Note-Taking RESTful API with Google OAuth

A RESTful API for a simple note-taking application. Users can create, read, update, and delete notes. The API is secured using Google OAuth for authentication.

Created by: Jhon Kenneth Alcala

---

Project Setup

1. Clone the repository.

2. Install dependencies:

npm install

Run tests

# unit tests

$ npm run test

MongoDB Setup

Create a MongoDB Cluster

• Go to https://www.mongodb.com/cloud/atlas/register and sign in with your Google account.

• You will redirect to this UI

• Then click the clusters > click +Create

• Select the Free Cluster. Optionally, rename it and click Create Deployment.

• Then it will show something like this

• Click drivers

• Copy the connectionString. This is an example

mongodb+srv://<db_username>:<db_password>@notes-cluster-v2.4jgvu5b.mongodb.net/?appName=notes-cluster-v2

• Replace <db_username> and <db_password> with your credentials.

• Set the connection string in your .env file:

MONGODB_URI=<mongodb_uri>

MongoDB username and password

• Go to Database & Network Access > Add New Database User

• Build-in Role. Set the role to Atlas Admin

• In the Bottom , select Add user

MongoDB Cluster

• Navigate to Database > Cluster > Browse Collection to view or manage your data.

Google OAuth Setup

• Go to this website https://console.cloud.google.com/

• Sign in with a Google account

• You will be prompted to this UI

• Then click the Select a project

• Click the New Project

• Change the name to your desired name. Then click Create

• When you successfully create a project, click the project

• The Cloud Hub UI will appear

Create API Google ID and Secret

• Click on API & Services > Credentials > Choose OAuth consent screen

• Click the Create OAuth

• It will show something like this

Note - Application Type should be Web Application change the name in your desired name.

• Authorized JavaScript origins should be http://localhost:3000

• Authorized redirect URIs should be http://localhost:3000/api/auth/google/callback

• Then click Create

This is the result of successful creation.

Replace the client id and client secret in .env

GOOGLE_CLIENT_ID=<id>

GOOGLE_CLIENT_SECRET=<secret>

GOOGLE_CALLBACK_URL=http://localhost:3000/api/auth/google/callback

Download POSTman

1. Go to https://www.postman.com/downloads/

2. Download the Windows 64-bit

3. After installing it , you need to log in to Gmail. It will show something like this

Compile and run the project

# development

$ npm run start

# watch mode

$ npm run start:dev

Run the project

1. Go to http://localhost:3000/api/auth/google

• Sign in to your Gmail. After that, it will show something like this

Note: Copy the Token and save it in a notepad. The token will be used for the authentication of creating/updating/deleting/getting notes.

• Then, if you go to MongoDB, it will show the created user

Using the API Call

1. From POSTman, create a new request by clicking the + button

API/POST

• For API POST, use the following URL:

http://localhost:3000/api/notes

• You need to add authorization, and then Auth Type should be Token, and then paste the copied token

• Then go to the body and paste the following

{

  "title": "Sample Note 1",

  "content": "Hey hey hey",

  "tags": ["personal", "todo"],

  "category": "Daily"

}

• The postman should have a result.

• It will save to MongoDB

API/GET

• For API GET, use the following URL:

http://localhost:3000/api/notes

• You need to add authorization, and then Auth Type should be Token, and then paste the copied token

The result should be like this.

{

    "total": 1,

    "page": 1,

    "limit": 5,

    "totalPages": 1,

    "notes": [

        {

            "_id": "6909e867bc59f059954f9180",

            "title": "Sample Note 1",

            "content": "Hey hey hey",

            "userId": "6909cb10498f6d43577d3769",

            "createdAt": "2025-11-04T11:49:59.110Z",

            "updatedAt": "2025-11-04T11:49:59.110Z",

            "__v": 0

        }

    ]

}

Using the note ID

• For API GET with noteId, used the following URL:

http://localhost:3000/api/notes/noteId

• You need to add authorization, and then Auth Type should be Token, and then paste the copied token

API/PUT

For API PUT, use the following URL:

http://localhost:3000/api/notes/noteId

• You need to add authorization, and then Auth Type should be Token, and then paste the copied token

• Sample body that needs to be sent

{

  "title": "Sample Note 2",

  "content": "No No No",

  "tags": ["personal", "todo"],

  "category": "Daily"

}

The result will be

and it will update it in the MongoDB

API/DELETE

For API DELETE, use the following URL:

http://localhost:3000/api/notes/noteId

• You need to add authorization, and then Auth Type should be Token, and then paste the copied token

NOTE: - Only Admin Role can delete a record. If the role is user, it will prompt an error

{

    "message": "Forbidden Access. Admin access only",

    "error": "Forbidden",

    "statusCode": 403

}

• If the role is Admin, it should be deleted successfully

Make the role become an admin

• Update it in MongoDB in the users collection, change the role to admin

• Restart the App