:
Request | Response | |||
---|---|---|---|---|
Verb | URI | body | Status | body |
POST | `/sign-up` | credentials | 201, Created | user |
400 Bad Request | empty | |||
POST | `/sign-in` | credentials | 200 OK | user w/token |
401 Unauthorized | empty | |||
DELETE | `/sign-out/:id` | empty | 201 Created | empty |
401 Unauthorized | empty | |||
PATCH | `/change-password/:id` | passwords | 204 No Content | user w/token |
400 Bad Request | empty |
The create
action expects a POST of credentials
identifying a new user to
create, e.g. using getFormFields
:
<form>
<input name="credentials[email]" type="text" value="an@example.email">
<input name="credentials[password]" type="password" value="an example password">
<input name="credentials[password_confirmation]" type="password" value="an example password">
</form>
or using JSON
:
{
"credentials": {
"email": "an@example.email",
"password": "an example password",
"password_confirmation": "an example password"
}
}
The password_confirmation
field is optional.
If the request is successful, the response will have an HTTP Status of 201,
Created, and the body will be JSON containing the id
and email
of the new
user, e.g.:
{
"user": {
"id": 1,
"email": "an@example.email"
}
}
If the request is unsuccessful, the response will have an HTTP Status of 400 Bad Request, and the response body will be empty.
The signin
action expects a POST with credentials
identifying a previously
registered user, e.g.:
<form>
<input name="credentials[email]" type="text" value="an@example.email">
<input name="credentials[password]" type="password" value="an example password">
</form>
or:
{
"credentials": {
"email": "an@example.email",
"password": "an example password"
}
}
If the request is successful, the response will have an HTTP Status of 200 OK,
and the body will be JSON containing the user's id
, email
, and the token
used to authenticate other requests, e.g.:
{
"user": {
"id": 1,
"email": "an@example.email",
"token": "an example authentication token"
}
}
If the request is unsuccessful, the response will have an HTTP Status of 401 Unauthorized, and the response body will be empty.
The signout
actions is a DELETE specifying the id
of the user so sign out.
If the request is successful the response will have an HTTP status of 204 No Content.
If the request is unsuccessful, the response will have a status of 401 Unauthorized.
The changepw
action expects a PATCH of passwords
specifying the old
and
new
.
If the request is successful the response will have an HTTP status of 204 No Content.
If the request is unsuccessful the reponse will have an HTTP status of 400 Bad Request.
The sign-out
and change-password
requests must include a valid HTTP header
Authorization: Token token=<token>
or they will be rejected with a status of
401 Unauthorized.
All application requests must include a valid HTTP header Authorization: Token token=<token>
or they will be rejected with a status of 401 Unauthorized.
All of the application actions must follow the RESTful style.
Records are associated with users. Users must be signed in with a token to retrieve a record. If this requirement is unmet, the response will be 401 Unauthorized.
Summary:
Request | Response | |||
---|---|---|---|---|
Verb | URI | body | Status | body |
GET | `/records` | n/a | 200, OK | records found |
The default is to retrieve all records associated with the user.. | 401 Unauthorized | empty | ||
POST | `/records` | n/a | 201, Created | record created |
401 Unauthorized | empty | |||
400 Bad Request | errors | |||
GET | `/records/:id` | n/a | 200, OK | record found |
401 Unauthorized | empty | |||
404 Not Found | empty | |||
PATCH | `/records/:id` | empty | 200, OK | record updated |
400 Bad Request | errors | |||
400 Bad Request | empty | |||
PATCH | `/records/:id` | record delta | 200, OK | record updated |
400 Bad Request | errors | |||
404 Not Found | empty |
The index
action is a GET that retrieves all the records associated with a
user.
The response body will contain JSON containing an array of records, e.g.:
{
"records": [
{
"id": 1,
"symptom": "High fever",
"date": "2016-03-12",
"details": "Woke up with a fever today. It lasted for about 1-week",
"user_id": 9
},
]
}
If there are no records associated with the user, the response body will contain an empty records array, e.g.:
{
"records": [
]
}
The create
action expects a POST with an empty body (e.g ''
or '{}'
if
JSON).
If the request is successful, the response will have an HTTP Status of 201
Created, and the body will contain JSON of the created record with user_id
set
to the user calling create
, e.g.:
{
"record": {
"id": 1,
"symptom": "",
"date": "",
"details": "",
"user_id": 9
},
}
If the request is unsuccessful, the response will have an HTTP Status of 400 Bad Request, and the response body will be JSON describing the errors.
The show
action is a GET specifing the id
of the record to retrieve.
If the request is successful the status will be 200, OK, and the response body
will contain JSON for the record requested, e.g.:
{
"record": {
"id": 1,
"symptom": "High fever",
"date": "2016-03-12",
"details": "Woke up with a fever today. It lasted for about 1-week",
"user_id": 9
},
}
This update
action expects a PATCH with changes to to an existing record's details,
e.g.:
<form>
<input details="record.details" type="text" value="Woke up with a fever today. It lasted for about 1.5-weeks">
</form>
{
"record": {
"id": 1,
"details": "Woke up with a fever today. It lasted for about 1.5-week",
},
}
If the request is successful, the response will have an HTTP Status of 200 OK, and the body will be JSON containing the modified record, e.g.:
{
"record": {
"id": 1,
"symptom": "High fever",
"date": "2016-03-12",
"details": "Woke up with a fever today. It lasted for about 1.5-week",
"user_id": 9
},
}
If the request is unsuccessful, the response will have an HTTP Status of 400 Bad Request, and the response body will be JSON describing the errors.
##Resources
- Ember Front-end repo https://github.com/V4Vince/BioTrackr-client
- Live App https://v4vince.github.io/BioTrackr-client/