Your first request
No login needed for the health check.
1. Health check
curl http://localhost:3000/healthExpected:
{ "status": "ok" }If this fails, the server is not running or the port is wrong (PORT in .env, default 3000).
2. What a protected request looks like
Most student APIs need a header:
Authorization: Bearer <access_token>
Content-Type: application/jsonWithout it, middleware returns 401 with JSON like:
{ "error": "Missing or invalid Authorization header" }3. API prefix map (from index.ts)
| Prefix | Router file | Who uses it |
|---|---|---|
/api/v1/auth | auth.route.ts | Login, refresh, logout |
/api/v1/users | user.route.ts, notification.route.ts | Logged-in student |
/api/v1/admin | admin.route.ts, … | Staff dashboard |
/api/v1/practice-pyq | practice-pyq-public.routes.ts | PYQ practice |
/api/v1/practice-yt | same file, second router | YouTube practice |
/api/v1/current-affairs | current-affairs-public.routes.ts | CA reader + revision |
/api/v1/... | timestamps.route.ts | Video timestamps |
/internal/notifications | notification.route.ts | Cloudflare Worker + secret key |
Full URL = prefix + path inside the route file.
Example: if auth.route.ts defines POST /google, the full path is
POST /api/v1/auth/google.
4. Where errors go
- 401 — Not logged in or bad token (
auth.middleware.ts) - 403 — Logged in but not allowed (admin middleware)
- 400 — Bad JSON / failed Zod validation
- 500 — Unhandled exception;
index.tsonErrorreturns generic message
Always check the JSON error field in responses during development.
Last updated on