API Endpoints

Complete reference for all backend API endpoints. The source of truth is server/src/routes/healthDashboard.routes.ts, which maintains a machine-readable inventory with implementation status.

STATUS: BUILT

130+ endpoints across 20 modules. The live health dashboard at /api/portal/health/dashboard shows real-time implementation status.

Base URL

All endpoints are prefixed with /api/portal. In development:

http://localhost:8000/api/portal

Authentication

Most endpoints require a JWT access token in the Authorization header:

Authorization: Bearer <accessToken>

Token lifecycle:

Access token expires in 15 minutes (configurable via JWT_ACCESS_EXPIRY)
Refresh token expires in 7 days (configurable via JWT_REFRESH_EXPIRY)
Use POST /auth/refresh with the refresh token to get a new token pair

Status Legend

Status	Meaning
Live	Fully implemented with Prisma database queries
Partial	Functional but with noted limitations
Stub	Returns mock data or 501 (not yet implemented)

Auth (13 endpoints)

Method	Path	Auth	Status	Description
POST	`/auth/register`	--	Live	Register a new user
POST	`/auth/login`	--	Live	Login with email + password
POST	`/auth/refresh`	--	Live	Refresh access token
POST	`/auth/logout`	--	Live	Revoke refresh token
POST	`/auth/google`	--	Stub	Google OAuth (returns 501)
POST	`/auth/apple`	--	Stub	Apple Sign-In (returns 501)
POST	`/auth/forgot-password`	--	Partial	Reset request (no email sending)
POST	`/auth/reset-password`	--	Live	Reset password with token
POST	`/auth/change-password`	Auth	Live	Change password
POST	`/auth/verify-otp`	--	Stub	Verify OTP (always succeeds)
POST	`/auth/resend-otp`	--	Stub	Resend OTP (always succeeds)
POST	`/auth/send-verification`	Auth	Partial	Request email verify (no email)
POST	`/auth/verify-email`	--	Live	Verify email with token

Users (11 endpoints)

Method	Path	Auth	Status	Description
GET	`/users/me`	Auth	Live	Get current user profile
PUT	`/users/me`	Auth	Live	Update profile
PUT	`/users/me/settings`	Auth	Live	Update notification settings
PUT	`/users/me/password`	Auth	Live	Change password
DELETE	`/users/me`	Auth	Live	Request account deletion
GET	`/users/me/deletion-status`	Auth	Live	Check deletion status
POST	`/users/me/cancel-deletion`	Auth	Live	Cancel deletion request
POST	`/users/me/data-export`	Auth	Live	Request data export (GDPR)
GET	`/users/me/export-status`	Auth	Live	Check export status
GET	`/users/me/export-history`	Auth	Live	Get past export requests
GET	`/users/:id`	Auth	Live	Get user by ID

Challenges (9 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/challenges`	Optional	Live	List challenges (paginated)
GET	`/v2/challenges/categories`	--	Live	Get challenge categories
GET	`/v2/challenges/:id`	Optional	Live	Get challenge by ID
GET	`/v2/challenges/:id/discussion`	--	Live	Get discussion posts
POST	`/v2/challenges`	Auth	Live	Create a challenge
PUT	`/v2/challenges/:id`	Auth	Live	Update a challenge
POST	`/v2/challenges/:id/start`	Auth	Live	Start a challenge
POST	`/v2/challenges/:id/submit-for-review`	Auth	Live	Submit for verification
POST	`/v2/challenges/:id/discussion`	Auth	Live	Create discussion post

User Challenges (4 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/my-challenges`	Auth	Live	List user's challenges
GET	`/v2/my-challenges/stats`	Auth	Live	Challenge completion stats
GET	`/v2/my-challenges/status-map`	Auth	Live	Challenge status map
PUT	`/v2/my-challenges/:id/status`	Auth	Live	Update challenge status

Track Records (8 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/track-records/:id`	Auth	Live	Get track record
POST	`/v2/track-records/:id/entries`	Auth	Live	Add entry
PUT	`/v2/track-records/:id/entries/:entryId`	Auth	Live	Update entry
POST	`/v2/track-records/:id/entries/:entryId/media`	Auth	Live	Add media to entry
POST	`/v2/track-records/:id/submit`	Auth	Live	Submit for verification
POST	`/v2/track-records/:id/verify`	Auth	Live	Verify track record
POST	`/v2/track-records/:id/entries/:entryId/vote`	Auth	Live	Vote on entry
POST	`/v2/track-records/:id/entries/:entryId/comments`	Auth	Live	Comment on entry

Gamification (5 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/gamification/badges`	--	Live	List all badges
GET	`/v2/gamification/badges/earned`	Auth	Live	Get user's earned badges
GET	`/v2/gamification/leaderboard`	--	Live	Get leaderboard
GET	`/v2/gamification/stats`	Auth	Live	Get user's XP stats
GET	`/v2/gamification/xp-history`	Auth	Live	Get XP event history

Explore (8 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/explore`	Optional	Live	Get explore page data
GET	`/v2/explore/search`	Optional	Live	Search challenges
GET	`/v2/explore/saved`	Auth	Live	Get saved challenges
POST	`/v2/explore/saved`	Auth	Live	Save a challenge
DELETE	`/v2/explore/saved/:challengeId`	Auth	Live	Remove saved challenge
POST	`/v2/explore/dealers-choice/deal`	Auth	Live	Deal random challenges
POST	`/v2/explore/dealers-choice/select`	Auth	Live	Select a dealt challenge
POST	`/v2/explore/dealers-choice/pass`	Auth	Live	Pass on dealt challenges

Learning Paths (3 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/learning-paths`	Auth	Live	List learning paths
GET	`/v2/learning-paths/:id`	Auth	Live	Get path details
POST	`/v2/learning-paths/:id/enroll`	Auth	Live	Enroll in path

Schools (29 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/schools/me`	Auth	Live	Get user's school
GET	`/v2/schools/:id`	Auth	Live	Get school details
GET	`/v2/schools/:id/classes`	Auth	Live	List classes
POST	`/v2/schools/:id/classes`	Auth+Role	Live	Create class
PUT	`/v2/schools/:id/classes/:classId`	Auth+Role	Live	Update class
GET	`/v2/schools/:id/classes/:classId/stats`	Auth	Live	Class statistics
GET	`/v2/schools/:id/roster`	Auth	Live	Student roster
POST	`/v2/schools/:id/roster`	Auth+Role	Live	Add student
POST	`/v2/schools/:id/roster/import`	Auth+Role	Live	Bulk import roster
DELETE	`/v2/schools/:id/roster/:studentId`	Auth+Role	Live	Remove student
PUT	`/v2/schools/:id/roster/:studentId/suspend`	Auth+Role	Live	Suspend student
PUT	`/v2/schools/:id/roster/:studentId/reinstate`	Auth+Role	Live	Reinstate student
GET	`/v2/schools/:id/teachers`	Auth	Live	Teacher roster
POST	`/v2/schools/:id/teachers`	Auth+Role	Live	Add teacher
GET	`/v2/schools/:id/assignments`	Auth	Live	List assignments
POST	`/v2/schools/:id/assignments`	Auth+Role	Live	Create assignment
GET	`/v2/schools/assignments/:id/progress`	Auth	Live	Assignment progress
PUT	`/v2/schools/assignments/:id`	Auth+Role	Live	Update assignment
GET	`/v2/schools/:id/grades`	Auth	Live	List grade levels
POST	`/v2/schools/:id/grades`	Auth+Role	Live	Create grade level
PUT	`/v2/schools/:id/grades/:gradeId`	Auth+Role	Live	Update grade level
DELETE	`/v2/schools/:id/grades/:gradeId`	Auth+Role	Live	Delete grade level
GET	`/v2/schools/:id/surveys`	Auth	Live	List surveys
POST	`/v2/schools/:id/surveys`	Auth+Role	Live	Create survey
PUT	`/v2/schools/:id/surveys/:surveyId`	Auth+Role	Live	Update survey
DELETE	`/v2/schools/:id/surveys/:surveyId`	Auth+Role	Live	Delete survey
GET	`/v2/schools/:id/purchase-requests`	Auth	Live	List purchase requests
POST	`/v2/schools/:id/purchase-requests`	Auth	Live	Create purchase request
PUT	`/v2/schools/:id/purchase-requests/:requestId/review`	Auth+Role	Live	Review request

Vendor (7 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/vendor/profile`	Auth	Live	Get vendor profile
PUT	`/v2/vendor/profile`	Auth	Live	Update vendor profile
POST	`/v2/vendor/onboarding`	Auth	Live	Submit onboarding
GET	`/v2/vendor/challenges`	Auth	Live	Get vendor's challenges
GET	`/v2/vendor/analytics`	Auth	Live	Vendor analytics
POST	`/v2/vendor/events`	Auth	Live	Create event
POST	`/v2/vendor/team/invite`	Auth	Live	Invite team member

Gifts (5 endpoints)

Method	Path	Auth	Status	Description
POST	`/v2/gifts`	Auth	Live	Send a gift
GET	`/v2/gifts`	Auth	Live	List gifts
POST	`/v2/gifts/:id/accept`	Auth	Live	Accept gift
POST	`/v2/gifts/:id/decline`	Auth	Live	Decline gift
DELETE	`/v2/gifts/:id`	Auth	Live	Cancel gift

Invitations (4 endpoints)

Method	Path	Auth	Status	Description
POST	`/v2/invitations`	Auth	Live	Create invitation
GET	`/v2/invitations`	Auth	Live	List invitations
POST	`/v2/invitations/:id/respond`	Auth	Live	Respond to invitation
DELETE	`/v2/invitations/:id`	Auth	Live	Cancel invitation

Admin (15 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/admin/users`	Admin	Live	List all users
GET	`/v2/admin/users/:id`	Admin	Live	Get user detail
PUT	`/v2/admin/users/:id`	Admin	Live	Update user
GET	`/v2/admin/challenges/approval-queue`	Admin	Live	Pending approvals
POST	`/v2/admin/challenges/:id/approve`	Admin	Live	Approve challenge
GET	`/v2/admin/flagged-content`	Admin	Live	Flagged content
POST	`/v2/admin/flagged-content/:id/resolve`	Admin	Live	Resolve flag
GET	`/v2/admin/audit-logs`	Admin	Stub	Audit logs (empty)
GET	`/v2/admin/vendors`	Admin	Live	List vendors
POST	`/v2/admin/vendors/:id/approve`	Admin	Live	Approve vendor
GET	`/v2/admin/analytics`	Admin	Live	Platform analytics
GET	`/v2/admin/schools`	Admin	Live	List schools
GET	`/v2/admin/reviews`	Admin	Live	List reviews
GET	`/v2/admin/orders`	Admin	Live	List orders
POST	`/v2/admin/coupons`	Admin	Live	Create coupon

Notifications (5 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/notifications`	Auth	Live	Get notifications
PUT	`/v2/notifications/:id/read`	Auth	Live	Mark as read
PUT	`/v2/notifications/read-all`	Auth	Live	Mark all as read
GET	`/v2/notifications/preferences`	Auth	Live	Get preferences
PUT	`/v2/notifications/preferences`	Auth	Live	Update preferences

Portfolios (4 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/portfolios`	Auth	Live	List portfolios
POST	`/v2/portfolios`	Auth	Live	Create portfolio
PUT	`/v2/portfolios/:id`	Auth	Live	Update portfolio
GET	`/v2/portfolios/:id`	Auth	Live	Get portfolio

Reflections (9 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/reflections/prompts`	Auth	Live	List prompts
POST	`/v2/reflections/prompts`	Auth	Live	Create prompt
PUT	`/v2/reflections/prompts/:id`	Auth	Live	Update prompt
DELETE	`/v2/reflections/prompts/:id`	Auth	Live	Delete prompt
GET	`/v2/reflections/question-bank`	Auth	Live	Get question bank
GET	`/v2/reflections/responses`	Auth	Live	Get responses
POST	`/v2/reflections/responses`	Auth	Live	Submit response
GET	`/v2/reflections/user/:userId`	Auth	Live	Get user reflections
GET	`/v2/reflections/analytics`	Auth	Live	Reflection analytics

Payments (10 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/payments/methods`	Auth	Live	Get payment methods
POST	`/v2/payments/checkout`	Auth	Stub	Create checkout session
POST	`/v2/payments/create-intent`	Auth	Partial	Create payment intent
POST	`/v2/payments/confirm`	Auth	Live	Confirm payment
GET	`/v2/payments/status/:id`	Auth	Live	Get payment status
POST	`/v2/payments/calculate-tax`	Auth	Stub	Calculate tax (flat 8%)
GET	`/v2/payments/orders`	Auth	Live	List orders
GET	`/v2/payments/orders/:id`	Auth	Live	Get order detail
POST	`/v2/payments/orders/:id/refund`	Auth	Live	Request refund
POST	`/v2/payments/apply-coupon`	Auth	Live	Apply coupon

Communities (24 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/communities`	Optional	Live	List communities
POST	`/v2/communities`	Auth	Live	Create community
GET	`/v2/communities/:id`	Optional	Live	Get community
PUT	`/v2/communities/:id`	Auth	Live	Update community
POST	`/v2/communities/:id/join`	Auth	Live	Join community
POST	`/v2/communities/:id/leave`	Auth	Live	Leave community
GET	`/v2/communities/:id/members`	--	Live	Get members
PUT	`/v2/communities/:id/members/:userId`	Auth	Live	Update member role
GET	`/v2/communities/:id/feed`	--	Live	Get feed
POST	`/v2/communities/:id/feed`	Auth	Live	Create feed item
POST	`/v2/communities/feed-items/:id/like`	Auth	Live	Like feed item
POST	`/v2/communities/feed-items/:id/comments`	Auth	Live	Comment on feed
POST	`/v2/communities/:id/assignments`	Auth	Live	Create assignment
GET	`/v2/communities/:id/assignments`	--	Live	List assignments
POST	`/v2/communities/:id/goals`	Auth	Live	Create goal
GET	`/v2/communities/:id/goals`	--	Live	List goals
GET	`/v2/communities/:id/goals/:goalId`	--	Live	Get goal
PUT	`/v2/communities/:id/goals/:goalId`	Auth	Live	Update goal
POST	`/v2/communities/:id/goals/:goalId/join`	Auth	Live	Join goal
POST	`/v2/communities/:id/goals/:goalId/contribute`	Auth	Live	Contribute to goal
GET	`/v2/communities/:id/goals/:goalId/leaderboard`	--	Live	Goal leaderboard
POST	`/v2/communities/content-reports`	Auth	Live	Report content
POST	`/v2/communities/batch-share`	Auth	Live	Batch share
POST	`/v2/communities/:id/invite`	Auth	Live	Invite to community

Events (6 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/events`	Optional	Live	List events
GET	`/v2/events/my-registrations`	Auth	Live	My registrations
GET	`/v2/events/challenge/:challengeId`	--	Live	Events for challenge
GET	`/v2/events/:id`	Optional	Live	Get event
POST	`/v2/events/:id/register`	Auth	Live	Register for event
DELETE	`/v2/events/:id/register`	Auth	Live	Cancel registration

Onboarding (5 endpoints)

Method	Path	Auth	Status	Description
GET	`/v2/onboarding`	Auth	Partial	Get state (in-memory)
POST	`/v2/onboarding/init`	Auth	Partial	Initialize (in-memory)
POST	`/v2/onboarding/complete-step`	Auth	Partial	Complete step (in-memory)
POST	`/v2/onboarding/complete`	Auth	Partial	Finish onboarding (in-memory)
GET	`/v2/onboarding/guided-tour`	Auth	Live	Get guided tour config

System (1 endpoint)

Method	Path	Auth	Status	Description
GET	`/health`	--	Live	Health check

Request/Response Examples

Register

bash

curl -X POST http://localhost:8000/api/portal/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "MyPassword123!",
    "displayName": "Jane Doe",
    "dateOfBirth": "2000-01-15"
  }'

json

{
  "success": true,
  "data": {
    "user": {
      "id": "a1b2c3d4-...",
      "email": "user@example.com",
      "displayName": "Jane Doe",
      "role": "user",
      "accountTier": "standard"
    },
    "tokens": {
      "accessToken": "eyJhbG...",
      "refreshToken": "eyJhbG...",
      "expiresAt": "2026-02-14T12:15:00.000Z"
    }
  }
}

List Challenges

bash

curl http://localhost:8000/api/portal/v2/challenges?page=1&limit=10

json

{
  "success": true,
  "data": [
    {
      "id": "f5e6d7c8-...",
      "title": "Rock Climbing 101",
      "difficulty": "beginner",
      "baseXp": 100,
      "isFree": true,
      "status": "approved"
    }
  ],
  "pagination": {
    "page": 1,
    "limit": 10,
    "total": 42,
    "totalPages": 5,
    "hasMore": true
  }
}

Health Dashboard

When the server is running, visit the live HTML dashboard for a visual overview of all endpoint implementation status:

http://localhost:8000/api/portal/health/dashboard

The dashboard shows per-module coverage bars, filterable endpoint lists, and overall live/partial/stub counts.

API Endpoints ​

Base URL ​

Authentication ​

Status Legend ​

Auth (13 endpoints) ​

Users (11 endpoints) ​

Challenges (9 endpoints) ​

User Challenges (4 endpoints) ​

Track Records (8 endpoints) ​

Gamification (5 endpoints) ​

Explore (8 endpoints) ​

Learning Paths (3 endpoints) ​

Schools (29 endpoints) ​

Vendor (7 endpoints) ​

Gifts (5 endpoints) ​

Invitations (4 endpoints) ​

Admin (15 endpoints) ​

Notifications (5 endpoints) ​

Portfolios (4 endpoints) ​

Reflections (9 endpoints) ​

Payments (10 endpoints) ​

Communities (24 endpoints) ​

Events (6 endpoints) ​

Onboarding (5 endpoints) ​

System (1 endpoint) ​

Request/Response Examples ​

Register ​

List Challenges ​

Health Dashboard ​

See Also ​