Skip to main content

Endpoint

DELETE /api/menu/:id

Authentication

This endpoint requires authentication and store employee authorization.
Only the owner of the store that owns this menu item can delete it. This action is permanent and cannot be undone.

Request

Path parameters

id
string
required
MongoDB ObjectId of the menu item to delete

Headers

Authorization
string
required
Bearer token for authentication

Response

success
boolean
Indicates if the request was successful
message
string
Human-readable message describing the result
Unlike create and update endpoints, the delete endpoint does not return the deleted item data.

Examples

curl -X DELETE https://api.campusbite.com/api/menu/507f1f77bcf86cd799439011 \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Success response (200)

{
  "success": true,
  "message": "Menu item deleted successfully."
}

Error responses

404 - Menu item not found

{
  "success": false,
  "message": "Menu item not found."
}
This error can occur if the menu item has already been deleted or if the ID is invalid.

403 - Not authorized

This error occurs when you try to delete a menu item that belongs to another store.
{
  "success": false,
  "message": "You are not authorized to delete this menu item."
}

401 - Unauthorized

{
  "success": false,
  "message": "Authentication required."
}

Authorization logic

The endpoint performs the following authorization checks:
  1. Verifies the user is authenticated
  2. Verifies the user has the store_employee role
  3. Finds the menu item by ID and populates the store’s owner_id
  4. Compares the authenticated user’s ID with the store’s owner_id
  5. Only proceeds with deletion if they match
This ensures that only the actual store owner can delete their menu items.

Build docs developers (and LLMs) love

Get started for freeTalk to us