API Reference — Exhaustive Route Index¶
Part of the Aashray Technical Reference. This is a pure route index with no single business-logic pairing — it spans every domain. Related: Admin Panel Map, Discrepancies.
Complete index of every HTTP endpoint exposed by the SRATRC / Vitraag Vigyaan backend (backend-main, Express + Sequelize). Every route file under routes/client/, routes/admin/, and routes/wifi/ is covered below, with full paths resolved against the router mount points in app.js.
Base URL: all routes are versioned under /api/v1/... (a few root-level exceptions noted below). Example: https://<host>/api/v1/stay/bookings.
Route groups
- Client APIs — consumed by the Aashray mobile app. Mounted under
/api/v1/client,/api/v1/stay,/api/v1/food,/api/v1/travel,/api/v1/adhyayan,/api/v1/utsav,/api/v1/maintenance,/api/v1/profile,/api/v1/location,/api/v1/razorpay,/api/v1/support,/api/v1/updates,/api/v1/guest,/api/v1/mumukshu,/api/v1/unified. - Admin APIs — consumed by the admin web panel. Mounted under
/api/v1/admin/*, plus/api/v1/coordinator,/api/v1/short-links, and root/go/:slug. - WiFi APIs — the WiFi code self-service flow. Mounted under
/api/v1/wifi.
Auth realms
| Realm | Enforced by | Meaning |
|---|---|---|
| Client JWT | validateCard middleware (middleware/validate.js) — resolves a card/user from the bearer token |
Signed-in Aashray app user (card holder) |
| Admin JWT + roles | auth + authorizeRoles(...) (middleware/AdminAuth.js) |
Admin panel user holding at least one of the listed roles |
| Coordinator JWT | Verified in-controller (jwt.verify on Authorization header, same SECRET) — no router middleware |
Bus/travel coordinator, authenticated via OTP → token |
| Public | No auth middleware | Open endpoint (login, OTP start, lookups, health, deprecated stubs) |
Root / health endpoints (defined directly in app.js, not in a route file)
| Method | Full path | Auth | Purpose |
|---|---|---|---|
| GET | /api |
Public | Liveness ping ("API is up and running") |
| GET | /api/health |
Public | Health check + DB connection + connection-pool status |
Client APIs¶
routes/client/auth.routes.js — mounted at /api/v1/client¶
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/client/logout |
Public | Log out current session | — |
| POST | /api/v1/client/updatePassword |
Client JWT | Change password for signed-in card | old/new password |
| POST | /api/v1/client/verifyAndLogin |
Public | Verify credentials and issue login token | mobno / card + password |
| POST | /api/v1/client/forgotPassword |
Public | Initiate forgot-password flow | mobno / identifier |
routes/client/roomBooking.routes.js — mounted at /api/v1/stay¶
Router-wide validateCard (Client JWT).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/stay/cancel |
Client JWT | Cancel a room booking | bookingid |
| POST | /api/v1/stay/flat |
Client JWT | Book a flat for mumukshu (deprecated — use unified booking) | flat/date/guest details |
| GET | /api/v1/stay/bookings |
Client JWT | List all of the user's room bookings | — |
routes/client/foodBooking.routes.js — mounted at /api/v1/food¶
Router-wide validateCard (Client JWT).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| PATCH | /api/v1/food/cancel |
Client JWT | Cancel food booking(s) | booking ids / dates |
| GET | /api/v1/food/get |
Client JWT | Fetch the user's food bookings | date range / filters |
| GET | /api/v1/food/getGuestsForFilter |
Client JWT | List guests to filter food bookings by | — |
| GET | /api/v1/food/menu |
Client JWT | Fetch the food menu | date |
routes/client/travelBooking.routes.js — mounted at /api/v1/travel¶
Router-wide validateCard (Client JWT).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/travel/booking |
Client JWT | Fetch upcoming travel bookings | — |
| DELETE | /api/v1/travel/booking |
Client JWT | Cancel a travel booking | bookingid |
routes/client/adhyayanBooking.routes.js — mounted at /api/v1/adhyayan¶
Router-wide validateCard (Client JWT).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/adhyayan/getall |
Client JWT | List all shibirs (study programs) | — |
| GET | /api/v1/adhyayan/getbooked |
Client JWT | List shibirs the user has booked | — |
| DELETE | /api/v1/adhyayan/cancel |
Client JWT | Cancel a shibir booking | bookingid |
| GET | /api/v1/adhyayan/getrange |
Client JWT | List shibirs within a date range | start/end date |
| GET | /api/v1/adhyayan/:id |
Client JWT | Fetch a shibir by id | :id |
| POST | /api/v1/adhyayan/feedback |
Client JWT | Submit shibir feedback | shibir_id + answers |
| GET | /api/v1/adhyayan/feedback/validate |
Client JWT | Check whether feedback can/should be submitted | shibir_id |
routes/client/utsavBooking.routes.js — mounted at /api/v1/utsav¶
Router-wide validateCard (Client JWT).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/utsav/upcoming |
Client JWT | List upcoming utsavs (festivals) | — |
| GET | /api/v1/utsav/booking |
Client JWT | View the user's utsav bookings | — |
| DELETE | /api/v1/utsav/booking |
Client JWT | Cancel an utsav booking | bookingid |
| GET | /api/v1/utsav/:id |
Client JWT | Fetch an utsav by id | :id |
| POST | /api/v1/utsav/feedback |
Client JWT | Submit utsav feedback | utsav_id + answers |
| GET | /api/v1/utsav/feedback/validate |
Client JWT | Check whether utsav feedback can be submitted | utsav_id |
routes/client/maintenaneRequest.routes.js — mounted at /api/v1/maintenance¶
Router-wide validateCard (Client JWT).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/maintenance/request |
Client JWT | Create a maintenance request | department, description |
| GET | /api/v1/maintenance/ |
Client JWT | View the user's maintenance requests | — |
| GET | /api/v1/maintenance/departments |
Client JWT | List maintenance departments | — |
routes/client/profile.routes.js — mounted at /api/v1/profile¶
Router-wide validateCard (Client JWT).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/profile/ |
Client JWT | Fetch the user's profile | — |
| PUT | /api/v1/profile/ |
Client JWT | Update the user's profile | profile fields |
| POST | /api/v1/profile/upload |
Client JWT | Upload profile picture | image |
| GET | /api/v1/profile/transactions |
Client JWT | Fetch the user's transactions | — |
| POST | /api/v1/profile/notification |
Client JWT | Register / send a push notification (FCM token) | fcm token / payload |
routes/client/location.routes.js — mounted at /api/v1/location¶
No auth middleware (Public lookups).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/location/ |
Public | Add / seed location data | location payload |
| GET | /api/v1/location/countries |
Public | List countries | — |
| GET | /api/v1/location/states/:country |
Public | List states for a country | :country |
| GET | /api/v1/location/cities/:country/:state |
Public | List cities for a country + state | :country, :state |
| GET | /api/v1/location/centres |
Public | List SRATRC centres | — |
routes/client/guestBooking.routes.js — mounted at /api/v1/guest¶
Router-wide validateCard (Client JWT).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/guest/ |
Client JWT | Fetch the user's guests | — |
| POST | /api/v1/guest/ |
Client JWT | Create guest record(s) | guest details |
| POST | /api/v1/guest/booking |
Client JWT | Create a booking on behalf of guests | booking payload |
| POST | /api/v1/guest/validate |
Client JWT | Validate a guest booking (price/availability) | booking payload |
| POST | /api/v1/guest/flat |
Client JWT | Guest flat booking (deprecated — use unified booking) | flat details |
| GET | /api/v1/guest/check/:mobno |
Client JWT | Check if a guest exists by mobile | :mobno |
routes/client/mumukshuBooking.routes.js — mounted at /api/v1/mumukshu¶
Router-wide validateCard (Client JWT).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/mumukshu/ |
Client JWT | Check whether a person is a mumukshu or guest | mobno |
| POST | /api/v1/mumukshu/booking |
Client JWT | Create a booking for mumukshus | booking payload |
| POST | /api/v1/mumukshu/validate |
Client JWT | Validate a mumukshu booking | booking payload |
routes/client/payment.routes.js — mounted at /api/v1/razorpay¶
Per-route middleware.
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/razorpay/verifyPayment |
Public | Verify a Razorpay payment (signature callback) | razorpay ids + signature |
| POST | /api/v1/razorpay/pay |
Client JWT | Create an order id for pending payments | amount / booking refs |
| POST | /api/v1/razorpay/payv2 |
Client JWT | Create an order id for pending payments (v2) | amount / booking refs |
routes/client/support.routes.js — mounted at /api/v1/support¶
Router-wide validateCard (Client JWT).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/support/ |
Client JWT | Create a support ticket | subject, message |
routes/client/updates.routes.js — mounted at /api/v1/updates¶
No auth middleware (Public).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/updates/ |
Public | Check for a required app update (force-update gate) | version / platform |
routes/client/unifiedBooking.routes.js — mounted at /api/v1/unified¶
Router-wide validateCard (Client JWT). Both endpoints are deprecated stubs — they always throw HTTP 410 ("Please update Aashray app to continue using it").
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/unified/booking |
Client JWT | Deprecated — returns 410 | — |
| POST | /api/v1/unified/validate |
Client JWT | Deprecated — returns 410 | — |
Admin APIs¶
Roles referenced below come from config/constants.js (e.g. ROLE_SUPER_ADMIN, ROLE_ROOM_ADMIN, ROLE_FOOD_ADMIN, ROLE_ADHYAYAN_ADMIN, ROLE_UTSAV_ADMIN, ROLE_TRAVEL_ADMIN, ROLE_ACCOUNTS_ADMIN, ROLE_GATE_ADMIN, ROLE_WIFI_ADMIN, ROLE_CARD_ADMIN, ROLE_MAINTENANCE_ADMIN, ROLE_AVT_ADMIN, ROLE_OFFICE_ADMIN, and read-only / location-specific variants). "Admin JWT + auth + authorizeRoles(<roles>).
routes/admin/auth.routes.js — mounted at /api/v1/admin/auth¶
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/admin/auth/login |
Public | Admin login | username, password |
| POST | /api/v1/admin/auth/create |
Admin JWT + SUPER_ADMIN | Create a new admin user | username, password, roles |
| POST | /api/v1/admin/auth/reset-password |
Public | Reset an admin password | reset token / identifier |
routes/admin/adminControls.routes.js — mounted at /api/v1/admin/sudo¶
Router-wide auth + authorizeRoles(SUPER_ADMIN).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/admin/sudo/fetch_all_admins |
SUPER_ADMIN | List all admin users | — |
| PUT | /api/v1/admin/sudo/update_roles |
SUPER_ADMIN | Update an admin's roles | username, roles |
| PUT | /api/v1/admin/sudo/deactivate/:username |
SUPER_ADMIN | Deactivate an admin | :username |
| PUT | /api/v1/admin/sudo/activate/:username |
SUPER_ADMIN | Activate an admin | :username |
| POST | /api/v1/admin/sudo/role/:name |
SUPER_ADMIN | Create a role | :name |
| GET | /api/v1/admin/sudo/role |
SUPER_ADMIN | List roles | — |
| DELETE | /api/v1/admin/sudo/role/:name |
SUPER_ADMIN | Delete a role | :name |
routes/admin/adhyayanManagement.routes.js — mounted at /api/v1/admin/adhyayan¶
Router-wide auth + authorizeRoles(OFFICE, ADHYAYAN, SUPER, DHU_ADHYAYAN, RAJ_ADHYAYAN, KOL_ADHYAYAN, ACCOUNTS, PRA_ACCOUNTS, ADHYAYAN_READ_ONLY, UTSAV).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/admin/adhyayan/create |
Admin (adhyayan roles) | Create a shibir | shibir details |
| GET | /api/v1/admin/adhyayan/fetchALLadhyayan |
Admin (adhyayan roles) | Fetch all adhyayans | — |
| GET | /api/v1/admin/adhyayan/fetchPGS |
Admin (adhyayan roles) | Fetch PGS (program) list | — |
| GET | /api/v1/admin/adhyayan/fetchAdhyayan |
Admin (adhyayan roles) | Fetch adhyayans by location | location |
| GET | /api/v1/admin/adhyayan/fetch/:id |
Admin (adhyayan roles) | Fetch a single adhyayan | :id |
| PUT | /api/v1/admin/adhyayan/update/:id |
Admin (adhyayan roles) | Update an adhyayan | :id + fields |
| GET | /api/v1/admin/adhyayan/waitlist/:id |
Admin (adhyayan roles) | Fetch adhyayan waitlist | :id |
| GET | /api/v1/admin/adhyayan/pendinglist/:id |
Admin (adhyayan roles) | Fetch pending-payment list | :id |
| GET | /api/v1/admin/adhyayan/bookings |
Admin (adhyayan roles) | Fetch adhyayan bookings | filters |
| PUT | /api/v1/admin/adhyayan/status |
Admin (adhyayan roles) | Update booking status | bookingid, status |
| PUT | /api/v1/admin/adhyayan/attendance/toggle |
Admin (adhyayan roles) | Toggle attendance for one booking | bookingid |
| POST | /api/v1/admin/adhyayan/attendance/bulk-toggle |
Admin (adhyayan roles) | Bulk toggle attendance | booking ids |
| PUT | /api/v1/admin/adhyayan/:id/:activate |
Admin (adhyayan roles) | Activate / deactivate an adhyayan | :id, :activate |
| GET | /api/v1/admin/adhyayan/fetchList |
Admin (adhyayan roles) | Fetch adhyayan list (dropdown) | — |
| DELETE | /api/v1/admin/adhyayan/:id |
Admin (adhyayan roles) | Soft-delete a shibir | :id |
| GET | /api/v1/admin/adhyayan/feedback/:shibir_id |
Admin (adhyayan roles) | Fetch feedback for a shibir | :shibir_id |
| POST | /api/v1/admin/adhyayan/attendance/:shibir_id/:session_no/:cardno |
Admin (adhyayan roles) | Mark attendance for a session/card | path params |
| GET | /api/v1/admin/adhyayan/attendance/report/:shibir_id |
Admin (adhyayan roles) | Attendance report | :shibir_id |
| GET | /api/v1/admin/adhyayan/attendance/summary/:shibir_id |
Admin (adhyayan roles) | Attendance summary | :shibir_id |
| POST | /api/v1/admin/adhyayan/booking/admin |
Admin (adhyayan roles) | Create an adhyayan booking on behalf of a user | booking payload |
| POST | /api/v1/admin/adhyayan/attendance/create |
Admin (adhyayan roles) | Create an attendance entry manually | shibir/session/card |
routes/admin/cardManagement.routes.js — mounted at /api/v1/admin/card¶
Router-wide auth + authorizeRoles(OFFICE, SUPER, CARD, UTSAV, WIFI, FOOD).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/admin/card/create |
Admin (card roles) | Create a card / user | card details |
| GET | /api/v1/admin/card/getAll |
Admin (card roles) | List all cards | — |
| GET | /api/v1/admin/card/search/:name |
Admin (card roles) | Search cards by name | :name |
| GET | /api/v1/admin/card/by-mobile/:mobno |
Admin (card roles) | Fetch a card by mobile number | :mobno |
| PUT | /api/v1/admin/card/update |
Admin (card roles) | Update a card | card fields |
| PUT | /api/v1/admin/card/transfer |
Admin (card roles) | Transfer a card | from/to |
| GET | /api/v1/admin/card/transactions/:cardno |
Admin (card roles) | Fetch total transactions for a card | :cardno |
| POST | /api/v1/admin/card/reset-pwd |
Admin (card roles) | Reset a card's password to default | cardno |
routes/admin/foodManagement.routes.js — mounted at /api/v1/admin/food¶
Router-wide auth. Per-route roles: plate group = authorizeRoles(SUPER, FOOD, FOOD_PLATE); food-admin group = authorizeRoles(SUPER, FOOD, SMILESTONES).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/admin/food/physicalPlates |
Plate group | Record physical plates issued | count / meal |
| GET | /api/v1/admin/food/physicalPlates |
Plate group | Fetch physical plates issued | date/meal |
| PUT | /api/v1/admin/food/physicalPlates |
Plate group | Update physical plates issued | id + count |
| POST | /api/v1/admin/food/issue/bulk |
Food-admin group | Bulk issue plates | list |
| POST | /api/v1/admin/food/issue/:cardno |
Food-admin group | Issue a plate to a card | :cardno, meal |
| GET | /api/v1/admin/food/fetch_food_bookings |
Food-admin group | Fetch food bookings | filters |
| POST | /api/v1/admin/food/meal-count |
Food-admin group | Get meal count by mobile | mobno |
| POST | /api/v1/admin/food/book |
Food-admin group | Book food for a user | booking payload |
| PUT | /api/v1/admin/food/cancel/:bookingid |
Food-admin group | Cancel a food booking | :bookingid |
| PUT | /api/v1/admin/food/cancel_multiple |
Food-admin group | Cancel multiple meals | booking ids |
| POST | /api/v1/admin/food/bulk_booking |
Food-admin group | Create a bulk food booking | payload |
| GET | /api/v1/admin/food/bulk_booking |
Food-admin group | Fetch bulk bookings | filters |
| PUT | /api/v1/admin/food/edit_bulk_booking/:bookingid |
Food-admin group | Edit a bulk booking | :bookingid |
| PUT | /api/v1/admin/food/update_plate_issued/:bookingid |
Food-admin group | Update plate-issued status | :bookingid |
| GET | /api/v1/admin/food/report |
Food-admin group | Food report (counts) | date range |
| GET | /api/v1/admin/food/report_details |
Food-admin group | Food report details | date range |
| GET | /api/v1/admin/food/report_details_guests |
Food-admin group | Food report details for guests | date range |
| GET | /api/v1/admin/food/menu |
Food-admin group | Fetch menu | date |
| POST | /api/v1/admin/food/menu |
Food-admin group | Add menu item | menu payload |
| PUT | /api/v1/admin/food/menu |
Food-admin group | Update menu item | menu payload |
| DELETE | /api/v1/admin/food/menu |
Food-admin group | Delete menu item | id / date |
| POST | /api/v1/admin/food/menu/bulk |
Food-admin group | Add menu items in bulk | list |
routes/admin/gateManagement.routes.js — mounted at /api/v1/admin/gate¶
Router-wide auth + authorizeRoles(GATE, SUPER).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/admin/gate/total |
Admin (gate) | Total people on campus | — |
| GET | /api/v1/admin/gate/totalPR |
Admin (gate) | Total PR count | — |
| GET | /api/v1/admin/gate/totalGuest |
Admin (gate) | Total guest count | — |
| GET | /api/v1/admin/gate/totalMumukshu |
Admin (gate) | Total mumukshu count | — |
| GET | /api/v1/admin/gate/totalSeva |
Admin (gate) | Total seva-kutir count | — |
| POST | /api/v1/admin/gate/entry |
Admin (gate) | Record a gate entry | cardno |
| POST | /api/v1/admin/gate/exit |
Admin (gate) | Record a gate exit | cardno |
| GET | /api/v1/admin/gate/gaterecords |
Admin (gate) | Fetch gate records | filters |
| GET | /api/v1/admin/gate/history/:cardno |
Admin (gate) | Gate history for a card | :cardno |
routes/admin/roomManagement.routes.js — mounted at /api/v1/admin/stay¶
Router-wide auth + authorizeRoles(OFFICE, SUPER, ROOM).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/admin/stay/bookForMumukshu |
Admin (room) | Book a room for a mumukshu | booking payload |
| PUT | /api/v1/admin/stay/checkin/:bookingid |
Admin (room) | Manual room check-in | :bookingid |
| PUT | /api/v1/admin/stay/checkout/:bookingid |
Admin (room) | Manual room check-out | :bookingid |
| PUT | /api/v1/admin/stay/update_room_booking |
Admin (room) | Update a room booking | booking fields |
| PUT | /api/v1/admin/stay/update_booking_status |
Admin (room) | Update room booking status | bookingid, status |
| GET | /api/v1/admin/stay/room_list |
Admin (room) | List rooms | — |
| GET | /api/v1/admin/stay/available_rooms/:bookingid |
Admin (room) | Available rooms for a booking | :bookingid |
| GET | /api/v1/admin/stay/available_rooms_for_day |
Admin (room) | Available rooms for a given day | date |
| GET | /api/v1/admin/stay/fetch_room_bookings/:cardno |
Admin (room) | Room bookings for a card | :cardno |
| POST | /api/v1/admin/stay/bookFlat/:mobno |
Admin (room) | Book a flat for a mobile number | :mobno + payload |
| PUT | /api/v1/admin/stay/flat_checkin/:bookingid |
Admin (room) | Flat check-in | :bookingid |
| PUT | /api/v1/admin/stay/flat_checkout/:bookingid |
Admin (room) | Flat check-out | :bookingid |
| PUT | /api/v1/admin/stay/flat_cancel/:bookingid |
Admin (room) | Cancel a flat booking | :bookingid |
| GET | /api/v1/admin/stay/flat_list |
Admin (room) | List flats | — |
| GET | /api/v1/admin/stay/fetch_flat_bookings/:cardno |
Admin (room) | Flat bookings for a card | :cardno |
| PUT | /api/v1/admin/stay/update_flat_booking_status |
Admin (room) | Update flat booking status | bookingid, status |
| PUT | /api/v1/admin/stay/block_room/:roomno |
Admin (room) | Block a room | :roomno |
| PUT | /api/v1/admin/stay/unblock_room/:roomno |
Admin (room) | Unblock a room | :roomno |
| PUT | /api/v1/admin/stay/update_room/:roomno |
Admin (room) | Update room details | :roomno |
| POST | /api/v1/admin/stay/block_rc |
Admin (room) | Block an RC (research centre) date range | payload |
| PUT | /api/v1/admin/stay/unblock_rc/:id |
Admin (room) | Unblock an RC block | :id |
| GET | /api/v1/admin/stay/rc_block_list |
Admin (room) | List RC blocks | — |
| GET | /api/v1/admin/stay/reservation_report |
Admin (room) | Room reservation report | date range |
| GET | /api/v1/admin/stay/flat_reservation_report |
Admin (room) | Flat reservation report | date range |
| GET | /api/v1/admin/stay/daywise_report |
Admin (room) | Day-wise guest count report | date range |
| GET | /api/v1/admin/stay/occupancyReport |
Admin (room) | Occupancy report | date range |
| GET | /api/v1/admin/stay/guestsByDateAndRoomtype |
Admin (room) | Guests by date and room type | date, roomtype |
| GET | /api/v1/admin/stay/late-checkout-fees |
Admin (room) | Fetch late-checkout fees | filters |
| PUT | /api/v1/admin/stay/late-checkout-fees/revoke |
Admin (room) | Revoke a late-checkout fee | bookingid |
routes/admin/travelManagement.routes.js — mounted at /api/v1/admin/travel¶
Router-wide auth + authorizeRoles(TRAVEL, SUPER, DRI_TRAVEL).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/admin/travel/upcoming |
Admin (travel) | Fetch upcoming travel bookings | filters |
| GET | /api/v1/admin/travel/summary |
Admin (travel) | Travel summary | date range |
| GET | /api/v1/admin/travel/driver |
Admin (travel) | Fetch bookings for the driver view | date |
| POST | /api/v1/admin/travel/booking/status |
Admin (travel) | Update booking status | bookingid, status |
| POST | /api/v1/admin/travel/transaction/status |
Admin (travel) | Update transaction status | ids, status |
| PUT | /api/v1/admin/travel/bookingupdate |
Admin (travel) | Update a travel booking | booking fields |
| POST | /api/v1/admin/travel/bus-group |
Admin (travel) | Create a bus group | group payload |
| POST | /api/v1/admin/travel/bus-group/assign-passengers |
Admin (travel) | Assign passengers to a bus | busid, passengers |
| GET | /api/v1/admin/travel/bus-group/:id |
Admin (travel) | Fetch bus group details | :id |
| PUT | /api/v1/admin/travel/bus-group/coordinator |
Admin (travel) | Set a bus coordinator | busid, bookingid |
| GET | /api/v1/admin/travel/bus-groups |
Admin (travel) | List all bus groups | — |
| GET | /api/v1/admin/travel/available-bookings |
Admin (travel) | Travel bookings available to assign | filters |
| DELETE | /api/v1/admin/travel/bus-group/passenger/:bookingid |
Admin (travel) | Remove a passenger from a bus | :bookingid |
| PUT | /api/v1/admin/travel/bus-group/capacity |
Admin (travel) | Update bus capacity | busid, capacity |
| PUT | /api/v1/admin/travel/bus-group/:id |
Admin (travel) | Update a bus group | :id |
| POST | /api/v1/admin/travel/bus-group/bulk-assign |
Admin (travel) | Bulk assign passengers | list |
| POST | /api/v1/admin/travel/bus/preview-bulk-upload |
Admin (travel) | Preview a bulk passenger upload | file |
| GET | /api/v1/admin/travel/bus-group/:id/export |
Admin (travel) | Export bus passengers | :id |
| DELETE | /api/v1/admin/travel/bus-group/:id |
Admin (travel) | Delete a bus group | :id |
| POST | /api/v1/admin/travel/bus-group/preview-create |
Admin (travel) | Preview creating a bus group | payload |
| POST | /api/v1/admin/travel/bus-group/preview-update |
Admin (travel) | Preview updating a bus group | payload |
| POST | /api/v1/admin/travel/bulk-master-preview |
Admin (travel) | Preview a bulk master upload | file |
| POST | /api/v1/admin/travel/bulk-master-create |
Admin (travel) | Create from a bulk master upload | file |
routes/admin/accountsManagement.routes.js — mounted at /api/v1/admin/accounts¶
Router-wide auth + authorizeRoles(SUPER, ACCOUNTS, PRA_ACCOUNTS). Some routes accept an Excel file upload (multer, file).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/admin/accounts/fetchcompleted |
Admin (accounts) | Fetch completed transactions | filters |
| GET | /api/v1/admin/accounts/fetchpending |
Admin (accounts) | Fetch pending transactions | filters |
| GET | /api/v1/admin/accounts/fetchcredits |
Admin (accounts) | Fetch all credit transactions | filters |
| GET | /api/v1/admin/accounts/fetchdebits |
Admin (accounts) | Fetch all debit transactions | filters |
| POST | /api/v1/admin/accounts/setrep |
Admin (accounts) | Upload Razorpay settlement Excel | file |
| POST | /api/v1/admin/accounts/updateset |
Admin (accounts) | Update settlement fields from Excel | file |
| GET | /api/v1/admin/accounts/fetchset |
Admin (accounts) | Fetch all settlements | filters |
| GET | /api/v1/admin/accounts/fetchTransactions/:settlementId |
Admin (accounts) | Transactions for a settlement | :settlementId |
| GET | /api/v1/admin/accounts/fetchTransactions/payment/:razorpay_order_id |
Admin (accounts) | Transactions for a payment/order | :razorpay_order_id |
| GET | /api/v1/admin/accounts/credits |
Admin (accounts) | Fetch credits | filters |
| GET | /api/v1/admin/accounts/fetchcreditstransactions |
Admin (accounts) | Fetch credit transactions | filters |
routes/admin/maintenanceManagement.routes.js — mounted at /api/v1/admin/maintenance¶
Router-wide auth + authorizeRoles(SUPER, MAINTENANCE, HOUSEKEEPING, ELECTRICAL).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/admin/maintenance/fetch/:department |
Admin (maintenance) | Maintenance report by department | :department |
| PUT | /api/v1/admin/maintenance/update |
Admin (maintenance) | Update a maintenance request | id, status |
| GET | /api/v1/admin/maintenance/housekeeping/deep-cleaning/status |
Admin (maintenance) | Deep-cleaning status | filters |
| POST | /api/v1/admin/maintenance/housekeeping/deep-cleaning/done |
Admin (maintenance) | Mark deep-cleaning done | room / date |
| POST | /api/v1/admin/maintenance/housekeeping/deep-cleaning/interval |
Admin (maintenance) | Update deep-cleaning interval | interval |
routes/admin/bookingManagement.routes.js — mounted at /api/v1/admin/bookings¶
Router-wide auth + authorizeRoles(OFFICE, SUPER, ROOM).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| PUT | /api/v1/admin/bookings/cancel/:type/:bookingid |
Admin (office/super/room) | Cancel a booking of a given type | :type, :bookingid |
routes/admin/location.routes.js — mounted at /api/v1/admin/location¶
Note: app.js mounts the client location router (routes/client/location.routes.js) at /api/v1/admin/location; the file routes/admin/location.routes.js exists but is not imported/mounted (dead code). The live endpoints are therefore identical to the client location routes, and are Public (no auth).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/admin/location/ |
Public | Add / seed location data | payload |
| GET | /api/v1/admin/location/countries |
Public | List countries | — |
| GET | /api/v1/admin/location/states/:country |
Public | List states | :country |
| GET | /api/v1/admin/location/cities/:country/:state |
Public | List cities | :country, :state |
| GET | /api/v1/admin/location/centres |
Public | List centres | — |
routes/admin/utsavManagement.routes.js — mounted at /api/v1/admin/utsav¶
Exports two routers, both mounted at /api/v1/admin/utsav: utsavPublicRouter (no auth) and utsavAdminRouter (auth + authorizeRoles(UTSAV, SUPER, PRA_ACCOUNTS, ACCOUNTS, UTSAV_READ_ONLY, UTSAV_ADMIN_RAJ)). Some routes accept an Excel upload (multer, file).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/admin/utsav/utsavCheckin |
Public | Check in an attendee at an utsav | cardno / booking |
| POST | /api/v1/admin/utsav/issue/:cardno |
Public | Issue a plate/item to a card at utsav | :cardno |
| POST | /api/v1/admin/utsav/create |
Admin (utsav) | Create an utsav | utsav details |
| POST | /api/v1/admin/utsav/package |
Admin (utsav) | Add an utsav package | package payload |
| POST | /api/v1/admin/utsav/package/bulk |
Admin (utsav) | Add utsav packages in bulk | list |
| POST | /api/v1/admin/utsav/booking |
Admin (UTSAV, SUPER, PRA_ACCOUNTS, ACCOUNTS) | Create an utsav booking on behalf of a user | booking payload |
| PUT | /api/v1/admin/utsav/update/:id |
Admin (utsav) | Update an utsav | :id |
| PUT | /api/v1/admin/utsav/updatepackage/:id |
Admin (utsav) | Update an utsav package | :id |
| GET | /api/v1/admin/utsav/bookings |
Admin (utsav) | Fetch utsav bookings | filters |
| GET | /api/v1/admin/utsav/volunteer |
Admin (utsav) | Fetch utsav bookings (volunteer view) | filters |
| GET | /api/v1/admin/utsav/fetchpackage |
Admin (utsav) | Fetch all packages | — |
| GET | /api/v1/admin/utsav/fetchPackagesByUtsav |
Admin (utsav) | Fetch packages by utsav | utsav id |
| GET | /api/v1/admin/utsav/fetch |
Admin (utsav) | Fetch all utsavs | — |
| GET | /api/v1/admin/utsav/fetchUtsav |
Admin (utsav) | Fetch utsavs by location | location |
| GET | /api/v1/admin/utsav/fetch/:id |
Admin (utsav) | Fetch a single utsav | :id |
| GET | /api/v1/admin/utsav/fetchpackage/:id |
Admin (utsav) | Fetch a single package | :id |
| PUT | /api/v1/admin/utsav/:id/:activate |
Admin (utsav) | Activate / deactivate an utsav | :id, :activate |
| PUT | /api/v1/admin/utsav/status |
Admin (utsav) | Update utsav booking status | bookingid, status |
| GET | /api/v1/admin/utsav/fetchList |
Admin (utsav) | Fetch utsav list (dropdown) | — |
| GET | /api/v1/admin/utsav/utsavCheckinReport |
Admin (utsav) | Utsav check-in report | utsav id |
| POST | /api/v1/admin/utsav/uploadRoomNo |
Admin (utsav) | Upload room numbers via Excel | file |
| PUT | /api/v1/admin/utsav/updateRoomNo |
Admin (utsav) | Update a room number | bookingid, roomno |
| GET | /api/v1/admin/utsav/fetchVolunteerOptions |
Admin (utsav) | Fetch volunteer options | — |
| GET | /api/v1/admin/utsav/pre_event_room_occupancy |
Admin (utsav) | Pre-event room occupancy report | utsav id |
| GET | /api/v1/admin/utsav/post_event_room_occupancy |
Admin (utsav) | Post-event room occupancy report | utsav id |
| GET | /api/v1/admin/utsav/utsav-feedback |
Admin (utsav) | Fetch utsav feedbacks | utsav id |
routes/admin/avtManagement.routes.js — mounted at /api/v1/admin/avt¶
Router-wide auth + authorizeRoles(AVT, SUPER).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/admin/avt/getAll |
Admin (avt) | List all cards (AVT view) | — |
| GET | /api/v1/admin/avt/search/:name |
Admin (avt) | Search cards by name (AVT view) | :name |
routes/admin/wifiManagement.routes.js — mounted at /api/v1/admin/wifi¶
Router-wide auth + authorizeRoles(SUPER, WIFI). Several routes accept an Excel upload (multer, file).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/admin/wifi/uploadcode |
Admin (wifi) | Upload temporary WiFi codes (Excel) | file |
| GET | /api/v1/admin/wifi/wifirecords |
Admin (wifi) | Fetch WiFi records | filters |
| GET | /api/v1/admin/wifi/permanent/portal-export |
Admin (wifi) | Export permanent WiFi codes for the portal | filters |
| GET | /api/v1/admin/wifi/permanent |
Admin (wifi) | Fetch permanent-code requests | filters |
| PUT | /api/v1/admin/wifi/permanent/:requestId |
Admin (wifi) | Approve/update a permanent-code request | :requestId |
| POST | /api/v1/admin/wifi/uploadpercode |
Admin (wifi) | Upload permanent WiFi codes (Excel) | file |
| POST | /api/v1/admin/wifi/insertpercode |
Admin (wifi) | Insert permanent WiFi codes from Excel | file |
| POST | /api/v1/admin/wifi/manual |
Admin (wifi) | Add a permanent code manually | code details |
| GET | /api/v1/admin/wifi/generate-username |
Admin (wifi) | Generate a WiFi username | — |
routes/admin/coordinatorAuth.routes.js — mounted at /api/v1/coordinator¶
No router-level middleware. send-otp / verify-otp are Public (OTP login flow); dashboard / boarding-status verify a Coordinator JWT in the controller (jwt.verify on Authorization header) and check the caller is the assigned coordinator.
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/coordinator/send-otp |
Public | Send an OTP to a coordinator's phone | mobno |
| POST | /api/v1/coordinator/verify-otp |
Public | Verify OTP and issue a coordinator token | mobno, otp |
| GET | /api/v1/coordinator/dashboard |
Coordinator JWT | Fetch the coordinator's dashboard (assigned bus/passengers) | — |
| PUT | /api/v1/coordinator/boarding-status |
Coordinator JWT | Update a passenger's boarding status | bookingid, status |
routes/admin/shortLink.routes.js — mounted at /api/v1/short-links¶
Router-wide auth. POST / PUT / DELETE gate on a broad set of admin roles (SUPER, ACCOUNTS, ROOM, CARD, OFFICE, FOOD, ADHYAYAN, TRAVEL, UTSAV, AVT, WIFI); GET /:type checks type-specific roles via TYPE_ROLE_MAP. Fine-grained authorization is done in the controller.
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| POST | /api/v1/short-links/ |
Admin (any of broad role set) | Create a short link | type, target |
| GET | /api/v1/short-links/:type |
Admin (type-specific roles) | Fetch short links by type | :type |
| PUT | /api/v1/short-links/:id |
Admin (any of broad role set) | Update a short link | :id |
| DELETE | /api/v1/short-links/:id |
Admin (any of broad role set) | Delete a short link | :id |
routes/admin/redirect.routes.js — mounted at / (root)¶
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /go/:slug |
Public | Resolve and redirect a short-link slug | :slug |
WiFi APIs¶
routes/wifi/wifi.routes.js — mounted at /api/v1/wifi¶
Per-route validateCard (Client JWT). Backs the app's WiFi self-service (temporary and permanent codes).
| Method | Full path | Auth | Purpose | Key params/body |
|---|---|---|---|---|
| GET | /api/v1/wifi/ |
Client JWT | Fetch the user's temporary WiFi codes | — |
| GET | /api/v1/wifi/generate |
Client JWT | Generate a temporary WiFi code | — |
| POST | /api/v1/wifi/permanent |
Client JWT | Request a permanent WiFi code | device / details |
| GET | /api/v1/wifi/permanent |
Client JWT | Fetch the user's permanent WiFi codes | — |
| POST | /api/v1/wifi/permanent/reset |
Client JWT | Reset a permanent WiFi code | code id |
Notes¶
- Total endpoints indexed: 250 (Client 55 · Admin 190 · WiFi 5), plus 2 root/health endpoints defined in
app.js. - Deprecated endpoints:
POST /api/v1/unified/bookingandPOST /api/v1/unified/validatealways return HTTP 410.POST /api/v1/stay/flatandPOST /api/v1/guest/flatare marked deprecated in favor of unified booking but still function. - Dead code:
routes/admin/location.routes.jsis never imported;/api/v1/admin/locationis served by the client location router. - Commented-out legacy WiFi controller (
getPassword,generatePassword,deletePermanentCode) remains at the top ofwifi.routes.jsbut is inactive. admin/utsavis unusual:app.jsmounts a public router and an authenticated router at the same base path (/api/v1/admin/utsav), soutsavCheckinandissue/:cardnoare reachable without auth.