Skip to main content

Overview

The Users API provides endpoints for managing user accounts in the Library Management System. It includes both user self-service endpoints and administrative endpoints for managing all users.

Base URLs

User Self-Service: 
/api/users
Administrative: 
/api/management/users

Authentication

All user management endpoints require authentication via JWT token. The token must be included in the Authorization header: 
Authorization: Bearer <your_jwt_token>

Role-Based Access Control

User endpoints implement role-based access control:
  • User Self-Service (/api/users/*): Available to all authenticated users
    • Users can view and edit their own profile
    • Users can view public profiles of other users
  • Administrative (/api/management/users/*): Requires ADMIN role
    • Full access to all user management operations (list, create, read, update, delete)
Users without the required role will receive a 403 Forbidden response.

Available Roles

The system supports two user roles:
  • MEMBER: Standard user with basic access
  • ADMIN: Administrator with full system access

Response Format

All endpoints return responses wrapped in a standard ApiResponse object: 
{
  "success": true,
  "timestamp": "2026-03-03T10:30:00Z",
  "data": {
    // Response data here
  }
}
For error responses: 
{
  "success": false,
  "timestamp": "2026-03-03T10:30:00Z",
  "error": {
    "code": "ERROR_CODE",
    "message": "Error description"
  }
}

User Self-Service Endpoints

Get My Profile

View your own profile with email and roles

Edit My Profile

Update your first and last name

Get Public Profile

View another user’s public profile

Administrative Endpoints

List Users

Retrieve a paginated list of all users (ADMIN)

Get User

Retrieve details of a specific user by ID (ADMIN)

Create User

Create a new user account (ADMIN)

Update User

Update an existing user’s information (ADMIN)

Delete User

Delete a user from the system (ADMIN)

Common Error Responses

401 Unauthorized

Returned when the JWT token is missing, invalid, or expired. 
{
  "success": false,
  "timestamp": "2026-03-03T10:30:00Z",
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required"
  }
}

403 Forbidden

Returned when the authenticated user lacks the required ADMIN role. 
{
  "success": false,
  "timestamp": "2026-03-03T10:30:00Z",
  "error": {
    "code": "FORBIDDEN",
    "message": "Access denied"
  }
}

404 Not Found

Returned when the requested user does not exist. 
{
  "success": false,
  "timestamp": "2026-03-03T10:30:00Z",
  "error": {
    "code": "USER_NOT_FOUND",
    "message": "User not found with id: 123"
  }
}

Build docs developers (and LLMs) love

Get started for freeTalk to us