# Readme for RestAPI

Version 1
##1. /login
   
input 
    **username** : must be email  
    **password** : 4-40 chars

output: always json

```json5
{
  "login": true, //true = login ,false = failed.
  "Biukop-Session": "3c88be7a-552a-474f-8e4b-92ff22fa0e1c", //session id, for each session
  "Biukop-Mid": "a0acd59c-ffa5-439f-b415-7313b7cb1d34", //machine id, never change
  "sessionExpire": 1646338110, //unix timestamp
  "sessionExpireHuman": "Fri, 04 Mar 2022 07:08:30 +1100," // same as unix timestamp
}
```

1. **login**:  true/false indicate a successful login. but the session id and mid is the real auth mechanisms for subsequent http request.
1. **Biukop-Session**: server side auth and user tracking. 
1. **Biukop-Mid**: machine id, unique for identify this particular browser client. it should be saved to browser's local storage and comeback with every request.. 
1. **sessionExpire**: when this session id will become expire. UnixStamp for easy comparison for client, the serverside value is the key to determin whether a session has expired.  
1. **sessionExpireHuman**: for easy display and debug purpose make client's coding easy. 


## 2. /signup
User Sign up through email authentication,  a temporary code will be generated for the user to sign up for the first time. Not implemented yet.  

## 3. /logout
Client side clear the session ID and it will logout. Serverside will also clear the session when user logout. No data is kept for a dead or expired session. 

3. /loans?skip=page= GET
4. /loan/id   GET POST PUT DELETE
5. /User/id   GET POST PUT DELETE
6. /Users?skip=page= GET
7. /Broker/id  GET POST PUT DELETE
8. /Brokers
9. /rewards/roan_id/ GET
10. /reward/id POST DELETE
11. /Payouts
12. /Payout/id
13. /rbac/id  R U D
14. /audit  POST
15. /sendmessage  POST
16. /message/id  R D
17. /message_status/id POST PUT DELETE
18. /upload POST
19. /user_lists
20. /user_list/id
21. /user_list_trees
22. /user_list_tree/id