Skip to content

API Reference — Exhaustive Route Index

Part of the Aashray Technical Reference. This is a pure route index with no single business-logic pairing — it spans every domain. Related: Admin Panel Map, Discrepancies.

Complete index of every HTTP endpoint exposed by the SRATRC / Vitraag Vigyaan backend (backend-main, Express + Sequelize). Every route file under routes/client/, routes/admin/, and routes/wifi/ is covered below, with full paths resolved against the router mount points in app.js.

Base URL: all routes are versioned under /api/v1/... (a few root-level exceptions noted below). Example: https://<host>/api/v1/stay/bookings.

Route groups

  • Client APIs — consumed by the Aashray mobile app. Mounted under /api/v1/client, /api/v1/stay, /api/v1/food, /api/v1/travel, /api/v1/adhyayan, /api/v1/utsav, /api/v1/maintenance, /api/v1/profile, /api/v1/location, /api/v1/razorpay, /api/v1/support, /api/v1/updates, /api/v1/guest, /api/v1/mumukshu, /api/v1/unified.
  • Admin APIs — consumed by the admin web panel. Mounted under /api/v1/admin/*, plus /api/v1/coordinator, /api/v1/short-links, and root /go/:slug.
  • WiFi APIs — the WiFi code self-service flow. Mounted under /api/v1/wifi.

Auth realms

Realm Enforced by Meaning
Client JWT validateCard middleware (middleware/validate.js) — resolves a card/user from the bearer token Signed-in Aashray app user (card holder)
Admin JWT + roles auth + authorizeRoles(...) (middleware/AdminAuth.js) Admin panel user holding at least one of the listed roles
Coordinator JWT Verified in-controller (jwt.verify on Authorization header, same SECRET) — no router middleware Bus/travel coordinator, authenticated via OTP → token
Public No auth middleware Open endpoint (login, OTP start, lookups, health, deprecated stubs)

Root / health endpoints (defined directly in app.js, not in a route file)

Method Full path Auth Purpose
GET /api Public Liveness ping ("API is up and running")
GET /api/health Public Health check + DB connection + connection-pool status

Client APIs

routes/client/auth.routes.js — mounted at /api/v1/client

Method Full path Auth Purpose Key params/body
GET /api/v1/client/logout Public Log out current session
POST /api/v1/client/updatePassword Client JWT Change password for signed-in card old/new password
POST /api/v1/client/verifyAndLogin Public Verify credentials and issue login token mobno / card + password
POST /api/v1/client/forgotPassword Public Initiate forgot-password flow mobno / identifier

routes/client/roomBooking.routes.js — mounted at /api/v1/stay

Router-wide validateCard (Client JWT).

Method Full path Auth Purpose Key params/body
POST /api/v1/stay/cancel Client JWT Cancel a room booking bookingid
POST /api/v1/stay/flat Client JWT Book a flat for mumukshu (deprecated — use unified booking) flat/date/guest details
GET /api/v1/stay/bookings Client JWT List all of the user's room bookings

routes/client/foodBooking.routes.js — mounted at /api/v1/food

Router-wide validateCard (Client JWT).

Method Full path Auth Purpose Key params/body
PATCH /api/v1/food/cancel Client JWT Cancel food booking(s) booking ids / dates
GET /api/v1/food/get Client JWT Fetch the user's food bookings date range / filters
GET /api/v1/food/getGuestsForFilter Client JWT List guests to filter food bookings by
GET /api/v1/food/menu Client JWT Fetch the food menu date

routes/client/travelBooking.routes.js — mounted at /api/v1/travel

Router-wide validateCard (Client JWT).

Method Full path Auth Purpose Key params/body
GET /api/v1/travel/booking Client JWT Fetch upcoming travel bookings
DELETE /api/v1/travel/booking Client JWT Cancel a travel booking bookingid

routes/client/adhyayanBooking.routes.js — mounted at /api/v1/adhyayan

Router-wide validateCard (Client JWT).

Method Full path Auth Purpose Key params/body
GET /api/v1/adhyayan/getall Client JWT List all shibirs (study programs)
GET /api/v1/adhyayan/getbooked Client JWT List shibirs the user has booked
DELETE /api/v1/adhyayan/cancel Client JWT Cancel a shibir booking bookingid
GET /api/v1/adhyayan/getrange Client JWT List shibirs within a date range start/end date
GET /api/v1/adhyayan/:id Client JWT Fetch a shibir by id :id
POST /api/v1/adhyayan/feedback Client JWT Submit shibir feedback shibir_id + answers
GET /api/v1/adhyayan/feedback/validate Client JWT Check whether feedback can/should be submitted shibir_id

routes/client/utsavBooking.routes.js — mounted at /api/v1/utsav

Router-wide validateCard (Client JWT).

Method Full path Auth Purpose Key params/body
GET /api/v1/utsav/upcoming Client JWT List upcoming utsavs (festivals)
GET /api/v1/utsav/booking Client JWT View the user's utsav bookings
DELETE /api/v1/utsav/booking Client JWT Cancel an utsav booking bookingid
GET /api/v1/utsav/:id Client JWT Fetch an utsav by id :id
POST /api/v1/utsav/feedback Client JWT Submit utsav feedback utsav_id + answers
GET /api/v1/utsav/feedback/validate Client JWT Check whether utsav feedback can be submitted utsav_id

routes/client/maintenaneRequest.routes.js — mounted at /api/v1/maintenance

Router-wide validateCard (Client JWT).

Method Full path Auth Purpose Key params/body
POST /api/v1/maintenance/request Client JWT Create a maintenance request department, description
GET /api/v1/maintenance/ Client JWT View the user's maintenance requests
GET /api/v1/maintenance/departments Client JWT List maintenance departments

routes/client/profile.routes.js — mounted at /api/v1/profile

Router-wide validateCard (Client JWT).

Method Full path Auth Purpose Key params/body
GET /api/v1/profile/ Client JWT Fetch the user's profile
PUT /api/v1/profile/ Client JWT Update the user's profile profile fields
POST /api/v1/profile/upload Client JWT Upload profile picture image
GET /api/v1/profile/transactions Client JWT Fetch the user's transactions
POST /api/v1/profile/notification Client JWT Register / send a push notification (FCM token) fcm token / payload

routes/client/location.routes.js — mounted at /api/v1/location

No auth middleware (Public lookups).

Method Full path Auth Purpose Key params/body
POST /api/v1/location/ Public Add / seed location data location payload
GET /api/v1/location/countries Public List countries
GET /api/v1/location/states/:country Public List states for a country :country
GET /api/v1/location/cities/:country/:state Public List cities for a country + state :country, :state
GET /api/v1/location/centres Public List SRATRC centres

routes/client/guestBooking.routes.js — mounted at /api/v1/guest

Router-wide validateCard (Client JWT).

Method Full path Auth Purpose Key params/body
GET /api/v1/guest/ Client JWT Fetch the user's guests
POST /api/v1/guest/ Client JWT Create guest record(s) guest details
POST /api/v1/guest/booking Client JWT Create a booking on behalf of guests booking payload
POST /api/v1/guest/validate Client JWT Validate a guest booking (price/availability) booking payload
POST /api/v1/guest/flat Client JWT Guest flat booking (deprecated — use unified booking) flat details
GET /api/v1/guest/check/:mobno Client JWT Check if a guest exists by mobile :mobno

routes/client/mumukshuBooking.routes.js — mounted at /api/v1/mumukshu

Router-wide validateCard (Client JWT).

Method Full path Auth Purpose Key params/body
GET /api/v1/mumukshu/ Client JWT Check whether a person is a mumukshu or guest mobno
POST /api/v1/mumukshu/booking Client JWT Create a booking for mumukshus booking payload
POST /api/v1/mumukshu/validate Client JWT Validate a mumukshu booking booking payload

routes/client/payment.routes.js — mounted at /api/v1/razorpay

Per-route middleware.

Method Full path Auth Purpose Key params/body
POST /api/v1/razorpay/verifyPayment Public Verify a Razorpay payment (signature callback) razorpay ids + signature
POST /api/v1/razorpay/pay Client JWT Create an order id for pending payments amount / booking refs
POST /api/v1/razorpay/payv2 Client JWT Create an order id for pending payments (v2) amount / booking refs

routes/client/support.routes.js — mounted at /api/v1/support

Router-wide validateCard (Client JWT).

Method Full path Auth Purpose Key params/body
POST /api/v1/support/ Client JWT Create a support ticket subject, message

routes/client/updates.routes.js — mounted at /api/v1/updates

No auth middleware (Public).

Method Full path Auth Purpose Key params/body
GET /api/v1/updates/ Public Check for a required app update (force-update gate) version / platform

routes/client/unifiedBooking.routes.js — mounted at /api/v1/unified

Router-wide validateCard (Client JWT). Both endpoints are deprecated stubs — they always throw HTTP 410 ("Please update Aashray app to continue using it").

Method Full path Auth Purpose Key params/body
POST /api/v1/unified/booking Client JWT Deprecated — returns 410
POST /api/v1/unified/validate Client JWT Deprecated — returns 410

Admin APIs

Roles referenced below come from config/constants.js (e.g. ROLE_SUPER_ADMIN, ROLE_ROOM_ADMIN, ROLE_FOOD_ADMIN, ROLE_ADHYAYAN_ADMIN, ROLE_UTSAV_ADMIN, ROLE_TRAVEL_ADMIN, ROLE_ACCOUNTS_ADMIN, ROLE_GATE_ADMIN, ROLE_WIFI_ADMIN, ROLE_CARD_ADMIN, ROLE_MAINTENANCE_ADMIN, ROLE_AVT_ADMIN, ROLE_OFFICE_ADMIN, and read-only / location-specific variants). "Admin JWT + " = auth + authorizeRoles(<roles>).

routes/admin/auth.routes.js — mounted at /api/v1/admin/auth

Method Full path Auth Purpose Key params/body
POST /api/v1/admin/auth/login Public Admin login username, password
POST /api/v1/admin/auth/create Admin JWT + SUPER_ADMIN Create a new admin user username, password, roles
POST /api/v1/admin/auth/reset-password Public Reset an admin password reset token / identifier

routes/admin/adminControls.routes.js — mounted at /api/v1/admin/sudo

Router-wide auth + authorizeRoles(SUPER_ADMIN).

Method Full path Auth Purpose Key params/body
GET /api/v1/admin/sudo/fetch_all_admins SUPER_ADMIN List all admin users
PUT /api/v1/admin/sudo/update_roles SUPER_ADMIN Update an admin's roles username, roles
PUT /api/v1/admin/sudo/deactivate/:username SUPER_ADMIN Deactivate an admin :username
PUT /api/v1/admin/sudo/activate/:username SUPER_ADMIN Activate an admin :username
POST /api/v1/admin/sudo/role/:name SUPER_ADMIN Create a role :name
GET /api/v1/admin/sudo/role SUPER_ADMIN List roles
DELETE /api/v1/admin/sudo/role/:name SUPER_ADMIN Delete a role :name

routes/admin/adhyayanManagement.routes.js — mounted at /api/v1/admin/adhyayan

Router-wide auth + authorizeRoles(OFFICE, ADHYAYAN, SUPER, DHU_ADHYAYAN, RAJ_ADHYAYAN, KOL_ADHYAYAN, ACCOUNTS, PRA_ACCOUNTS, ADHYAYAN_READ_ONLY, UTSAV).

Method Full path Auth Purpose Key params/body
POST /api/v1/admin/adhyayan/create Admin (adhyayan roles) Create a shibir shibir details
GET /api/v1/admin/adhyayan/fetchALLadhyayan Admin (adhyayan roles) Fetch all adhyayans
GET /api/v1/admin/adhyayan/fetchPGS Admin (adhyayan roles) Fetch PGS (program) list
GET /api/v1/admin/adhyayan/fetchAdhyayan Admin (adhyayan roles) Fetch adhyayans by location location
GET /api/v1/admin/adhyayan/fetch/:id Admin (adhyayan roles) Fetch a single adhyayan :id
PUT /api/v1/admin/adhyayan/update/:id Admin (adhyayan roles) Update an adhyayan :id + fields
GET /api/v1/admin/adhyayan/waitlist/:id Admin (adhyayan roles) Fetch adhyayan waitlist :id
GET /api/v1/admin/adhyayan/pendinglist/:id Admin (adhyayan roles) Fetch pending-payment list :id
GET /api/v1/admin/adhyayan/bookings Admin (adhyayan roles) Fetch adhyayan bookings filters
PUT /api/v1/admin/adhyayan/status Admin (adhyayan roles) Update booking status bookingid, status
PUT /api/v1/admin/adhyayan/attendance/toggle Admin (adhyayan roles) Toggle attendance for one booking bookingid
POST /api/v1/admin/adhyayan/attendance/bulk-toggle Admin (adhyayan roles) Bulk toggle attendance booking ids
PUT /api/v1/admin/adhyayan/:id/:activate Admin (adhyayan roles) Activate / deactivate an adhyayan :id, :activate
GET /api/v1/admin/adhyayan/fetchList Admin (adhyayan roles) Fetch adhyayan list (dropdown)
DELETE /api/v1/admin/adhyayan/:id Admin (adhyayan roles) Soft-delete a shibir :id
GET /api/v1/admin/adhyayan/feedback/:shibir_id Admin (adhyayan roles) Fetch feedback for a shibir :shibir_id
POST /api/v1/admin/adhyayan/attendance/:shibir_id/:session_no/:cardno Admin (adhyayan roles) Mark attendance for a session/card path params
GET /api/v1/admin/adhyayan/attendance/report/:shibir_id Admin (adhyayan roles) Attendance report :shibir_id
GET /api/v1/admin/adhyayan/attendance/summary/:shibir_id Admin (adhyayan roles) Attendance summary :shibir_id
POST /api/v1/admin/adhyayan/booking/admin Admin (adhyayan roles) Create an adhyayan booking on behalf of a user booking payload
POST /api/v1/admin/adhyayan/attendance/create Admin (adhyayan roles) Create an attendance entry manually shibir/session/card

routes/admin/cardManagement.routes.js — mounted at /api/v1/admin/card

Router-wide auth + authorizeRoles(OFFICE, SUPER, CARD, UTSAV, WIFI, FOOD).

Method Full path Auth Purpose Key params/body
POST /api/v1/admin/card/create Admin (card roles) Create a card / user card details
GET /api/v1/admin/card/getAll Admin (card roles) List all cards
GET /api/v1/admin/card/search/:name Admin (card roles) Search cards by name :name
GET /api/v1/admin/card/by-mobile/:mobno Admin (card roles) Fetch a card by mobile number :mobno
PUT /api/v1/admin/card/update Admin (card roles) Update a card card fields
PUT /api/v1/admin/card/transfer Admin (card roles) Transfer a card from/to
GET /api/v1/admin/card/transactions/:cardno Admin (card roles) Fetch total transactions for a card :cardno
POST /api/v1/admin/card/reset-pwd Admin (card roles) Reset a card's password to default cardno

routes/admin/foodManagement.routes.js — mounted at /api/v1/admin/food

Router-wide auth. Per-route roles: plate group = authorizeRoles(SUPER, FOOD, FOOD_PLATE); food-admin group = authorizeRoles(SUPER, FOOD, SMILESTONES).

Method Full path Auth Purpose Key params/body
POST /api/v1/admin/food/physicalPlates Plate group Record physical plates issued count / meal
GET /api/v1/admin/food/physicalPlates Plate group Fetch physical plates issued date/meal
PUT /api/v1/admin/food/physicalPlates Plate group Update physical plates issued id + count
POST /api/v1/admin/food/issue/bulk Food-admin group Bulk issue plates list
POST /api/v1/admin/food/issue/:cardno Food-admin group Issue a plate to a card :cardno, meal
GET /api/v1/admin/food/fetch_food_bookings Food-admin group Fetch food bookings filters
POST /api/v1/admin/food/meal-count Food-admin group Get meal count by mobile mobno
POST /api/v1/admin/food/book Food-admin group Book food for a user booking payload
PUT /api/v1/admin/food/cancel/:bookingid Food-admin group Cancel a food booking :bookingid
PUT /api/v1/admin/food/cancel_multiple Food-admin group Cancel multiple meals booking ids
POST /api/v1/admin/food/bulk_booking Food-admin group Create a bulk food booking payload
GET /api/v1/admin/food/bulk_booking Food-admin group Fetch bulk bookings filters
PUT /api/v1/admin/food/edit_bulk_booking/:bookingid Food-admin group Edit a bulk booking :bookingid
PUT /api/v1/admin/food/update_plate_issued/:bookingid Food-admin group Update plate-issued status :bookingid
GET /api/v1/admin/food/report Food-admin group Food report (counts) date range
GET /api/v1/admin/food/report_details Food-admin group Food report details date range
GET /api/v1/admin/food/report_details_guests Food-admin group Food report details for guests date range
GET /api/v1/admin/food/menu Food-admin group Fetch menu date
POST /api/v1/admin/food/menu Food-admin group Add menu item menu payload
PUT /api/v1/admin/food/menu Food-admin group Update menu item menu payload
DELETE /api/v1/admin/food/menu Food-admin group Delete menu item id / date
POST /api/v1/admin/food/menu/bulk Food-admin group Add menu items in bulk list

routes/admin/gateManagement.routes.js — mounted at /api/v1/admin/gate

Router-wide auth + authorizeRoles(GATE, SUPER).

Method Full path Auth Purpose Key params/body
GET /api/v1/admin/gate/total Admin (gate) Total people on campus
GET /api/v1/admin/gate/totalPR Admin (gate) Total PR count
GET /api/v1/admin/gate/totalGuest Admin (gate) Total guest count
GET /api/v1/admin/gate/totalMumukshu Admin (gate) Total mumukshu count
GET /api/v1/admin/gate/totalSeva Admin (gate) Total seva-kutir count
POST /api/v1/admin/gate/entry Admin (gate) Record a gate entry cardno
POST /api/v1/admin/gate/exit Admin (gate) Record a gate exit cardno
GET /api/v1/admin/gate/gaterecords Admin (gate) Fetch gate records filters
GET /api/v1/admin/gate/history/:cardno Admin (gate) Gate history for a card :cardno

routes/admin/roomManagement.routes.js — mounted at /api/v1/admin/stay

Router-wide auth + authorizeRoles(OFFICE, SUPER, ROOM).

Method Full path Auth Purpose Key params/body
POST /api/v1/admin/stay/bookForMumukshu Admin (room) Book a room for a mumukshu booking payload
PUT /api/v1/admin/stay/checkin/:bookingid Admin (room) Manual room check-in :bookingid
PUT /api/v1/admin/stay/checkout/:bookingid Admin (room) Manual room check-out :bookingid
PUT /api/v1/admin/stay/update_room_booking Admin (room) Update a room booking booking fields
PUT /api/v1/admin/stay/update_booking_status Admin (room) Update room booking status bookingid, status
GET /api/v1/admin/stay/room_list Admin (room) List rooms
GET /api/v1/admin/stay/available_rooms/:bookingid Admin (room) Available rooms for a booking :bookingid
GET /api/v1/admin/stay/available_rooms_for_day Admin (room) Available rooms for a given day date
GET /api/v1/admin/stay/fetch_room_bookings/:cardno Admin (room) Room bookings for a card :cardno
POST /api/v1/admin/stay/bookFlat/:mobno Admin (room) Book a flat for a mobile number :mobno + payload
PUT /api/v1/admin/stay/flat_checkin/:bookingid Admin (room) Flat check-in :bookingid
PUT /api/v1/admin/stay/flat_checkout/:bookingid Admin (room) Flat check-out :bookingid
PUT /api/v1/admin/stay/flat_cancel/:bookingid Admin (room) Cancel a flat booking :bookingid
GET /api/v1/admin/stay/flat_list Admin (room) List flats
GET /api/v1/admin/stay/fetch_flat_bookings/:cardno Admin (room) Flat bookings for a card :cardno
PUT /api/v1/admin/stay/update_flat_booking_status Admin (room) Update flat booking status bookingid, status
PUT /api/v1/admin/stay/block_room/:roomno Admin (room) Block a room :roomno
PUT /api/v1/admin/stay/unblock_room/:roomno Admin (room) Unblock a room :roomno
PUT /api/v1/admin/stay/update_room/:roomno Admin (room) Update room details :roomno
POST /api/v1/admin/stay/block_rc Admin (room) Block an RC (research centre) date range payload
PUT /api/v1/admin/stay/unblock_rc/:id Admin (room) Unblock an RC block :id
GET /api/v1/admin/stay/rc_block_list Admin (room) List RC blocks
GET /api/v1/admin/stay/reservation_report Admin (room) Room reservation report date range
GET /api/v1/admin/stay/flat_reservation_report Admin (room) Flat reservation report date range
GET /api/v1/admin/stay/daywise_report Admin (room) Day-wise guest count report date range
GET /api/v1/admin/stay/occupancyReport Admin (room) Occupancy report date range
GET /api/v1/admin/stay/guestsByDateAndRoomtype Admin (room) Guests by date and room type date, roomtype
GET /api/v1/admin/stay/late-checkout-fees Admin (room) Fetch late-checkout fees filters
PUT /api/v1/admin/stay/late-checkout-fees/revoke Admin (room) Revoke a late-checkout fee bookingid

routes/admin/travelManagement.routes.js — mounted at /api/v1/admin/travel

Router-wide auth + authorizeRoles(TRAVEL, SUPER, DRI_TRAVEL).

Method Full path Auth Purpose Key params/body
GET /api/v1/admin/travel/upcoming Admin (travel) Fetch upcoming travel bookings filters
GET /api/v1/admin/travel/summary Admin (travel) Travel summary date range
GET /api/v1/admin/travel/driver Admin (travel) Fetch bookings for the driver view date
POST /api/v1/admin/travel/booking/status Admin (travel) Update booking status bookingid, status
POST /api/v1/admin/travel/transaction/status Admin (travel) Update transaction status ids, status
PUT /api/v1/admin/travel/bookingupdate Admin (travel) Update a travel booking booking fields
POST /api/v1/admin/travel/bus-group Admin (travel) Create a bus group group payload
POST /api/v1/admin/travel/bus-group/assign-passengers Admin (travel) Assign passengers to a bus busid, passengers
GET /api/v1/admin/travel/bus-group/:id Admin (travel) Fetch bus group details :id
PUT /api/v1/admin/travel/bus-group/coordinator Admin (travel) Set a bus coordinator busid, bookingid
GET /api/v1/admin/travel/bus-groups Admin (travel) List all bus groups
GET /api/v1/admin/travel/available-bookings Admin (travel) Travel bookings available to assign filters
DELETE /api/v1/admin/travel/bus-group/passenger/:bookingid Admin (travel) Remove a passenger from a bus :bookingid
PUT /api/v1/admin/travel/bus-group/capacity Admin (travel) Update bus capacity busid, capacity
PUT /api/v1/admin/travel/bus-group/:id Admin (travel) Update a bus group :id
POST /api/v1/admin/travel/bus-group/bulk-assign Admin (travel) Bulk assign passengers list
POST /api/v1/admin/travel/bus/preview-bulk-upload Admin (travel) Preview a bulk passenger upload file
GET /api/v1/admin/travel/bus-group/:id/export Admin (travel) Export bus passengers :id
DELETE /api/v1/admin/travel/bus-group/:id Admin (travel) Delete a bus group :id
POST /api/v1/admin/travel/bus-group/preview-create Admin (travel) Preview creating a bus group payload
POST /api/v1/admin/travel/bus-group/preview-update Admin (travel) Preview updating a bus group payload
POST /api/v1/admin/travel/bulk-master-preview Admin (travel) Preview a bulk master upload file
POST /api/v1/admin/travel/bulk-master-create Admin (travel) Create from a bulk master upload file

routes/admin/accountsManagement.routes.js — mounted at /api/v1/admin/accounts

Router-wide auth + authorizeRoles(SUPER, ACCOUNTS, PRA_ACCOUNTS). Some routes accept an Excel file upload (multer, file).

Method Full path Auth Purpose Key params/body
GET /api/v1/admin/accounts/fetchcompleted Admin (accounts) Fetch completed transactions filters
GET /api/v1/admin/accounts/fetchpending Admin (accounts) Fetch pending transactions filters
GET /api/v1/admin/accounts/fetchcredits Admin (accounts) Fetch all credit transactions filters
GET /api/v1/admin/accounts/fetchdebits Admin (accounts) Fetch all debit transactions filters
POST /api/v1/admin/accounts/setrep Admin (accounts) Upload Razorpay settlement Excel file
POST /api/v1/admin/accounts/updateset Admin (accounts) Update settlement fields from Excel file
GET /api/v1/admin/accounts/fetchset Admin (accounts) Fetch all settlements filters
GET /api/v1/admin/accounts/fetchTransactions/:settlementId Admin (accounts) Transactions for a settlement :settlementId
GET /api/v1/admin/accounts/fetchTransactions/payment/:razorpay_order_id Admin (accounts) Transactions for a payment/order :razorpay_order_id
GET /api/v1/admin/accounts/credits Admin (accounts) Fetch credits filters
GET /api/v1/admin/accounts/fetchcreditstransactions Admin (accounts) Fetch credit transactions filters

routes/admin/maintenanceManagement.routes.js — mounted at /api/v1/admin/maintenance

Router-wide auth + authorizeRoles(SUPER, MAINTENANCE, HOUSEKEEPING, ELECTRICAL).

Method Full path Auth Purpose Key params/body
GET /api/v1/admin/maintenance/fetch/:department Admin (maintenance) Maintenance report by department :department
PUT /api/v1/admin/maintenance/update Admin (maintenance) Update a maintenance request id, status
GET /api/v1/admin/maintenance/housekeeping/deep-cleaning/status Admin (maintenance) Deep-cleaning status filters
POST /api/v1/admin/maintenance/housekeeping/deep-cleaning/done Admin (maintenance) Mark deep-cleaning done room / date
POST /api/v1/admin/maintenance/housekeeping/deep-cleaning/interval Admin (maintenance) Update deep-cleaning interval interval

routes/admin/bookingManagement.routes.js — mounted at /api/v1/admin/bookings

Router-wide auth + authorizeRoles(OFFICE, SUPER, ROOM).

Method Full path Auth Purpose Key params/body
PUT /api/v1/admin/bookings/cancel/:type/:bookingid Admin (office/super/room) Cancel a booking of a given type :type, :bookingid

routes/admin/location.routes.js — mounted at /api/v1/admin/location

Note: app.js mounts the client location router (routes/client/location.routes.js) at /api/v1/admin/location; the file routes/admin/location.routes.js exists but is not imported/mounted (dead code). The live endpoints are therefore identical to the client location routes, and are Public (no auth).

Method Full path Auth Purpose Key params/body
POST /api/v1/admin/location/ Public Add / seed location data payload
GET /api/v1/admin/location/countries Public List countries
GET /api/v1/admin/location/states/:country Public List states :country
GET /api/v1/admin/location/cities/:country/:state Public List cities :country, :state
GET /api/v1/admin/location/centres Public List centres

routes/admin/utsavManagement.routes.js — mounted at /api/v1/admin/utsav

Exports two routers, both mounted at /api/v1/admin/utsav: utsavPublicRouter (no auth) and utsavAdminRouter (auth + authorizeRoles(UTSAV, SUPER, PRA_ACCOUNTS, ACCOUNTS, UTSAV_READ_ONLY, UTSAV_ADMIN_RAJ)). Some routes accept an Excel upload (multer, file).

Method Full path Auth Purpose Key params/body
POST /api/v1/admin/utsav/utsavCheckin Public Check in an attendee at an utsav cardno / booking
POST /api/v1/admin/utsav/issue/:cardno Public Issue a plate/item to a card at utsav :cardno
POST /api/v1/admin/utsav/create Admin (utsav) Create an utsav utsav details
POST /api/v1/admin/utsav/package Admin (utsav) Add an utsav package package payload
POST /api/v1/admin/utsav/package/bulk Admin (utsav) Add utsav packages in bulk list
POST /api/v1/admin/utsav/booking Admin (UTSAV, SUPER, PRA_ACCOUNTS, ACCOUNTS) Create an utsav booking on behalf of a user booking payload
PUT /api/v1/admin/utsav/update/:id Admin (utsav) Update an utsav :id
PUT /api/v1/admin/utsav/updatepackage/:id Admin (utsav) Update an utsav package :id
GET /api/v1/admin/utsav/bookings Admin (utsav) Fetch utsav bookings filters
GET /api/v1/admin/utsav/volunteer Admin (utsav) Fetch utsav bookings (volunteer view) filters
GET /api/v1/admin/utsav/fetchpackage Admin (utsav) Fetch all packages
GET /api/v1/admin/utsav/fetchPackagesByUtsav Admin (utsav) Fetch packages by utsav utsav id
GET /api/v1/admin/utsav/fetch Admin (utsav) Fetch all utsavs
GET /api/v1/admin/utsav/fetchUtsav Admin (utsav) Fetch utsavs by location location
GET /api/v1/admin/utsav/fetch/:id Admin (utsav) Fetch a single utsav :id
GET /api/v1/admin/utsav/fetchpackage/:id Admin (utsav) Fetch a single package :id
PUT /api/v1/admin/utsav/:id/:activate Admin (utsav) Activate / deactivate an utsav :id, :activate
PUT /api/v1/admin/utsav/status Admin (utsav) Update utsav booking status bookingid, status
GET /api/v1/admin/utsav/fetchList Admin (utsav) Fetch utsav list (dropdown)
GET /api/v1/admin/utsav/utsavCheckinReport Admin (utsav) Utsav check-in report utsav id
POST /api/v1/admin/utsav/uploadRoomNo Admin (utsav) Upload room numbers via Excel file
PUT /api/v1/admin/utsav/updateRoomNo Admin (utsav) Update a room number bookingid, roomno
GET /api/v1/admin/utsav/fetchVolunteerOptions Admin (utsav) Fetch volunteer options
GET /api/v1/admin/utsav/pre_event_room_occupancy Admin (utsav) Pre-event room occupancy report utsav id
GET /api/v1/admin/utsav/post_event_room_occupancy Admin (utsav) Post-event room occupancy report utsav id
GET /api/v1/admin/utsav/utsav-feedback Admin (utsav) Fetch utsav feedbacks utsav id

routes/admin/avtManagement.routes.js — mounted at /api/v1/admin/avt

Router-wide auth + authorizeRoles(AVT, SUPER).

Method Full path Auth Purpose Key params/body
GET /api/v1/admin/avt/getAll Admin (avt) List all cards (AVT view)
GET /api/v1/admin/avt/search/:name Admin (avt) Search cards by name (AVT view) :name

routes/admin/wifiManagement.routes.js — mounted at /api/v1/admin/wifi

Router-wide auth + authorizeRoles(SUPER, WIFI). Several routes accept an Excel upload (multer, file).

Method Full path Auth Purpose Key params/body
POST /api/v1/admin/wifi/uploadcode Admin (wifi) Upload temporary WiFi codes (Excel) file
GET /api/v1/admin/wifi/wifirecords Admin (wifi) Fetch WiFi records filters
GET /api/v1/admin/wifi/permanent/portal-export Admin (wifi) Export permanent WiFi codes for the portal filters
GET /api/v1/admin/wifi/permanent Admin (wifi) Fetch permanent-code requests filters
PUT /api/v1/admin/wifi/permanent/:requestId Admin (wifi) Approve/update a permanent-code request :requestId
POST /api/v1/admin/wifi/uploadpercode Admin (wifi) Upload permanent WiFi codes (Excel) file
POST /api/v1/admin/wifi/insertpercode Admin (wifi) Insert permanent WiFi codes from Excel file
POST /api/v1/admin/wifi/manual Admin (wifi) Add a permanent code manually code details
GET /api/v1/admin/wifi/generate-username Admin (wifi) Generate a WiFi username

routes/admin/coordinatorAuth.routes.js — mounted at /api/v1/coordinator

No router-level middleware. send-otp / verify-otp are Public (OTP login flow); dashboard / boarding-status verify a Coordinator JWT in the controller (jwt.verify on Authorization header) and check the caller is the assigned coordinator.

Method Full path Auth Purpose Key params/body
POST /api/v1/coordinator/send-otp Public Send an OTP to a coordinator's phone mobno
POST /api/v1/coordinator/verify-otp Public Verify OTP and issue a coordinator token mobno, otp
GET /api/v1/coordinator/dashboard Coordinator JWT Fetch the coordinator's dashboard (assigned bus/passengers)
PUT /api/v1/coordinator/boarding-status Coordinator JWT Update a passenger's boarding status bookingid, status

Router-wide auth. POST / PUT / DELETE gate on a broad set of admin roles (SUPER, ACCOUNTS, ROOM, CARD, OFFICE, FOOD, ADHYAYAN, TRAVEL, UTSAV, AVT, WIFI); GET /:type checks type-specific roles via TYPE_ROLE_MAP. Fine-grained authorization is done in the controller.

Method Full path Auth Purpose Key params/body
POST /api/v1/short-links/ Admin (any of broad role set) Create a short link type, target
GET /api/v1/short-links/:type Admin (type-specific roles) Fetch short links by type :type
PUT /api/v1/short-links/:id Admin (any of broad role set) Update a short link :id
DELETE /api/v1/short-links/:id Admin (any of broad role set) Delete a short link :id

routes/admin/redirect.routes.js — mounted at / (root)

Method Full path Auth Purpose Key params/body
GET /go/:slug Public Resolve and redirect a short-link slug :slug

WiFi APIs

routes/wifi/wifi.routes.js — mounted at /api/v1/wifi

Per-route validateCard (Client JWT). Backs the app's WiFi self-service (temporary and permanent codes).

Method Full path Auth Purpose Key params/body
GET /api/v1/wifi/ Client JWT Fetch the user's temporary WiFi codes
GET /api/v1/wifi/generate Client JWT Generate a temporary WiFi code
POST /api/v1/wifi/permanent Client JWT Request a permanent WiFi code device / details
GET /api/v1/wifi/permanent Client JWT Fetch the user's permanent WiFi codes
POST /api/v1/wifi/permanent/reset Client JWT Reset a permanent WiFi code code id

Notes

  • Total endpoints indexed: 250 (Client 55 · Admin 190 · WiFi 5), plus 2 root/health endpoints defined in app.js.
  • Deprecated endpoints: POST /api/v1/unified/booking and POST /api/v1/unified/validate always return HTTP 410. POST /api/v1/stay/flat and POST /api/v1/guest/flat are marked deprecated in favor of unified booking but still function.
  • Dead code: routes/admin/location.routes.js is never imported; /api/v1/admin/location is served by the client location router.
  • Commented-out legacy WiFi controller (getPassword, generatePassword, deletePermanentCode) remains at the top of wifi.routes.js but is inactive.
  • admin/utsav is unusual: app.js mounts a public router and an authenticated router at the same base path (/api/v1/admin/utsav), so utsavCheckin and issue/:cardno are reachable without auth.