Rococoins API Documentation
Express + Mongoose User Management & Messaging System
1. Data Model (Mongoose)
User schema uses nested objects and a chats array:
| Object | Fields | Type |
|---|---|---|
| Personal | username, password, email, firstname, lastname, dateofbirth, nationality, gender, type | String / Date |
| Code | rcode, pcode, tcode | String |
| Contact | contactEmail, phone, city, state, country, street | String |
| Company | legalBussinessName, bussinesType, dateOfIncorperation, registrationNumber, registratedAddress, workEmail, workPhone, companyWebsite | String / Date |
| Ownership | ownerFullname, role, ownerDataOfBirth, residentialAddress, ownerNationality | String / Date |
| Document | certificateOfIncorporation, bussinesLicience, proofOfRegistratedAddress, taxId | String (Paths) |
| Representative | repFullname, position, idNumber, idType | String |
2. Core User Routes
POST /user/
Create new user. Validates existing users via checkUserIfExit.
GET /user/
Fetch list of all registered users.
GET /user/:id
Get detailed profile of a specific user.
PUT /user/:id
Standard user profile update.
PUT /user/admin/:id
Update user status/permissions via adminPost middleware.
DELETE /user/:id
Remove user from the system.
3. Chat System
Endpoints for pushing messages into the user or admin history.
PUT /user/user_chat/:id
Append a message from the user's side.
{ "userId": "ID", "userChats": "Hello Admin", "time": "10:30 AM" }
PUT /user/admin_chat/:id
Append a message from the admin's side.
{ "userId": "ID", "adminChats": "Hello User, how can I help?", "time": "10:31 AM" }
3. Authentication Flow
Login Response
{
"success": true,
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Verify Token
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Verify Success Response
{
"_id": "65b2f...",
"personal": { "username": "john", "email": "john@email.com" },
"contact": { "city": "NY", "phone": "123456789" },
"company": { "legalBussinessName": "ABC LTD" }
}
• JWT is signed using
process.env.KEY• Token expires in 1 hour
• Password is excluded using
.select("-personal.password")• Passwords should be hashed using
bcrypt
4. Email Configuration
Configured with Nodemailer SMTP:
EMAIL_HOST=rococoins.com
EMAIL_USER=resetpassword@rococoins.com
EMAIL_PASS=********
EMAIL_PORT=465
5. OTP (One-Time Password) Flow
Send OTP to user's email and verify it.
POST /users/otp
Generate a numeric OTP, save hashed version in DB, and send to user's email.
POST /users/verify_otp
Verify OTP sent to user.
Body: { "userId": "<id>", "otp": "<6-digit code>" }
Response Success: { "success": true, "message": "OTP verified successfully" }
Response Failure: { "success": false, "message": "Invalid or expired OTP" }