API

Admin - User Management

Super-admin endpoints for managing users across the platform.

Base paths: GET /api/v1/users · PATCH /api/v1/admin/owners

Used by: admin-booki-web-app · Role: admin
organizationId: Not applicable (admin sees all)

Super-admin user management endpoints allow platform admins to list users and manage user statuses across the entire system.

GET `/api/v1/users` — List All Users

Auth: Protected (Authorization: Bearer <accessToken>) · admin
Used by: admin-booki-web-app · Role: admin
Description: Fetch all users across the platform.

Request

Query Parameters (optional):

page (number, default: 1)
limit (number, default: 10, max: 100)
search (string): Search by name or email
sort (string, default: _id)
order (string, default: desc): asc | desc

GET /api/v1/users?page=1&search=jane

Response (200 OK)

{
  "items": [
    {
      "_id": "507f1f77bcf86cd799439011",
      "email": "jane@bookisalon.com",
      "firstName": "Jane",
      "lastName": "Doe",
      "phone": "09161234567",
      "userType": "owner",
      "status": "active",
      "createdAt": "2025-12-01T10:15:00Z"
    }
  ],
  "pages": 1,
  "pageRange": "1-1 of 1"
}

cURL Example

curl -X GET "http://localhost:4001/api/v1/users?page=1&limit=20" \
  -H "Authorization: Bearer ADMIN_TOKEN"

PATCH `/api/v1/admin/owners/:id/:status` — Update User Status

Auth: Protected (Authorization: Bearer <accessToken>) · admin
Used by: admin-booki-web-app · Role: admin
Description: Change user status (activate, suspend, deactivate). The status is passed as a URL path segment.

Request

PATCH /api/v1/admin/owners/507f1f77bcf86cd799439011/suspend

Path Parameters:

id (string, required): User ID
status (string, required): Action to apply — activate | suspend | delete

No request body needed — action is set via the URL path segment.

Response (200 OK)

{
  "message": "Status updated successfully."
}

cURL Example

curl -X PATCH http://localhost:4001/api/v1/admin/owners/507f1f77bcf86cd799439011/suspend \
  -H "Authorization: Bearer ADMIN_TOKEN"

User Types (Roles)

Type	Access Level	Capabilities
`owner`	Organization	Full org control, billing, staff
`branch-manager`	Branch	Booking management, customer support
`customer`	Personal	Booking, profile, payment prefs
`admin`	Platform	Organization and user management
`guest`	Limited	One-time booking only

User Status Reference

active: User can log in and use platform
inactive: User disabled (can be reactivated)
suspended: User suspended (often due to violations)
deleted: Soft-deleted (marked but data preserved)

Notes

All admin endpoints require the admin role.
Suspended users cannot log in or book.

Admin - Organizations Management

Admin endpoints for managing organizations, viewing stats, and organization-level operations.

codi-node-utils

The shared Node.js utilities package used by booki-api.