SFM-loan-Rest-Api/README.md

Readme for RestAPI

Version 1

1. /login

input

**username** : must be email  
**password** : 4-40 chars

output: always json

{
  "login": true, //true = login ,false = failed.
  "Biukop-Session": "3c88be7a-552a-474f-8e4b-92ff22fa0e1c", //session id, for each session
  "Biukop-Mid": "a0acd59c-ffa5-439f-b415-7313b7cb1d34", //machine id, never change
  "sessionExpire": 1646338110, //unix timestamp
  "sessionExpireHuman": "Fri, 04 Mar 2022 07:08:30 +1100," // same as unix timestamp
}

1. login: true/false indicate a successful login. but the session id and mid is the real auth mechanisms for subsequent http request.
2. Biukop-Session: server side auth and user tracking.
3. Biukop-Mid: machine id, unique for identify this particular browser client. it should be saved to browser’s local storage and comeback with every request..
4. sessionExpire: when this session id will become expire. UnixStamp for easy comparison for client, the serverside value is the key to determin whether a session has expired.
   
5. sessionExpireHuman: for easy display and debug purpose make client’s coding easy.

2. /signup

User Sign up through email authentication, a temporary code will be generated for the user to sign up for the first time. Not implemented yet.

3. /logout

Client side clear the session ID and it will logout. Serverside will also clear the session when user logout. No data is kept for a dead or expired session.

1. /loans?skip=page= GET
2. /loan/id GET POST PUT DELETE
3. /User/id GET POST PUT DELETE
4. /Users?skip=page= GET
5. /Broker/id GET POST PUT DELETE
6. /Brokers
7. /rewards/roan_id/ GET
8. /reward/id POST DELETE
9. /Payouts
10. /Payout/id
11. /rbac/id R U D
12. /audit POST
13. /sendmessage POST
14. /message/id R D
15. /message_status/id POST PUT DELETE
16. /upload POST
17. /user_lists
18. /user_list/id
19. /user_list_trees
20. /user_list_tree/id