Project Overview
This project is built as a backend-focused assessment for Zorvyn. It demonstrates a role-based finance management system with multiple APIs. Users can manage transactions, view summaries, and control access for viewers and managers. The platform showcases secure, scalable backend architecture with real-world features.
Key Features
- JWT-based authentication for secure API access
- Role-based protected routes with proper authorization
- Rate limiting applied on login (5 requests per minute)
- Soft delete feature implementation just for transactions
- Input validation for user registration
- Pagination implemented for transaction APIs
- Search functionality for admin to find users
- Proper HTTP status codes including forbidden access handling
- Role-based system: User, Viewer, Manager, Admin
- User can create, update, delete, and filter transactions
- User can view summaries: net balance, income, expenses, category-wise
- User can add multiple viewers to allow read-only access to their transactions
- Viewer can see transactions of users who added them and view summaries
- Manager can view and analyze transactions of assigned users
- Admin can assign managers to viewers, manage users, and monitor unassigned accounts
API Documentation Playground
Authentication APIs
Register new User with new email
Use this endpoint to create a new user account. Provide name, email, and password. Email should be completely new
https://backend-assessment-u4zg.onrender.com/api/auth/registerRegister new User with exsting email
If exsting email is used, it will return message 'Email already exists'
https://backend-assessment-u4zg.onrender.com/api/auth/registerSuccessful Login
Use this endpoint to login a user with email and password. Returns an authentication token on success.
https://backend-assessment-u4zg.onrender.com/api/auth/loginLogin with Invalid Password
If login password is wrong, it returns 'Invalid Password'
https://backend-assessment-u4zg.onrender.com/api/auth/loginLogin with non existent email
If login email doesn't exist, it returns 'user not found'
https://backend-assessment-u4zg.onrender.com/api/auth/loginChange Password Successfully
Use this endpoint to change a user's password. Provide oldPassword and newPassword.
https://backend-assessment-u4zg.onrender.com/api/auth/change-passwordChange Password - Old Password Incorrect
If old password is incorrect, it returns 'Old password is incorrect'
https://backend-assessment-u4zg.onrender.com/api/auth/change-passwordChange Password - Current password and old password are same
If new password is the same as the old password, it returns 'New password cannot be the same as old password'
https://backend-assessment-u4zg.onrender.com/api/auth/change-passwordGet Role
Use this endpoint to get the role of the currently authenticated user.
https://backend-assessment-u4zg.onrender.com/api/auth/getroleGet My Info
Use this endpoint to get all information about the currently authenticated user.
https://backend-assessment-u4zg.onrender.com/api/auth/getmyinfoUser Access APIs
Get All Transactions - USER
User sees its all transactions
https://backend-assessment-u4zg.onrender.com/api/transactionsCreate Transaction - ONLY USER CAN
Use this endpoint to create a new transaction for the authenticated user.
https://backend-assessment-u4zg.onrender.com/api/transactionsAdd Viewer
Use this endpoint to add a new viewer by email for the user by user.
https://backend-assessment-u4zg.onrender.com/api/users/add-viewerAdd Viewer - Already added viewer case
If Viewer is already added for that user, it cannot be added again.
https://backend-assessment-u4zg.onrender.com/api/users/add-viewerAdd Viewer - Cannot add Manager, USER & Admin as Viewer
Manager, USER & Admin cannot be added as Viewer for any user.
https://backend-assessment-u4zg.onrender.com/api/users/add-viewerGet Viewers - USER
Use this endpoint to fetch all viewers of the user.
https://backend-assessment-u4zg.onrender.com/api/users/viewersGet Summary
Use this endpoint to fetch the summary of transactions (income, expense, net balance) for the authenticated user.
https://backend-assessment-u4zg.onrender.com/api/summary/getsummaryGet Category Summary
Use this endpoint to fetch the summary of transactions grouped by category for the authenticated user.
https://backend-assessment-u4zg.onrender.com/api/summary/get-categories-summaryUpdate Transaction - Authorized cases
Update your own transaction. Only the owner can update it. You can change amount, type, category, note, or date.
https://backend-assessment-u4zg.onrender.com/api/transactions/69d4ad026619648116a37f49Update Transaction - Unauthorized cases
ADMIN, MANAGER, VIEWER can not update any transaction. USER can only update their own transaction.
https://backend-assessment-u4zg.onrender.com/api/transactions/69d4ad026619648116a37f49Delete Transaction - User can only delete their own transaction
Soft delete your own transaction. Only the owner can delete a transaction. Provide the transaction ID in the endpoint.
https://backend-assessment-u4zg.onrender.com/api/transactions/69d4ccecd0a649bf5cb59c44Delete Transaction - Unauthorized cases
ADMIN, MANAGER, VIEWER can not delete any transaction. USER can only delete their own transaction.
https://backend-assessment-u4zg.onrender.com/api/transactions/69d4ccecd0a649bf5cb59c44Get Paginated Transactions
Fetch transactions with pagination. Provide page number and limit as query parameters. Example: /transactions/paginated?page=1&limit=10
https://backend-assessment-u4zg.onrender.com/api/transactions/paginated?page=1&limit=10Viewer Access APIs
Get All Transactions - VIEWER
Viewer sees all transactions of the user it is added to
https://backend-assessment-u4zg.onrender.com/api/transactionsCreate Transaction - ADMIN VIEWER, MANAGER cannot create transaction
Use this endpoint to create a new transaction for the authenticated user.
https://backend-assessment-u4zg.onrender.com/api/transactionsGet Category Summary of all assigned users
Use this endpoint to fetch the summary of transactions grouped by category for all users assigned to the Viewer.
https://backend-assessment-u4zg.onrender.com/api/summary/get-categories-summaryCategory Summary By User - Viewer
Use this endpoint to fetch the summary of transactions grouped by category for a specific viewer user. This endpoint is accessible to manager users and provides insights into the spending habits of individual viewers.
https://backend-assessment-u4zg.onrender.com/api/summary/get-categories-summary-by-userAssigned Users - Viewer
Use this endpoint to fetch all users who have granted access to the logged-in viewer.
https://backend-assessment-u4zg.onrender.com/api/users/assigned-usersManager Access APIs
Get All Transactions - MANAGER
Manager sees all transactions of all users assigned
https://backend-assessment-u4zg.onrender.com/api/transactionsCreate Transaction - ADMIN VIEWER, MANAGER cannot create transaction
Use this endpoint to create a new transaction for the authenticated user.
https://backend-assessment-u4zg.onrender.com/api/transactionsGet Deleted Transactions - Manager
Manager can fetch deleted transactions of assigned users only.
https://backend-assessment-u4zg.onrender.com/api/transactions/deletedGet Viewers - Manager
Use this endpoint to fetch all viewers of the manager's users.
https://backend-assessment-u4zg.onrender.com/api/users/viewersGet Category Summary of all assigned users
Use this endpoint to fetch the summary of transactions grouped by category for all users assigned to the Manager.
https://backend-assessment-u4zg.onrender.com/api/summary/get-categories-summaryCategory Summary By User - Manager
Use this endpoint to fetch the summary of transactions grouped by category for a specific viewer user.
https://backend-assessment-u4zg.onrender.com/api/summary/get-categories-summary-by-userAdmin Access APIs
Get All Transactions - ADMIN
Admin sees all transactions of all users
https://backend-assessment-u4zg.onrender.com/api/transactionsCreate Transaction - ADMIN VIEWER, MANAGER cannot create transaction
Use this endpoint to create a new transaction for the authenticated user.
https://backend-assessment-u4zg.onrender.com/api/transactionsGet Deleted Transactions - Admin
Admin can fetch all deleted transactions for all users.
https://backend-assessment-u4zg.onrender.com/api/transactions/deletedGet Category Summary of all assigned users
Use this endpoint to fetch the summary of transactions grouped by category for all users assigned to the Manager.
https://backend-assessment-u4zg.onrender.com/api/summary/get-categories-summaryCategory Summary By User - Admin
Use this endpoint to fetch the summary of transactions grouped by category for a specific viewer user. This endpoint is accessible to admin users and provides insights into the spending habits of individual viewers.
https://backend-assessment-u4zg.onrender.com/api/summary/get-categories-summary-by-userGet All Users
Fetch all users with role USER (Admin only)
https://backend-assessment-u4zg.onrender.com/api/admin/getallusersGet Users Without Manager
Fetch users who are not assigned to any manager
https://backend-assessment-u4zg.onrender.com/api/admin/get-users-without-managerCreate Manager
Create a new manager account (Admin only)
https://backend-assessment-u4zg.onrender.com/api/admin/create-managerAssign Manager
Assign a manager to a user (Admin only)
https://backend-assessment-u4zg.onrender.com/api/admin/assign-managerAssign Manager - Cannot assign multiple managers to a user
Can not assign two or more managers to a user. If a user already has a manager.
https://backend-assessment-u4zg.onrender.com/api/admin/assign-managerGet All Managers
Fetch all users with role MANAGER
https://backend-assessment-u4zg.onrender.com/api/admin/getallmanagersGet Managers With Users
Fetch all managers along with their assigned users
https://backend-assessment-u4zg.onrender.com/api/admin/get-managers-with-usersSearch Users
Search users by name or email (partial match, admin only)
https://backend-assessment-u4zg.onrender.com/api/admin/search-users?query=pr