ae586f6134
Bloc A - Code mort: - Suppression Studio (components, views, features) - Suppression gamification + services mock (projectService, storageService, gamificationService) - Mise à jour Sidebar, Navbar, locales Bloc B - Frontend: - Suppression modal.tsx deprecated, Modal.stories (doublon Dialog) - Feature flags: PLAYLIST_SEARCH, PLAYLIST_RECOMMENDATIONS, ROLE_MANAGEMENT = true - Suppression 19 tests orphelins, retrait exclusions vitest.config Bloc C - Backend: - Extraction routes_auth.go depuis router.go Bloc D - Rust: - Suppression security_legacy.rs (code mort, patterns déjà dans security/)
40 KiB
Veza Backend API Documentation
Table of Contents
Overview
The Veza Backend API is a RESTful API that provides endpoints for managing audio tracks, playlists, users, marketplace, analytics, and more. The API uses JSON for request and response payloads and follows REST conventions.
API Version: v1
Base Path: /api/v1
Content-Type: application/json
Base URL
- Production:
https://api.veza.app - Staging:
https://staging-api.veza.app - Development:
http://localhost:8080
Authentication
Most endpoints require authentication using JWT (JSON Web Tokens). Include the access token in the Authorization header:
Authorization: Bearer <access_token>
Getting an Access Token
- Register a new user or login
- Receive
access_tokenin the response body - Receive
refresh_tokenin an httpOnly cookie (automatically sent by browser) - Use
access_tokenfor authenticated requests - Use the refresh token cookie to get a new
access_tokenwhen it expires
Token Expiration
- Access Token: Valid for 24 hours
- Refresh Token: Valid for 30 days (or 90 days if "remember me" is selected)
Authentication Cookies
Refresh Token Cookie
After successful login or token refresh, a refresh_token cookie is set with the following properties:
- Name:
refresh_token - HttpOnly:
true(not accessible via JavaScript - prevents XSS attacks) - Secure:
truein production,falsein development (HTTPS only in production) - SameSite:
strictin production,laxin development (prevents CSRF attacks) - Path:
/ - Max-Age: 30 days (or 90 days if "remember me" is selected)
Important: The refresh token is NOT returned in the JSON response body for security reasons. It is only available as an httpOnly cookie that is automatically sent by the browser with each request.
Using Refresh Token
To refresh your access token, make a POST request to /auth/refresh:
# The refresh token cookie is automatically sent by the browser
curl -X POST http://localhost:8080/api/v1/auth/refresh \
-H "Content-Type: application/json" \
--cookie "refresh_token=<token>" \
-b cookies.txt -c cookies.txt
The new access token will be returned in the response body, and a new refresh token cookie will be set automatically.
Cookie Configuration
The cookie security settings can be configured via environment variables:
COOKIE_SECURE:truein production (HTTPS only),falsein developmentCOOKIE_SAME_SITE:strict(production),lax(development)COOKIE_DOMAIN: Domain for the cookie (empty for current domain)COOKIE_HTTP_ONLY: Alwaystruefor refresh tokensCOOKIE_PATH: Cookie path (default:/)
Note: In development, cookies work with http://localhost when COOKIE_SECURE=false and COOKIE_SAME_SITE=lax.
Error Handling
All errors follow a consistent format:
{
"success": false,
"error": {
"code": "ERROR_CODE",
"message": "Human-readable error message",
"details": []
}
}
HTTP Status Codes
200 OK- Request successful201 Created- Resource created successfully400 Bad Request- Invalid request parameters401 Unauthorized- Missing or invalid authentication403 Forbidden- Insufficient permissions404 Not Found- Resource not found409 Conflict- Resource conflict (e.g., duplicate)422 Unprocessable Entity- Validation error429 Too Many Requests- Rate limit exceeded500 Internal Server Error- Server error
Rate Limiting
Rate limiting is applied to prevent abuse. Limits vary by endpoint:
- Global: 100 requests per minute per IP
- Login/Register: 5 requests per minute per IP
- Email Verification: 3 requests per hour per email
- Upload: 10 uploads per hour per user
Rate limit headers are included in responses:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1640995200
Pagination
List endpoints support pagination using query parameters:
page- Page number (default: 1)limit- Items per page (default: 20, max: 100)
Response includes pagination metadata:
{
"success": true,
"data": {
"items": [...],
"pagination": {
"page": 1,
"limit": 20,
"total": 150,
"total_pages": 8
}
}
}
Endpoints
Authentication Endpoints
Register User
Create a new user account.
Endpoint: POST /api/v1/auth/register
Request Body:
{
"username": "johndoe",
"email": "john@example.com",
"password": "SecurePassword123!",
"password_confirm": "SecurePassword123!"
}
Response (201 Created):
{
"success": true,
"data": {
"user": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"username": "johndoe",
"email": "john@example.com"
},
"token": {
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 86400
}
}
}
Login
Authenticate and receive tokens.
Endpoint: POST /api/v1/auth/login
Request Body:
{
"email": "john@example.com",
"password": "SecurePassword123!",
"remember_me": false
}
Response (200 OK):
{
"success": true,
"data": {
"user": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"username": "johndoe",
"email": "john@example.com"
},
"token": {
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 86400
},
"requires_2fa": false
}
}
Refresh Token
Get a new access token using refresh token.
Endpoint: POST /api/v1/auth/refresh
Request Body:
{
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Response (200 OK):
{
"success": true,
"data": {
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 86400
}
}
Logout
Revoke refresh token and current session.
Endpoint: POST /api/v1/auth/logout
Headers: Authorization: Bearer <token>
Request Body:
{
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Response (200 OK):
{
"success": true,
"data": {
"message": "Logged out successfully"
}
}
Get Current User
Get profile information of the currently logged-in user.
Endpoint: GET /api/v1/auth/me
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"username": "johndoe",
"email": "john@example.com",
"role": "user"
}
}
Check Username Availability
Check if a username is available.
Endpoint: GET /api/v1/auth/check-username?username=johndoe
Response (200 OK):
{
"success": true,
"data": {
"username": "johndoe",
"available": true
}
}
Verify Email
Verify user email address using a token.
Endpoint: POST /api/v1/auth/verify-email?token=verification_token_here
Response (200 OK):
{
"success": true,
"data": {
"message": "Email verified successfully"
}
}
Resend Verification Email
Resend the email verification link.
Endpoint: POST /api/v1/auth/resend-verification
Request Body:
{
"email": "john@example.com"
}
Response (200 OK):
{
"success": true,
"data": {
"message": "Verification email sent"
}
}
User Endpoints
Get User Profile
Get public profile information for a user.
Endpoint: GET /api/v1/users/{id}
Response (200 OK):
{
"success": true,
"data": {
"profile": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"username": "johndoe",
"email": "john@example.com",
"bio": "Music producer",
"avatar": "https://cdn.veza.app/avatars/user123.jpg",
"location": "Paris, France",
"created_at": "2025-01-01T00:00:00Z"
}
}
}
Get User Profile by Username
Get public profile information by username.
Endpoint: GET /api/v1/users/by-username/{username}
Response (200 OK):
{
"success": true,
"data": {
"profile": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"username": "johndoe",
"bio": "Music producer",
"avatar": "https://cdn.veza.app/avatars/user123.jpg"
}
}
}
Update Profile
Update user profile details.
Endpoint: PUT /api/v1/users/{id}
Headers: Authorization: Bearer <token>
Request Body:
{
"username": "johndoe",
"bio": "Updated bio",
"first_name": "John",
"last_name": "Doe",
"location": "New York, USA",
"gender": "Male"
}
Response (200 OK):
{
"success": true,
"data": {
"profile": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"username": "johndoe",
"bio": "Updated bio",
"first_name": "John",
"last_name": "Doe"
}
}
}
Get Profile Completion
Get profile completion percentage and missing fields.
Endpoint: GET /api/v1/users/{id}/completion
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"completion_percentage": 75,
"missing_fields": ["bio", "avatar"]
}
}
Track Endpoints
List Tracks
Get a paginated list of tracks with filters.
Endpoint: GET /api/v1/tracks
Query Parameters:
page(optional) - Page number (default: 1)limit(optional) - Items per page (default: 20, max: 100)user_id(optional) - Filter by user IDgenre(optional) - Filter by genreformat(optional) - Filter by format (mp3, flac, wav)sort_by(optional) - Sort field (default: created_at)sort_order(optional) - Sort order: asc/desc (default: desc)
Response (200 OK):
{
"success": true,
"data": {
"tracks": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "My Track",
"artist": "John Doe",
"duration": 180,
"format": "mp3",
"genre": "Electronic",
"is_public": true,
"created_at": "2025-01-01T00:00:00Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 150,
"total_pages": 8
}
}
}
Search Tracks
Search tracks with advanced filters.
Endpoint: GET /api/v1/tracks/search
Query Parameters:
q(optional) - Search querygenre(optional) - Filter by genreformat(optional) - Filter by formatmin_duration(optional) - Minimum duration in secondsmax_duration(optional) - Maximum duration in secondsstart_date(optional) - Start date (RFC3339)end_date(optional) - End date (RFC3339)sort_by(optional) - Sort field (title, popularity, created_at)sort_order(optional) - Sort order (asc/desc)page(optional) - Page numberlimit(optional) - Items per page
Response (200 OK):
{
"tracks": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "My Track",
"artist": "John Doe",
"duration": 180
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 50,
"total_pages": 3
}
}
Get Track
Get detailed information about a track.
Endpoint: GET /api/v1/tracks/{id}
Response (200 OK):
{
"success": true,
"data": {
"track": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "My Track",
"artist": "John Doe",
"album": "My Album",
"duration": 180,
"format": "mp3",
"file_size": 5242880,
"genre": "Electronic",
"year": 2025,
"is_public": true,
"like_count": 42,
"play_count": 150,
"created_at": "2025-01-01T00:00:00Z"
}
}
}
Upload Track
Upload a new track (audio file).
Endpoint: POST /api/v1/tracks
Headers:
Authorization: Bearer <token>Content-Type: multipart/form-data
Form Data:
file(required) - Audio file (MP3, WAV, FLAC, OGG)
Response (201 Created):
{
"success": true,
"data": {
"track": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "My Track",
"status": "processing",
"created_at": "2025-01-01T00:00:00Z"
}
}
}
Update Track
Update track metadata.
Endpoint: PUT /api/v1/tracks/{id}
Headers: Authorization: Bearer <token>
Request Body:
{
"title": "Updated Title",
"artist": "Updated Artist",
"album": "Updated Album",
"genre": "Rock",
"year": 2025,
"is_public": true
}
Response (200 OK):
{
"success": true,
"data": {
"track": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "Updated Title",
"artist": "Updated Artist"
}
}
}
Delete Track
Permanently delete a track.
Endpoint: DELETE /api/v1/tracks/{id}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "Track deleted successfully"
}
}
Get Track Stats
Get statistics for a track.
Endpoint: GET /api/v1/tracks/{id}/stats
Response (200 OK):
{
"success": true,
"data": {
"stats": {
"total_plays": 150,
"unique_listeners": 45,
"average_duration": 165.5,
"completion_rate": 78.5
}
}
}
Download Track
Download a track file.
Endpoint: GET /api/v1/tracks/{id}/download
Response (200 OK):
- Binary file download with appropriate
Content-Typeheader
Like Track
Like a track.
Endpoint: POST /api/v1/tracks/{id}/like
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "Track liked"
}
}
Unlike Track
Remove like from a track.
Endpoint: DELETE /api/v1/tracks/{id}/like
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "Track unliked"
}
}
Get Track Likes
Get list of users who liked a track.
Endpoint: GET /api/v1/tracks/{id}/likes
Response (200 OK):
{
"success": true,
"data": {
"likes": [
{
"user_id": "550e8400-e29b-41d4-a716-446655440000",
"username": "johndoe",
"liked_at": "2025-01-01T00:00:00Z"
}
],
"total": 42
}
}
Initiate Chunked Upload
Start a new chunked upload session.
Endpoint: POST /api/v1/tracks/initiate
Headers: Authorization: Bearer <token>
Request Body:
{
"filename": "my-track.mp3",
"total_chunks": 10,
"total_size": 52428800
}
Response (200 OK):
{
"success": true,
"data": {
"upload_id": "550e8400-e29b-41d4-a716-446655440000",
"message": "Upload session initiated"
}
}
Upload Chunk
Upload a single chunk of a file.
Endpoint: POST /api/v1/tracks/chunk
Headers:
Authorization: Bearer <token>Content-Type: multipart/form-data
Form Data:
chunk(required) - Chunk file dataupload_id(required) - Upload session IDchunk_number(required) - Chunk number (1-based)total_chunks(required) - Total number of chunkstotal_size(required) - Total file size in bytesfilename(required) - Original filename
Response (200 OK):
{
"success": true,
"data": {
"upload_id": "550e8400-e29b-41d4-a716-446655440000",
"received_chunks": 5,
"progress": 50.0,
"message": "Chunk uploaded successfully"
}
}
Complete Chunked Upload
Finish upload session and assemble file.
Endpoint: POST /api/v1/tracks/complete
Headers: Authorization: Bearer <token>
Request Body:
{
"upload_id": "550e8400-e29b-41d4-a716-446655440000"
}
Response (201 Created):
{
"success": true,
"data": {
"track": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "my-track",
"status": "processing"
},
"md5": "d41d8cd98f00b204e9800998ecf8427e",
"message": "Upload completed"
}
}
Get Upload Status
Get the processing status of an uploaded track.
Endpoint: GET /api/v1/tracks/{id}/status
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"status": "processing",
"progress": 75
}
}
Get Upload Quota
Get remaining upload quota for the user.
Endpoint: GET /api/v1/tracks/quota/{id}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"quota": {
"used": 524288000,
"limit": 1073741824,
"remaining": 549453824,
"percentage_used": 48.8
}
}
}
Resume Upload
Get state of an interrupted upload.
Endpoint: GET /api/v1/tracks/resume/{uploadId}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"upload_id": "550e8400-e29b-41d4-a716-446655440000",
"chunks_received": 7,
"total_chunks": 10
}
}
Batch Delete Tracks
Delete multiple tracks at once.
Endpoint: POST /api/v1/tracks/batch/delete
Headers: Authorization: Bearer <token>
Request Body:
{
"track_ids": [
"550e8400-e29b-41d4-a716-446655440000",
"660e8400-e29b-41d4-a716-446655440001"
]
}
Response (200 OK):
{
"success": true,
"data": {
"deleted": [
"550e8400-e29b-41d4-a716-446655440000",
"660e8400-e29b-41d4-a716-446655440001"
],
"failed": {}
}
}
Record Play
Record a track play event.
Endpoint: POST /api/v1/tracks/{id}/play
Headers: Authorization: Bearer <token>
Request Body:
{
"duration": 120,
"device": "Chrome Browser"
}
Response (200 OK):
{
"success": true,
"data": {
"message": "Play event recorded",
"id": "550e8400-e29b-41d4-a716-446655440000"
}
}
Playlist Endpoints
List Playlists
Get a paginated list of playlists.
Endpoint: GET /api/v1/playlists
Headers: Authorization: Bearer <token>
Query Parameters:
page(optional) - Page number (default: 1)limit(optional) - Items per page (default: 20)user_id(optional) - Filter by user ID
Response (200 OK):
{
"success": true,
"data": {
"playlists": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "My Playlist",
"description": "A great playlist",
"is_public": true,
"track_count": 10,
"follower_count": 5,
"created_at": "2025-01-01T00:00:00Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 50,
"total_pages": 3
}
}
}
Search Playlists
Search playlists with filters.
Endpoint: GET /api/v1/playlists/search
Headers: Authorization: Bearer <token>
Query Parameters:
q(optional) - Search queryuser_id(optional) - Filter by user IDis_public(optional) - Filter by public status (true/false)page(optional) - Page numberlimit(optional) - Items per page
Response (200 OK):
{
"success": true,
"data": {
"playlists": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "My Playlist",
"is_public": true
}
],
"total": 25,
"page": 1,
"limit": 20
}
}
Get Playlist
Get detailed information about a playlist.
Endpoint: GET /api/v1/playlists/{id}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"playlist": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "My Playlist",
"description": "A great playlist",
"is_public": true,
"track_count": 10,
"tracks": [
{
"id": "660e8400-e29b-41d4-a716-446655440001",
"title": "Track 1",
"position": 1
}
],
"created_at": "2025-01-01T00:00:00Z"
}
}
}
Create Playlist
Create a new playlist.
Endpoint: POST /api/v1/playlists
Headers: Authorization: Bearer <token>
Request Body:
{
"title": "My New Playlist",
"description": "A great playlist",
"is_public": true
}
Response (201 Created):
{
"success": true,
"data": {
"playlist": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "My New Playlist",
"description": "A great playlist",
"is_public": true,
"track_count": 0,
"created_at": "2025-01-01T00:00:00Z"
}
}
}
Update Playlist
Update playlist metadata.
Endpoint: PUT /api/v1/playlists/{id}
Headers: Authorization: Bearer <token>
Request Body:
{
"title": "Updated Playlist Title",
"description": "Updated description",
"is_public": false
}
Response (200 OK):
{
"success": true,
"data": {
"playlist": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "Updated Playlist Title",
"description": "Updated description"
}
}
}
Delete Playlist
Permanently delete a playlist.
Endpoint: DELETE /api/v1/playlists/{id}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "Playlist deleted successfully"
}
}
Add Track to Playlist
Add a track to the playlist.
Endpoint: POST /api/v1/playlists/{id}/tracks
Headers: Authorization: Bearer <token>
Request Body:
{
"track_id": "660e8400-e29b-41d4-a716-446655440001"
}
Response (200 OK):
{
"success": true,
"data": {
"message": "Track added to playlist"
}
}
Remove Track from Playlist
Remove a track from the playlist.
Endpoint: DELETE /api/v1/playlists/{id}/tracks/{track_id}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "Track removed from playlist"
}
}
Reorder Tracks
Reorder tracks in the playlist.
Endpoint: PUT /api/v1/playlists/{id}/tracks/reorder
Headers: Authorization: Bearer <token>
Request Body:
{
"track_ids": [
"660e8400-e29b-41d4-a716-446655440001",
"770e8400-e29b-41d4-a716-446655440002",
"880e8400-e29b-41d4-a716-446655440003"
]
}
Response (200 OK):
{
"success": true,
"data": {
"message": "Tracks reordered successfully"
}
}
Get Playlist Recommendations
Get playlist recommendations.
Endpoint: GET /api/v1/playlists/recommendations
Headers: Authorization: Bearer <token>
Query Parameters:
limit(optional) - Number of recommendations (default: 10)
Response (200 OK):
{
"success": true,
"data": {
"playlists": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "Recommended Playlist",
"is_public": true
}
]
}
}
Add Collaborator
Add a collaborator to a playlist.
Endpoint: POST /api/v1/playlists/{id}/collaborators
Headers: Authorization: Bearer <token>
Request Body:
{
"user_id": "990e8400-e29b-41d4-a716-446655440004",
"permission": "write"
}
Response (200 OK):
{
"success": true,
"data": {
"message": "Collaborator added successfully"
}
}
Get Collaborators
Get list of collaborators for a playlist.
Endpoint: GET /api/v1/playlists/{id}/collaborators
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"collaborators": [
{
"id": "990e8400-e29b-41d4-a716-446655440004",
"username": "collaborator",
"permission": "write",
"added_at": "2025-01-01T00:00:00Z"
}
]
}
}
Update Collaborator Permission
Update collaborator permission.
Endpoint: PUT /api/v1/playlists/{id}/collaborators/{userId}
Headers: Authorization: Bearer <token>
Request Body:
{
"permission": "admin"
}
Response (200 OK):
{
"success": true,
"data": {
"message": "Collaborator permission updated"
}
}
Remove Collaborator
Remove a collaborator from a playlist.
Endpoint: DELETE /api/v1/playlists/{id}/collaborators/{userId}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "Collaborator removed successfully"
}
}
Create Share Link
Create a share link for a playlist.
Endpoint: POST /api/v1/playlists/{id}/share
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"share_token": "abc123def456",
"share_url": "https://veza.app/playlists/shared/abc123def456",
"expires_at": "2025-12-31T23:59:59Z"
}
}
Marketplace Endpoints
List Products
List marketplace products with filters.
Endpoint: GET /api/v1/marketplace/products
Query Parameters:
status(optional) - Product status (draft, active, archived)seller_id(optional) - Filter by seller ID
Response (200 OK):
{
"success": true,
"data": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "My Product",
"description": "A great track for sale",
"price": 9.99,
"currency": "EUR",
"status": "active",
"product_type": "track",
"seller_id": "660e8400-e29b-41d4-a716-446655440001",
"created_at": "2025-01-01T00:00:00Z"
}
]
}
Create Product
Create a product (Track, Pack, Service) for sale.
Endpoint: POST /api/v1/marketplace/products
Headers: Authorization: Bearer <token>
Request Body:
{
"title": "My Product",
"description": "A great track for sale",
"price": 9.99,
"product_type": "track",
"track_id": "770e8400-e29b-41d4-a716-446655440002",
"license_type": "standard"
}
Response (201 Created):
{
"success": true,
"data": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "My Product",
"price": 9.99,
"status": "active",
"created_at": "2025-01-01T00:00:00Z"
}
}
Update Product
Update product details (only seller can update).
Endpoint: PUT /api/v1/marketplace/products/{id}
Headers: Authorization: Bearer <token>
Request Body:
{
"title": "Updated Product Title",
"price": 12.99,
"status": "active"
}
Response (200 OK):
{
"success": true,
"data": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"title": "Updated Product Title",
"price": 12.99
}
}
Create Order
Purchase products.
Endpoint: POST /api/v1/marketplace/orders
Headers: Authorization: Bearer <token>
Request Body:
{
"items": [
{
"product_id": "550e8400-e29b-41d4-a716-446655440000"
}
]
}
Response (201 Created):
{
"success": true,
"data": {
"id": "880e8400-e29b-41d4-a716-446655440003",
"buyer_id": "990e8400-e29b-41d4-a716-446655440004",
"total_amount": 9.99,
"currency": "EUR",
"status": "completed",
"items": [
{
"product_id": "550e8400-e29b-41d4-a716-446655440000",
"price": 9.99
}
],
"created_at": "2025-01-01T00:00:00Z"
}
}
List Orders
Get all orders for the authenticated user.
Endpoint: GET /api/v1/marketplace/orders
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": [
{
"id": "880e8400-e29b-41d4-a716-446655440003",
"total_amount": 9.99,
"status": "completed",
"created_at": "2025-01-01T00:00:00Z"
}
]
}
Get Order
Get details of a specific order.
Endpoint: GET /api/v1/marketplace/orders/{id}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"id": "880e8400-e29b-41d4-a716-446655440003",
"buyer_id": "990e8400-e29b-41d4-a716-446655440004",
"total_amount": 9.99,
"currency": "EUR",
"status": "completed",
"items": [
{
"product_id": "550e8400-e29b-41d4-a716-446655440000",
"price": 9.99
}
],
"created_at": "2025-01-01T00:00:00Z"
}
}
Get Download URL
Get a secure download URL for a purchased product.
Endpoint: GET /api/v1/marketplace/download/{product_id}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"url": "https://storage.example.com/download/track123.mp3?token=abc123"
}
}
Analytics Endpoints
Record Analytics Event
Record a custom analytics event.
Endpoint: POST /api/v1/analytics/events
Headers: Authorization: Bearer <token>
Request Body:
{
"event_name": "user_interaction",
"payload": {
"action": "button_click",
"page": "home"
}
}
Response (200 OK):
{
"success": true,
"data": {
"message": "event recorded",
"event_name": "user_interaction"
}
}
Get Track Analytics Dashboard
Get comprehensive analytics dashboard for a track.
Endpoint: GET /api/v1/analytics/tracks/{id}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"dashboard": {
"track_id": "550e8400-e29b-41d4-a716-446655440000",
"stats": {
"total_plays": 150,
"unique_listeners": 45,
"average_duration": 165.5,
"completion_rate": 78.5
},
"plays_over_time": [
{
"date": "2025-01-01T00:00:00Z",
"count": 10
}
],
"period": {
"start_date": "2024-12-01T00:00:00Z",
"end_date": "2025-01-01T00:00:00Z",
"days": 30
}
}
}
}
Webhook Endpoints
Register Webhook
Register a new webhook.
Endpoint: POST /api/v1/webhooks
Headers: Authorization: Bearer <token>
Request Body:
{
"url": "https://example.com/webhook",
"events": ["track.uploaded", "playlist.created"],
"secret": "webhook_secret_key"
}
Response (201 Created):
{
"success": true,
"data": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"url": "https://example.com/webhook",
"api_key": "wh_abc123def456",
"created_at": "2025-01-01T00:00:00Z"
}
}
List Webhooks
Get all webhooks for the authenticated user.
Endpoint: GET /api/v1/webhooks
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"url": "https://example.com/webhook",
"events": ["track.uploaded"],
"created_at": "2025-01-01T00:00:00Z"
}
]
}
Delete Webhook
Delete a webhook.
Endpoint: DELETE /api/v1/webhooks/{id}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "Webhook deleted successfully"
}
}
Test Webhook
Test a webhook by sending a test event.
Endpoint: POST /api/v1/webhooks/{id}/test
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "Test event sent",
"status": "delivered"
}
}
Get Webhook Stats
Get statistics for webhooks.
Endpoint: GET /api/v1/webhooks/stats
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"total_webhooks": 5,
"total_events": 150,
"successful_deliveries": 145,
"failed_deliveries": 5
}
}
Regenerate API Key
Regenerate API key for a webhook.
Endpoint: POST /api/v1/webhooks/{id}/regenerate-key
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"api_key": "wh_new_abc123def456"
}
}
Chat Endpoints
Get Chat Token
Generate a short-lived token for chat authentication.
Endpoint: GET /api/v1/chat/token
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"token": "chat_token_abc123"
}
}
Get Chat Stats
Get chat statistics.
Endpoint: GET /api/v1/chat/stats
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"total_rooms": 10,
"total_messages": 500,
"active_users": 25
}
}
Search Endpoints
Search is resource-specific; there is no unified GET /api/v1/search endpoint. Use the following:
- Tracks:
GET /api/v1/tracks/search— see Search Tracks (queryq,page,limit, etc.). - Playlists:
GET /api/v1/playlists/search— see Search Playlists (queryq,user_id,is_public,page,limit). - Users:
GET /api/v1/users/search— queryq,page,limit.
Pagination: page must be >= 1, limit between 1 and 100; otherwise the API returns 400 with a clear message.
Comment Endpoints
Get Comments
Get comments for a track.
Endpoint: GET /api/v1/tracks/{id}/comments
Response (200 OK):
{
"success": true,
"data": {
"comments": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"user_id": "660e8400-e29b-41d4-a716-446655440001",
"username": "johndoe",
"content": "Great track!",
"created_at": "2025-01-01T00:00:00Z"
}
]
}
}
Create Comment
Create a comment on a track.
Endpoint: POST /api/v1/tracks/{id}/comments
Headers: Authorization: Bearer <token>
Request Body:
{
"content": "Great track!"
}
Response (201 Created):
{
"success": true,
"data": {
"comment": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"content": "Great track!",
"created_at": "2025-01-01T00:00:00Z"
}
}
}
Delete Comment
Delete a comment.
Endpoint: DELETE /api/v1/comments/{id}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "Comment deleted successfully"
}
}
Role Endpoints
Get Roles
Get all available roles.
Endpoint: GET /api/v1/roles
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"roles": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "admin",
"permissions": ["all"]
}
]
}
}
Get Role
Get details of a specific role.
Endpoint: GET /api/v1/roles/{id}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"role": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "admin",
"permissions": ["all"]
}
}
}
Notification Endpoints
Get Notifications
Get notifications for the authenticated user.
Endpoint: GET /api/v1/notifications
Headers: Authorization: Bearer <token>
Query Parameters:
page(optional) - Page numberlimit(optional) - Items per pageunread_only(optional) - Filter unread only (true/false)
Response (200 OK):
{
"success": true,
"data": {
"notifications": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"type": "track_liked",
"message": "Your track was liked",
"read": false,
"created_at": "2025-01-01T00:00:00Z"
}
]
}
}
Mark Notification as Read
Mark a notification as read.
Endpoint: POST /api/v1/notifications/{id}/read
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "Notification marked as read"
}
}
Mark All Notifications as Read
Mark all notifications as read.
Endpoint: POST /api/v1/notifications/read-all
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "All notifications marked as read"
}
}
Session Endpoints
Get Sessions
Get all active sessions for the authenticated user.
Endpoint: GET /api/v1/sessions
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"sessions": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"ip_address": "192.168.1.1",
"user_agent": "Mozilla/5.0...",
"created_at": "2025-01-01T00:00:00Z",
"last_activity": "2025-01-01T12:00:00Z"
}
]
}
}
Logout Session
Logout from a specific session.
Endpoint: POST /api/v1/sessions/logout
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "Logged out successfully"
}
}
Logout All Sessions
Logout from all sessions.
Endpoint: POST /api/v1/sessions/logout-all
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "Logged out from all sessions"
}
}
Revoke Session
Revoke a specific session.
Endpoint: DELETE /api/v1/sessions/{session_id}
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"message": "Session revoked successfully"
}
}
Get Session Stats
Get session statistics.
Endpoint: GET /api/v1/sessions/stats
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"total_sessions": 5,
"active_sessions": 3
}
}
Upload Endpoints
Upload File
Upload a file.
Endpoint: POST /api/v1/uploads
Headers:
Authorization: Bearer <token>Content-Type: multipart/form-data
Form Data:
file(required) - File to upload
Response (201 Created):
{
"success": true,
"data": {
"upload_id": "550e8400-e29b-41d4-a716-446655440000",
"status": "processing"
}
}
Get Upload Status
Get upload status.
Endpoint: GET /api/v1/uploads/{id}/status
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"status": "completed",
"progress": 100
}
}
Audit Endpoints
Search Audit Logs
Search audit logs.
Endpoint: GET /api/v1/audit/logs
Headers: Authorization: Bearer <token>
Query Parameters:
user_id(optional) - Filter by user IDaction(optional) - Filter by actionstart_date(optional) - Start date (RFC3339)end_date(optional) - End date (RFC3339)page(optional) - Page numberlimit(optional) - Items per page
Response (200 OK):
{
"success": true,
"data": {
"logs": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"user_id": "660e8400-e29b-41d4-a716-446655440001",
"action": "track.uploaded",
"ip_address": "192.168.1.1",
"created_at": "2025-01-01T00:00:00Z"
}
]
}
}
Get Audit Stats
Get audit statistics.
Endpoint: GET /api/v1/audit/stats
Headers: Authorization: Bearer <token>
Response (200 OK):
{
"success": true,
"data": {
"total_logs": 1000,
"actions_count": {
"track.uploaded": 500,
"playlist.created": 300
}
}
}
Admin Endpoints
All admin endpoints require admin role.
Get Audit Logs (Admin)
Endpoint: GET /api/v1/admin/audit/logs
Headers: Authorization: Bearer <token>
Get Audit Stats (Admin)
Endpoint: GET /api/v1/admin/audit/stats
Headers: Authorization: Bearer <token>
Detect Suspicious Activity (Admin)
Endpoint: GET /api/v1/admin/audit/suspicious
Headers: Authorization: Bearer <token>
Additional Resources
- Swagger UI:
/swagger/index.html- Interactive API documentation - ReDoc:
/redoc- Alternative API documentation - OpenAPI Spec:
/swagger/doc.json- OpenAPI 3.0 specification
Support
For API support, please contact:
- Email: support@veza.app
- Documentation: https://docs.veza.app
- Issues: https://github.com/veza/veza-backend-api/issues