Skip to main content

Welcome to DEMET Backend API

DEMET Backend is a robust and scalable REST API designed for comprehensive hotel reservation management. Built with modern technologies and best practices, it provides a complete solution for managing reservations, spaces, partners, rates, extras, and detailed reporting.
DEMET Backend follows a modular architecture with strict separation of concerns, making it maintainable, secure, and production-ready.

Key features

Authentication & authorization

Secure JWT-based authentication with access and refresh tokens stored in HTTP-only cookies. Role-based access control for Administrators and Management Assistants.

Reservation management

Complete CRUD operations for reservations with date validation, guest information tracking, and status management. Support for extras and custom pricing.

Space management

Manage hotel spaces with detailed information including capacity, pricing tiers (4-hour, 8-hour, extra time), descriptions, and image galleries.

Rate management

Flexible rate system supporting partner and non-partner pricing, time-based rates, and custom extra charges for additional hours.

Partner management

Track and manage hotel partners with contact information, email, and phone numbers for preferential booking rates.

Extras management

Add-on services and amenities that can be attached to reservations with quantity tracking and value calculation.

Reports & exports

Generate comprehensive Excel reports with ExcelJS. Export reservation data, occupancy reports, and financial summaries.

Email notifications

Automated email notifications using Nodemailer for reservation confirmations, updates, and administrative alerts.

Technology stack

DEMET Backend is built with industry-standard technologies to ensure performance, security, and scalability:
  • Node.js - JavaScript runtime environment for server-side execution
  • Express.js - Fast, minimalist web framework for building REST APIs
  • PostgreSQL - Advanced relational database with stored procedures for complex business logic
  • JWT (jsonwebtoken) - Secure token-based authentication with access and refresh token strategy
  • Bcrypt - Industry-standard password hashing with salt rounds
  • Zod - TypeScript-first schema validation for request data
  • Cookie Parser - Parse and manage HTTP-only cookies for secure token storage
  • Nodemailer - Email sending capabilities for notifications
  • ExcelJS - Generate and export Excel spreadsheets for reporting
  • Swagger/Scalar - Interactive API documentation and testing interface
  • CORS - Configured for secure cross-origin resource sharing

Architecture

The API follows a clean, layered architecture: 
source/
├── controller/        # Request handlers and response logic
├── routes/            # API endpoint definitions
├── service/           # Business logic and database operations
├── middleware/        # Authentication, authorization, and validation
├── validator/         # Zod schemas for request validation
├── lib/               # Database connection and utilities
├── util/
│   └── templates/     # Email and report templates
└── server.js          # Application entry point

//Routes para Empleados
app.use('/intern', AuthRoutes);
//Routes para Gestion Socios
app.use('/partner/', partnerRoutes)
//Routes para Gestion Espacios
app.use('/space/', spaceRoutes)
//Routes para Gestion Tarifas
app.use('/rate/', rateRoutes)
//Routes para Gestion Extras
app.use('/extra/', extraRoutes)
//Routes para Gestion Reservas
app.use('/reserve/', reserveRoutes)
//Route para Gestion Resquest
app.use('/request/', requestRoutes)
//Route para Gestion Reportes
app.use('/report/', reportRoutes)
//Route para Gestions Historial Reservas
app.use('/log/reserve/', logReserveRoutes)

Security features

DEMET Backend implements multiple layers of security:
1

Password hashing

All passwords are hashed using bcrypt with 8 salt rounds before storage
2

JWT authentication

Dual-token strategy with short-lived access tokens (1 hour) and long-lived refresh tokens (7 days)
3

HTTP-only cookies

Tokens are stored in HTTP-only, secure cookies to prevent XSS attacks
4

Role-based access control

Middleware verification ensures only authorized users can access protected endpoints
5

Input validation

All request data is validated using Zod schemas before processing
6

CORS configuration

Restricted origins and credentials support for secure cross-origin requests

API endpoints

The API is organized into the following main resource groups:
ResourceBase PathDescription
Authentication/internEmployee registration, login, logout, token refresh
Partners/partnerPartner management operations
Spaces/spaceHotel space management and availability
Rates/ratePricing and rate management
Extras/extraAdditional services and amenities
Reservations/reserveReservation CRUD operations
Requests/requestInternal request management
Reports/reportData export and reporting
Reservation Logs/log/reserveHistorical reservation tracking

Interactive documentation

DEMET Backend includes built-in API documentation powered by Scalar: 
http://localhost:3002/reference
The interactive documentation allows you to:
  • Explore all available endpoints
  • View request/response schemas
  • Test API calls directly from your browser
  • See authentication requirements
  • Copy code examples in multiple languages

Next steps

Quickstart

Get your development environment set up and make your first API call in minutes

Authentication

Learn how the JWT authentication system works and how to secure your requests

API reference

Explore the complete API reference with all endpoints and schemas

Build docs developers (and LLMs) love

Get started for freeTalk to us