Spring Auth API Documentation

1 Auth Endpoints

1.1 Login

This is an example output for the POST /auth/login endpoint.

request

POST /auth/login HTTP/1.1
Content-Type: application/json
Content-Length: 64
Host: localhost:8080

{
  "login" : "test.user@test.com",
  "password" : "Test1234!"
}

response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 602

{
  "id" : 1,
  "firstName" : "Test",
  "lastName" : "User",
  "login" : "test.user@test.com",
  "token" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAdGVzdC5jb20iLCJmaXJzdE5hbWUiOiJUZXN0IiwibGFzdE5hbWUiOiJVc2VyIiwibWFpblJvbGUiOiJVU0VSIiwiZXhwIjoxNzY0MDgxMDM0LCJpYXQiOjE3NjQwNzc0MzR9.gV6iyqLxkshIB3OTjKA8ukAPkP7Ew1YaGpIxtnaXbiI",
  "deleted" : false,
  "refreshToken" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAdGVzdC5jb20iLCJleHAiOjE3NjQ3OTc0MzQsImlhdCI6MTc2NDA3NzQzNH0.zEWNiLwGuA84OX5cbrR84PMm11LU5cpAcSqf94VvBb4",
  "mainRole" : "USER",
  "permissions" : [ ]
}

It gives informations about the authenticated user along with a JWT token.

1.1.1 Error Response - 400 - Bad Request

These are example outputs for the POST /auth/login endpoint for bad request.

1.1.1.1 Missing Login

This is an example output when the login field is missing in the request.

request

POST /auth/login HTTP/1.1
Content-Type: application/json
Content-Length: 30
Host: localhost:8080

{
  "password" : "Test1234!"
}

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 37

{
  "message" : "Login is required"
}

It returns a 400 Bad Request error indicating that the login field is required.

1.1.1.2 Missing Password

This is an example output when the password field is missing in the request.

request

POST /auth/login HTTP/1.1
Content-Type: application/json
Content-Length: 36
Host: localhost:8080

{
  "login" : "test.user@test.com"
}

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 40

{
  "message" : "Password is required"
}

It returns a 400 Bad Request error indicating that the password field is required.

1.1.1.3 Invalid Email Format

This is an example output when the email format is invalid in the request.

request

POST /auth/login HTTP/1.1
Content-Type: application/json
Content-Length: 66
Host: localhost:8080

{
  "login" : "invalid-email-format",
  "password" : "Test1234!"
}

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 40

{
  "message" : "Invalid email format"
}

It returns a 400 Bad Request error indicating that the email format is invalid.

1.1.1.4 Empty Body

This is an example output when the request body is empty.

request

POST /auth/login HTTP/1.1
Content-Type: application/json
Host: localhost:8080

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 57

{
  "message" : "Request body is missing or unreadable"
}

It returns a 400 Bad Request error indicating that the request body is missing.

1.1.1.5 Malformed JSON

This is an example output when the request body contains malformed JSON.

request

POST /auth/login HTTP/1.1
Content-Type: application/json
Content-Length: 53
Host: localhost:8080

{"login":"test.user@test.com", "password":"Test1234!"

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 57

{
  "message" : "Request body is missing or unreadable"
}

It returns a 400 Bad Request error indicating that the request body is malformed.

1.1.1.6 SQL Injection Attempt Login

This is an example output when the login field contains a SQL injection attempt.

request

POST /auth/login HTTP/1.1
Content-Type: application/json
Content-Length: 57
Host: localhost:8080

{
  "login" : "' OR '1'='1",
  "password" : "Test1234!"
}

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 40

{
  "message" : "Invalid email format"
}

It returns a 400 Bad Request error indicating that the email format is invalid.

1.1.2 Error Response - 401 - Unauthorized

These are example outputs for the POST /auth/login endpoint for unauthorized access.

1.1.2.1 Wrong Password

This is an example output when the password provided is incorrect.

request

POST /auth/login HTTP/1.1
Content-Type: application/json
Content-Length: 69
Host: localhost:8080

{
  "login" : "test.user@test.com",
  "password" : "WrongPassword!"
}

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 39

{
  "message" : "Invalid credentials"
}

It returns a 401 Unauthorized error indicating that the password is invalid.

1.1.2.2 Non-Existent User

This is an example output when the user does not exist.

request

POST /auth/login HTTP/1.1
Content-Type: application/json
Content-Length: 69
Host: localhost:8080

{
  "login" : "test.user@test.com",
  "password" : "WrongPassword!"
}

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 39

{
  "message" : "Invalid credentials"
}

It returns a 401 Unauthorized error indicating that the credentials are invalid.

1.1.3 Error Response - 415 - Unsupported Media Type

These are example outputs for the POST /auth/login endpoint for unsupported media types.

1.1.3.1 Unsupported Media Type

This is an example output when the media type of the request is unsupported.

request

POST /auth/login HTTP/1.1
Content-Length: 67
Host: localhost:8080

{
  "login" : "non.existent@test.com",
  "password" : "Test1234!"
}

response

HTTP/1.1 415 Unsupported Media Type
Content-Type: application/json
Content-Length: 70

{
  "message" : "Unsupported content type: application/octet-stream"
}

It returns a 415 Unsupported Media Type error indicating that the media type is not supported.

1.2 Register

This is an example output for the POST /auth/register endpoint.

request

POST /auth/register HTTP/1.1
Content-Type: application/json
Content-Length: 120
Host: localhost:8080

{
  "firstName" : "Test",
  "lastName" : "NewUser",
  "login" : "test.newuser@test.com",
  "password" : "testPassword"
}

response

HTTP/1.1 201 Created
Location: /users/5
Content-Type: application/json
Content-Length: 620

{
  "id" : 5,
  "firstName" : "Test",
  "lastName" : "NewUser",
  "login" : "test.newuser@test.com",
  "token" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0Lm5ld3VzZXJAdGVzdC5jb20iLCJmaXJzdE5hbWUiOiJUZXN0IiwibGFzdE5hbWUiOiJOZXdVc2VyIiwibWFpblJvbGUiOiJVU0VSIiwiZXhwIjoxNzY0MDgxMDM0LCJpYXQiOjE3NjQwNzc0MzR9.HY7VSozeTHczbzYz6Cuc5cqvhmKryQY7aKA7tkhwVQU",
  "deleted" : false,
  "refreshToken" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0Lm5ld3VzZXJAdGVzdC5jb20iLCJleHAiOjE3NjQ3OTc0MzQsImlhdCI6MTc2NDA3NzQzNH0.4_lp3q8W7jz-ldruyLZ3ZvcSkHuyNcDNDNSnIXCKIVQ",
  "mainRole" : "USER",
  "permissions" : [ ]
}

It registers a new user and gives informations about the created user along with a JWT token.

1.2.1 Error Response - 400 - Bad Request

These are example outputs for the POST /auth/register endpoint for bad request.

1.2.1.1 Missing First Name

This is an example output when the first name field is missing in the request.

request

POST /auth/register HTTP/1.1
Content-Type: application/json
Content-Length: 96
Host: localhost:8080

{
  "lastName" : "NewUser",
  "login" : "test.newuser@test.com",
  "password" : "testPassword"
}

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 42

{
  "message" : "First name is required"
}

It returns a 400 Bad Request error indicating that the first name field is required.

1.2.1.2 Missing Last Name

This is an example output when the last name field is missing in the request.

request

POST /auth/register HTTP/1.1
Content-Type: application/json
Content-Length: 94
Host: localhost:8080

{
  "firstName" : "Test",
  "login" : "test.newuser@test.com",
  "password" : "testPassword"
}

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 41

{
  "message" : "Last name is required"
}

It returns a 400 Bad Request error indicating that the last name field is required.

1.2.1.3 Missing Login

This is an example output when the login field is missing in the request.

request

POST /auth/register HTTP/1.1
Content-Type: application/json
Content-Length: 83
Host: localhost:8080

{
  "firstName" : "Test",
  "lastName" : "NewUser",
  "password" : "testPassword"
}

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 37

{
  "message" : "Login is required"
}

It returns a 400 Bad Request error indicating that the login field is required.

1.2.1.4 Missing Password

This is an example output when the password field is missing in the request.

request

POST /auth/register HTTP/1.1
Content-Type: application/json
Content-Length: 89
Host: localhost:8080

{
  "firstName" : "Test",
  "lastName" : "NewUser",
  "login" : "test.newuser@test.com"
}

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 40

{
  "message" : "Password is required"
}

It returns a 400 Bad Request error indicating that the password field is required.

1.2.1.5 Invalid Email Format

This is an example output when the email format is invalid in the request.

request

POST /auth/register HTTP/1.1
Content-Type: application/json
Content-Length: 119
Host: localhost:8080

{
  "firstName" : "Test",
  "lastName" : "NewUser",
  "login" : "invalid-email-format",
  "password" : "testPassword"
}

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 47

{
  "message" : "Login must be a valid email"
}

It returns a 400 Bad Request error indicating that the email format is invalid.

1.2.1.6 Empty Body

This is an example output when the request body is empty.

request

POST /auth/register HTTP/1.1
Content-Type: application/json
Host: localhost:8080

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 57

{
  "message" : "Request body is missing or unreadable"
}

It returns a 400 Bad Request error indicating that the request body is missing.

1.2.1.7 Malformed JSON

This is an example output when the request body contains malformed JSON.

request

POST /auth/register HTTP/1.1
Content-Type: application/json
Content-Length: 100
Host: localhost:8080

{"firstName":"Test","lastName":"NewUser", "login":"test.newuser@test.com", "password":"testPassword"

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 57

{
  "message" : "Request body is missing or unreadable"
}

It returns a 400 Bad Request error indicating that the request body is malformed.

1.2.1.8 SQL Injection Attempt First Name

This is an example output when the first name field contains a SQL injection attempt.

request

POST /auth/register HTTP/1.1
Content-Type: application/json
Content-Length: 124
Host: localhost:8080

{
  "firstName" : "' OR '1'='1",
  "lastName" : "User",
  "login" : "test.newuser@test.com",
  "password" : "testPassword"
}

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 58

{
  "message" : "First name contains invalid characters"
}

It returns a 400 Bad Request error indicating that the first name field is invalid.

1.2.1.9 SQL Injection Attempt Last Name

This is an example output when the last name field contains a SQL injection attempt.

request

POST /auth/register HTTP/1.1
Content-Type: application/json
Content-Length: 124
Host: localhost:8080

{
  "firstName" : "Test",
  "lastName" : "' OR '1'='1",
  "login" : "test.newuser@test.com",
  "password" : "testPassword"
}

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 57

{
  "message" : "Last name contains invalid characters"
}

It returns a 400 Bad Request error indicating that the last name field is invalid.

1.2.1.10 SQL Injection Attempt Login

This is an example output when the login field contains a SQL injection attempt.

request

POST /auth/register HTTP/1.1
Content-Type: application/json
Content-Length: 107
Host: localhost:8080

{
  "firstName" : "Test",
  "lastName" : "User",
  "login" : "' OR '1'='1",
  "password" : "testPassword"
}

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 47

{
  "message" : "Login must be a valid email"
}

It returns a 400 Bad Request error indicating that the email format is invalid.

1.2.2 Error Response - 409 - Conflict

These are example outputs for the POST /auth/register endpoint for conflict errors.

1.2.2.1 Duplicate Login

This is an example output when the login provided already exists.

request

POST /auth/register HTTP/1.1
Content-Type: application/json
Content-Length: 111
Host: localhost:8080

{
  "firstName" : "Test",
  "lastName" : "User",
  "login" : "test.user@test.com",
  "password" : "Test1234!"
}

response

HTTP/1.1 409 Conflict
Content-Type: application/json
Content-Length: 40

{
  "message" : "Login already exists"
}

It returns a 409 Conflict error indicating that the login already exists.

1.2.3 Error Response - 415 - Unsupported Media Type

These are example outputs for the POST /auth/register endpoint for unsupported media types.

1.2.3.1 Unsupported Media Type

This is an example output when the media type of the request is unsupported.

request

POST /auth/register HTTP/1.1
Content-Length: 117
Host: localhost:8080

{
  "firstName" : "Test",
  "lastName" : "User",
  "login" : "test.newuser@test.com",
  "password" : "testPassword"
}

response

HTTP/1.1 415 Unsupported Media Type
Content-Type: application/json
Content-Length: 70

{
  "message" : "Unsupported content type: application/octet-stream"
}

It returns a 415 Unsupported Media Type error indicating that the media type is not supported.

1.3 Refresh

This is an example output for the GET /auth/refresh endpoint.

request

GET /auth/refresh HTTP/1.1
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAdGVzdC5jb20iLCJleHAiOjE3NjQ3OTc0MzMsImlhdCI6MTc2NDA3NzQzM30.0eaVdo0nhbMQtgfcNuait8XBKs7Z3vs4aK0I2ZxQG_k
Host: localhost:8080

response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 440

{
  "id" : 1,
  "firstName" : "Test",
  "lastName" : "User",
  "login" : "test.user@test.com",
  "token" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAdGVzdC5jb20iLCJmaXJzdE5hbWUiOiJUZXN0IiwibGFzdE5hbWUiOiJVc2VyIiwibWFpblJvbGUiOiJVU0VSIiwiZXhwIjoxNzY0MDgxMDM0LCJpYXQiOjE3NjQwNzc0MzR9.gV6iyqLxkshIB3OTjKA8ukAPkP7Ew1YaGpIxtnaXbiI",
  "deleted" : false,
  "refreshToken" : null,
  "mainRole" : "USER",
  "permissions" : [ ]
}

It refreshes the JWT token for the authenticated user.

1.3.1 Error Response - 401 - Unauthorized

These are example outputs for the GET /auth/refresh endpoint for unauthorized access.

1.3.1.1 Missing Authorization Header

This is an example output when the Authorization header is missing in the request.

request

GET /auth/refresh HTTP/1.1
Content-Type: application/json
Host: localhost:8080

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 75

{
  "message" : "Full authentication is required to access this resource"
}

It returns a 401 Unauthorized error indicating that full authentication is required.

1.3.1.2 Invalid Token

This is an example output when the token provided is invalid.

request

GET /auth/refresh HTTP/1.1
Content-Type: application/json
Authorization: Bearer this.is.not.a.valid.token
Host: localhost:8080

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 33

{
  "message" : "Invalid token"
}

It returns a 401 Unauthorized error indicating that the token is invalid.

1.4 Update Password

This is an example output for the PUT /auth/update-password endpoint.

request

PUT /auth/update-password HTTP/1.1
Content-Type: application/json
Content-Length: 70
Host: localhost:8080

{
  "oldPassword" : "Test1234!",
  "newPassword" : "TestNewPassword"
}

response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 49

{
  "message" : "Password updated successfully"
}

It sets a new password for the authenticated user.

1.4.1 Error Response - 400 - Bad Request

These are example outputs for the PUT /auth/update-password endpoint for bad request.

1.4.1.1 Missing Body

This is an example output when the request body is missing.

request

PUT /auth/update-password HTTP/1.1
Content-Type: application/json
Host: localhost:8080

response

HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 57

{
  "message" : "Request body is missing or unreadable"
}

It returns a 400 Bad Request error indicating that the request body is missing.

1.4.2 Error Response - 401 - Unauthorised

These are example outputs for the PUT /auth/update-password endpoint for unauthorized access.

1.4.2.1 Missing Token

This is an example output when the request token is missing.

request

PUT /auth/update-password HTTP/1.1
Content-Type: application/json
Content-Length: 70
Host: localhost:8080

{
  "oldPassword" : "Test1234!",
  "newPassword" : "TestNewPassword"
}

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 75

{
  "message" : "Full authentication is required to access this resource"
}

It returns a 401 Unauthorized error indicating that full authentication is required.

2 User Endpoints

2.1 Get Authenticated User

This is an example output for the GET /users/me endpoint.

request

GET /users/me HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAdGVzdC5jb20iLCJmaXJzdE5hbWUiOiJUZXN0IiwibGFzdE5hbWUiOiJVc2VyIiwibWFpblJvbGUiOiJVU0VSIiwiZXhwIjoxNzY0MDgxMDQ0LCJpYXQiOjE3NjQwNzc0NDR9.7eyojoXXaUlgyy3R5kUectyd2DS3JEcTzjHv-aSarDw
Host: localhost:8080

response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 440

{
  "id" : 1,
  "firstName" : "Test",
  "lastName" : "User",
  "login" : "test.user@test.com",
  "token" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAdGVzdC5jb20iLCJmaXJzdE5hbWUiOiJUZXN0IiwibGFzdE5hbWUiOiJVc2VyIiwibWFpblJvbGUiOiJVU0VSIiwiZXhwIjoxNzY0MDgxMDQ0LCJpYXQiOjE3NjQwNzc0NDR9.7eyojoXXaUlgyy3R5kUectyd2DS3JEcTzjHv-aSarDw",
  "deleted" : false,
  "refreshToken" : null,
  "mainRole" : "USER",
  "permissions" : [ ]
}

It gives informations about the authenticated user.

2.1.1 Error Response - 401 - Unauthorized

These are example outputs for the GET /users/me endpoint for unauthorized access.

2.1.1.1 Missing Authorization Header

This is an example output when the Authorization header is missing in the request.

request

GET /users/me HTTP/1.1
Accept: application/json
Host: localhost:8080

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 75

{
  "message" : "Full authentication is required to access this resource"
}

It returns a 401 Unauthorized error indicating that full authentication is required.

2.1.1.2 Malformed Token

This is an example output when the token provided is malformed.

request

GET /users/me HTTP/1.1
Accept: application/json
Authorization: Bearer this.is.not.a.valid.token
Host: localhost:8080

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 72

{
  "message" : "The token was expected to have 3 parts, but got > 3."
}

It returns a 401 Unauthorized error indicating that the token is invalid.

2.1.1.3 Expired Token

This is an example output when the token provided is expired.

request

GET /users/me HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAdGVzdC5jb20iLCJmaXJzdE5hbWUiOiJUZXN0IiwibGFzdE5hbWUiOiJVc2VyIiwibWFpblJvbGUiOiJVU0VSIiwiZXhwIjoxNzY0MDczODQ0LCJpYXQiOjE3NjQwNzAyNDR9.Qmvb-Pu8IYb6BZX2tbWySCQzLf-fK34WbchysWcHwGE
Host: localhost:8080

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 66

{
  "message" : "The Token has expired on 2025-11-25T12:30:44Z."
}

2.2 Get All Users

This is an example output for the GET /users/all endpoint.

request

GET /users/all HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAdGVzdC5jb20iLCJmaXJzdE5hbWUiOiJUZXN0IiwibGFzdE5hbWUiOiJVc2VyIiwibWFpblJvbGUiOiJVU0VSIiwiZXhwIjoxNzY0MDgxMDQ1LCJpYXQiOjE3NjQwNzc0NDV9.JsktIahX0Kt9kVG-sPtDRxu220HXVVUn7WqsMJ2kBec
Host: localhost:8080

response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 2691

[ {
  "id" : 1,
  "firstName" : "Test",
  "lastName" : "User",
  "login" : "test.user@test.com",
  "password" : "$2a$10$pUiGTQxeBP4ofmNRZrU2PeZsbVR7Rh/GmQeu3vV6dWq.DI0Mz43GK",
  "createdAt" : "2025-11-25T13:30:41.627+00:00",
  "updatedAt" : "2025-11-25T13:30:41.627+00:00",
  "deleted" : false,
  "mainRole" : {
    "id" : 1,
    "name" : "USER",
    "description" : "Default user role",
    "createdAt" : "2025-11-25T13:30:41.354+00:00",
    "updatedAt" : "2025-11-25T13:30:41.354+00:00"
  },
  "username" : "test.user@test.com",
  "accountNonExpired" : true,
  "accountNonLocked" : true,
  "credentialsNonExpired" : true,
  "enabled" : true,
  "authorities" : [ ]
}, {
  "id" : 2,
  "firstName" : "Test",
  "lastName" : "Manager",
  "login" : "test.manager@test.com",
  "password" : "$2a$10$3HTrV611wxTeDzfKjcHPquTXBaSjtbsCGKyxYHzycig.h4wvsOkeW",
  "createdAt" : "2025-11-25T13:30:41.628+00:00",
  "updatedAt" : "2025-11-25T13:30:41.628+00:00",
  "deleted" : false,
  "mainRole" : {
    "id" : 2,
    "name" : "MANAGER",
    "description" : "Manager role",
    "createdAt" : "2025-11-25T13:30:41.358+00:00",
    "updatedAt" : "2025-11-25T13:30:41.358+00:00"
  },
  "username" : "test.manager@test.com",
  "accountNonExpired" : true,
  "accountNonLocked" : true,
  "credentialsNonExpired" : true,
  "enabled" : true,
  "authorities" : [ ]
}, {
  "id" : 3,
  "firstName" : "Test",
  "lastName" : "Admin",
  "login" : "test.admin@test.com",
  "password" : "$2a$10$G6Uf.cL.nXYcNebDtrOfMOS9FlhmO09bTqdQpbRzasuHzEhk4Jap2",
  "createdAt" : "2025-11-25T13:30:41.629+00:00",
  "updatedAt" : "2025-11-25T13:30:41.629+00:00",
  "deleted" : false,
  "mainRole" : {
    "id" : 3,
    "name" : "ADMIN",
    "description" : "Administrator role",
    "createdAt" : "2025-11-25T13:30:41.363+00:00",
    "updatedAt" : "2025-11-25T13:30:41.363+00:00"
  },
  "username" : "test.admin@test.com",
  "accountNonExpired" : true,
  "accountNonLocked" : true,
  "credentialsNonExpired" : true,
  "enabled" : true,
  "authorities" : [ ]
}, {
  "id" : 4,
  "firstName" : "Test2",
  "lastName" : "Admin2",
  "login" : "test.admin2@test.com",
  "password" : "$2a$10$IzAT9hCxq9tkuSvOV.2b9u1fv7X8aULSJ9bofMUphRNdsOrjfBzaW",
  "createdAt" : "2025-11-25T13:30:41.630+00:00",
  "updatedAt" : "2025-11-25T13:30:41.630+00:00",
  "deleted" : false,
  "mainRole" : {
    "id" : 3,
    "name" : "ADMIN",
    "description" : "Administrator role",
    "createdAt" : "2025-11-25T13:30:41.363+00:00",
    "updatedAt" : "2025-11-25T13:30:41.363+00:00"
  },
  "username" : "test.admin2@test.com",
  "accountNonExpired" : true,
  "accountNonLocked" : true,
  "credentialsNonExpired" : true,
  "enabled" : true,
  "authorities" : [ ]
} ]

It gives informations about all users.

2.2.1 Error Response - 401 - Unauthorized

These are example outputs for the GET /users/all endpoint for unauthorized access.

2.2.1.1 Missing Authorization Header

This is an example output when the Authorization header is missing in the request.

request

GET /users/all HTTP/1.1
Accept: application/json
Host: localhost:8080

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 75

{
  "message" : "Full authentication is required to access this resource"
}

It returns a 401 Unauthorized error indicating that full authentication is required.

2.2.1.2 Malformed Token

This is an example output when the token provided is malformed.

request

GET /users/all HTTP/1.1
Accept: application/json
Authorization: Bearer this.is.not.a.valid.token
Host: localhost:8080

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 72

{
  "message" : "The token was expected to have 3 parts, but got > 3."
}

It returns a 401 Unauthorized error indicating that the token is invalid.

2.2.1.3 Expired Token

This is an example output when the token provided is expired.

request

GET /users/all HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAdGVzdC5jb20iLCJmaXJzdE5hbWUiOiJUZXN0IiwibGFzdE5hbWUiOiJVc2VyIiwibWFpblJvbGUiOiJVU0VSIiwiZXhwIjoxNzY0MDczODQ0LCJpYXQiOjE3NjQwNzAyNDR9.Qmvb-Pu8IYb6BZX2tbWySCQzLf-fK34WbchysWcHwGE
Host: localhost:8080

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 66

{
  "message" : "The Token has expired on 2025-11-25T12:30:44Z."
}

It returns a 401 Unauthorized error indicating that the token has expired.

2.3 Promote User to Manager

This is an example output for the PUT /users/{userId}/promote-manager endpoint.

request

PUT /users/100/promote-manager HTTP/1.1
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LmFkbWluQHRlc3QuY29tIiwiZmlyc3ROYW1lIjoiVGVzdCIsImxhc3ROYW1lIjoiQWRtaW4iLCJtYWluUm9sZSI6IkFETUlOIiwiZXhwIjoxNzY0MDgxMDQ0LCJpYXQiOjE3NjQwNzc0NDR9._3iUfwzw8tUSlRCFzVM4cj8zD1016L24Bi0_E0_oekc
Host: localhost:8080

response

HTTP/1.1 200 OK
Content-Type: text/plain;charset=UTF-8
Content-Length: 37

User promoted to manager successfully

It promotes a user to the "MANAGER" role.

2.3.1 Error Response - 401 - Unauthorized

These are example outputs for the PUT /users/{userId}/promote-manager endpoint for unauthorized access.

2.3.1.1 Missing Authorization Header

This is an example output when the Authorization header is missing in the request.

request

PUT /users/100/promote-manager HTTP/1.1
Accept: application/json
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 75

{
  "message" : "Full authentication is required to access this resource"
}

It returns a 401 Unauthorized error indicating that full authentication is required.

2.3.1.2 Malformed Token

This is an example output when the token provided is malformed.

request

PUT /users/100/promote-manager HTTP/1.1
Accept: application/json
Authorization: Bearer this.is.not.a.valid.token
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 72

{
  "message" : "The token was expected to have 3 parts, but got > 3."
}

It returns a 401 Unauthorized error indicating that the token is invalid.

2.3.2 Error Response - 403 - Forbidden

These are example outputs for the PUT /users/{userId}/promote-manager endpoint for forbidden access.

2.3.2.1 Non-Admin User - Promote User to Manager

This is an example output when a non-admin user attempts to promote a user to manager.

request

PUT /users/100/promote-manager HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAdGVzdC5jb20iLCJmaXJzdE5hbWUiOiJUZXN0IiwibGFzdE5hbWUiOiJVc2VyIiwibWFpblJvbGUiOiJVU0VSIiwiZXhwIjoxNzY0MDgxMDQ1LCJpYXQiOjE3NjQwNzc0NDV9.JsktIahX0Kt9kVG-sPtDRxu220HXVVUn7WqsMJ2kBec
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 403 Forbidden
Content-Type: application/json
Content-Length: 36

{
  "message" : "Access is denied"
}

It returns a 403 Forbidden error indicating that access is denied.

2.3.3 Error Response - 404 - Not Found

These are example outputs for the PUT /users/{userId}/promote-manager endpoint for not found errors.

2.3.3.1 User Not Found

This is an example output when the user to be promoted is not found.

request

PUT /users/100/promote-manager HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LmFkbWluQHRlc3QuY29tIiwiZmlyc3ROYW1lIjoiVGVzdCIsImxhc3ROYW1lIjoiQWRtaW4iLCJtYWluUm9sZSI6IkFETUlOIiwiZXhwIjoxNzY0MDgxMDQ1LCJpYXQiOjE3NjQwNzc0NDV9.6ZQLECNv_dD2ZjxS9dEVf0Oa_TNxE391_x9Dr88uc6o
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 404 Not Found
Content-Type: application/json
Content-Length: 34

{
  "message" : "User not found"
}

It returns a 404 Not Found error indicating that the user was not found.

2.3.4 Error Response - 409 - Conflict

These are example outputs for the PUT /users/{userId}/promote-manager endpoint for conflict errors.

2.3.4.1 User Already Manager

This is an example output when the user to be promoted is already a manager.

request

PUT /users/100/promote-manager HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LmFkbWluQHRlc3QuY29tIiwiZmlyc3ROYW1lIjoiVGVzdCIsImxhc3ROYW1lIjoiQWRtaW4iLCJtYWluUm9sZSI6IkFETUlOIiwiZXhwIjoxNzY0MDgxMDQ1LCJpYXQiOjE3NjQwNzc0NDV9.6ZQLECNv_dD2ZjxS9dEVf0Oa_TNxE391_x9Dr88uc6o
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 409 Conflict
Content-Type: application/json
Content-Length: 49

{
  "message" : "The user is already a manager"
}

It returns a 409 Conflict error indicating that the user is already a manager.

2.3.4.2 User Already Admin

This is an example output when the user to be promoted is already an admin.

request

PUT /users/100/promote-manager HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LmFkbWluQHRlc3QuY29tIiwiZmlyc3ROYW1lIjoiVGVzdCIsImxhc3ROYW1lIjoiQWRtaW4iLCJtYWluUm9sZSI6IkFETUlOIiwiZXhwIjoxNzY0MDgxMDQ0LCJpYXQiOjE3NjQwNzc0NDR9._3iUfwzw8tUSlRCFzVM4cj8zD1016L24Bi0_E0_oekc
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 409 Conflict
Content-Type: application/json
Content-Length: 48

{
  "message" : "The user is already an admin"
}

It returns a 409 Conflict error indicating that the user is already an admin.

2.4 Revoke Manager to User

This is an example output for the PUT /users/{userId}/revoke-manager endpoint.

request

PUT /users/100/revoke-manager HTTP/1.1
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LmFkbWluQHRlc3QuY29tIiwiZmlyc3ROYW1lIjoiVGVzdCIsImxhc3ROYW1lIjoiQWRtaW4iLCJtYWluUm9sZSI6IkFETUlOIiwiZXhwIjoxNzY0MDgxMDQ0LCJpYXQiOjE3NjQwNzc0NDR9._3iUfwzw8tUSlRCFzVM4cj8zD1016L24Bi0_E0_oekc
Host: localhost:8080

response

HTTP/1.1 200 OK
Content-Type: text/plain;charset=UTF-8
Content-Length: 33

Manager role revoked successfully

It revokes a manager to "USER" role.

2.4.1 Error Response - 401 - Unauthorized

These are example outputs for the PUT /users/{userId}/revoke-manager endpoint for unauthorized access.

2.4.1.1 Missing Authorization Header

This is an example output when the Authorization header is missing in the request.

request

PUT /users/100/revoke-manager HTTP/1.1
Accept: application/json
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 75

{
  "message" : "Full authentication is required to access this resource"
}

It returns a 401 Unauthorized error indicating that full authentication is required.

2.4.1.2 Malformed Token

This is an example output when the token provided is malformed.

request

PUT /users/100/revoke-manager HTTP/1.1
Accept: application/json
Authorization: Bearer this.is.not.a.valid.token
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 72

{
  "message" : "The token was expected to have 3 parts, but got > 3."
}

It returns a 401 Unauthorized error indicating that the token is invalid.

2.4.2 Error Response - 403 - Forbidden

These are example outputs for the PUT /users/{userId}/revoke-manager endpoint for forbidden access.

2.4.2.1 Non-Admin User

This is an example output when a non-admin user tries to revoke a manager role.

request

PUT /users/100/revoke-manager HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAdGVzdC5jb20iLCJmaXJzdE5hbWUiOiJUZXN0IiwibGFzdE5hbWUiOiJVc2VyIiwibWFpblJvbGUiOiJVU0VSIiwiZXhwIjoxNzY0MDgxMDQ0LCJpYXQiOjE3NjQwNzc0NDR9.7eyojoXXaUlgyy3R5kUectyd2DS3JEcTzjHv-aSarDw
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 403 Forbidden
Content-Type: application/json
Content-Length: 36

{
  "message" : "Access is denied"
}

It returns a 403 Forbidden error indicating that access is denied.

2.4.3 Error Response - 404 - Not Found

These are example outputs for the PUT /users/{userId}/revoke-manager endpoint

2.4.3.1 User Not Found

This is an example output when the user to be revoked is not found.

request

PUT /users/100/revoke-manager HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LmFkbWluQHRlc3QuY29tIiwiZmlyc3ROYW1lIjoiVGVzdCIsImxhc3ROYW1lIjoiQWRtaW4iLCJtYWluUm9sZSI6IkFETUlOIiwiZXhwIjoxNzY0MDgxMDQ0LCJpYXQiOjE3NjQwNzc0NDR9._3iUfwzw8tUSlRCFzVM4cj8zD1016L24Bi0_E0_oekc
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 404 Not Found
Content-Type: application/json
Content-Length: 34

{
  "message" : "User not found"
}

It returns a 404 Not Found error indicating that the user was not found.

2.5 Promote to Admin

This is an example output for the PUT /users/{userId}/promote-admin endpoint.

request

PUT /users/100/promote-admin HTTP/1.1
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LmFkbWluQHRlc3QuY29tIiwiZmlyc3ROYW1lIjoiVGVzdCIsImxhc3ROYW1lIjoiQWRtaW4iLCJtYWluUm9sZSI6IkFETUlOIiwiZXhwIjoxNzY0MDgxMDQ0LCJpYXQiOjE3NjQwNzc0NDR9._3iUfwzw8tUSlRCFzVM4cj8zD1016L24Bi0_E0_oekc
Host: localhost:8080

response

HTTP/1.1 200 OK
Content-Type: text/plain;charset=UTF-8
Content-Length: 32

Admin role assigned successfully

It promotes a user or manager to "ADMIN" role.

2.5.1 Error Response - 401 - Unauthorized

These are example outputs for the PUT /users/{userId}/promote-admin endpoint for unauthorized access.

2.5.1.1 Missing Authorization Header

This is an example output when the Authorization header is missing in the request. .request

PUT /users/100/promote-admin HTTP/1.1
Accept: application/json
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 75

{
  "message" : "Full authentication is required to access this resource"
}

It returns a 401 Unauthorized error indicating that full authentication is required.

2.5.1.2 Malformed Token

request

PUT /users/100/promote-admin HTTP/1.1
Accept: application/json
Authorization: Bearer this.is.not.a.valid.token
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 72

{
  "message" : "The token was expected to have 3 parts, but got > 3."
}

It returns a 401 Unauthorized error indicating that the token is invalid.

2.5.2 Error Response - 403 - Forbidden

These are example outputs for the PUT /users/{userId}/promote-admin endpoint for forbidden access.

2.5.2.1 Non-Admin User

This is an example output when a non-admin user tries to promote a user to admin. .request

PUT /users/100/promote-admin HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAdGVzdC5jb20iLCJmaXJzdE5hbWUiOiJUZXN0IiwibGFzdE5hbWUiOiJVc2VyIiwibWFpblJvbGUiOiJVU0VSIiwiZXhwIjoxNzY0MDgxMDQ0LCJpYXQiOjE3NjQwNzc0NDR9.7eyojoXXaUlgyy3R5kUectyd2DS3JEcTzjHv-aSarDw
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 403 Forbidden
Content-Type: application/json
Content-Length: 36

{
  "message" : "Access is denied"
}

It returns a 403 Forbidden error indicating that access is denied.

2.5.3 Error Response - 404 - Not Found

These are example outputs for the PUT /users/{userId}/promote-admin endpoint for not found errors.

2.5.3.1 User Not Found

This is an example output when the user to be promoted is not found. .request

PUT /users/100/promote-admin HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LmFkbWluQHRlc3QuY29tIiwiZmlyc3ROYW1lIjoiVGVzdCIsImxhc3ROYW1lIjoiQWRtaW4iLCJtYWluUm9sZSI6IkFETUlOIiwiZXhwIjoxNzY0MDgxMDQ1LCJpYXQiOjE3NjQwNzc0NDV9.6ZQLECNv_dD2ZjxS9dEVf0Oa_TNxE391_x9Dr88uc6o
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 404 Not Found
Content-Type: application/json
Content-Length: 34

{
  "message" : "User not found"
}

It returns a 404 Not Found error indicating that the user was not found.

2.5.4 Error Response - 409 - Conflict

These are example outputs for the PUT /users/{userId}/promote-admin endpoint for conflict errors.

2.5.4.1 User Already Admin

This is an example output when the user to be promoted is already an admin. .request

PUT /users/100/promote-admin HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LmFkbWluQHRlc3QuY29tIiwiZmlyc3ROYW1lIjoiVGVzdCIsImxhc3ROYW1lIjoiQWRtaW4iLCJtYWluUm9sZSI6IkFETUlOIiwiZXhwIjoxNzY0MDgxMDQ0LCJpYXQiOjE3NjQwNzc0NDR9._3iUfwzw8tUSlRCFzVM4cj8zD1016L24Bi0_E0_oekc
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 409 Conflict
Content-Type: application/json
Content-Length: 48

{
  "message" : "The user is already an admin"
}

It returns a 409 Conflict error indicating that the user is already an admin.

2.6 Revoke Admin to User

This is an example output for the PUT /users/{userId}/revoke-admin endpoint.

request

PUT /users/100/revoke-admin HTTP/1.1
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LmFkbWluQHRlc3QuY29tIiwiZmlyc3ROYW1lIjoiVGVzdCIsImxhc3ROYW1lIjoiQWRtaW4iLCJtYWluUm9sZSI6IkFETUlOIiwiZXhwIjoxNzY0MDgxMDQ0LCJpYXQiOjE3NjQwNzc0NDR9._3iUfwzw8tUSlRCFzVM4cj8zD1016L24Bi0_E0_oekc
Host: localhost:8080

response

HTTP/1.1 200 OK
Content-Type: text/plain;charset=UTF-8
Content-Length: 31

Admin role revoked successfully

It revokes a admin to "USER" role.

2.6.1 Error Response - 401 - Unauthorized

These are example outputs for the PUT /users/{userId}/revoke-admin endpoint for unauthorized access.

2.6.1.1 Missing Authorization Header

request

PUT /users/100/revoke-admin HTTP/1.1
Accept: application/json
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 75

{
  "message" : "Full authentication is required to access this resource"
}

It returns a 401 Unauthorized error indicating that full authentication is required.

2.6.1.2 Malformed Token

This is an example output when the token provided is malformed. .request

PUT /users/100/revoke-admin HTTP/1.1
Accept: application/json
Authorization: Bearer this.is.not.a.valid.token
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 72

{
  "message" : "The token was expected to have 3 parts, but got > 3."
}

It returns a 401 Unauthorized error indicating that the token is invalid.

2.6.2 Error Response - 403 - Forbidden

These are example outputs for the PUT /users/{userId}/revoke-admin endpoint for forbidden access.

2.6.2.1 Non-Admin User

This is an example output when a non-admin user tries to revoke an admin role.

request

PUT /users/100/revoke-admin HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LnVzZXJAdGVzdC5jb20iLCJmaXJzdE5hbWUiOiJUZXN0IiwibGFzdE5hbWUiOiJVc2VyIiwibWFpblJvbGUiOiJVU0VSIiwiZXhwIjoxNzY0MDgxMDQ1LCJpYXQiOjE3NjQwNzc0NDV9.JsktIahX0Kt9kVG-sPtDRxu220HXVVUn7WqsMJ2kBec
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 403 Forbidden
Content-Type: application/json
Content-Length: 36

{
  "message" : "Access is denied"
}

It returns a 403 Forbidden error indicating that access is denied.

2.6.3 Error Response - 404 - Not Found

These are example outputs for the PUT /users/{userId}/revoke-admin endpoint for not found errors.

2.6.3.1 User Not Found

This is an example output when the user to be revoked is not found.

request

PUT /users/100/revoke-admin HTTP/1.1
Accept: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LmFkbWluQHRlc3QuY29tIiwiZmlyc3ROYW1lIjoiVGVzdCIsImxhc3ROYW1lIjoiQWRtaW4iLCJtYWluUm9sZSI6IkFETUlOIiwiZXhwIjoxNzY0MDgxMDQ0LCJpYXQiOjE3NjQwNzc0NDR9._3iUfwzw8tUSlRCFzVM4cj8zD1016L24Bi0_E0_oekc
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 404 Not Found
Content-Type: application/json
Content-Length: 34

{
  "message" : "User not found"
}

It returns a 404 Not Found error indicating that the user was not found.

2.7 Downgrade Admin to Manager

This is an example output for the PUT /users/{userId}/downgrade-admin endpoint.

request

PUT /users/100/downgrade-admin HTTP/1.1
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LmFkbWluQHRlc3QuY29tIiwiZmlyc3ROYW1lIjoiVGVzdCIsImxhc3ROYW1lIjoiQWRtaW4iLCJtYWluUm9sZSI6IkFETUlOIiwiZXhwIjoxNzY0MDgxMDQ1LCJpYXQiOjE3NjQwNzc0NDV9.6ZQLECNv_dD2ZjxS9dEVf0Oa_TNxE391_x9Dr88uc6o
Host: localhost:8080

response

HTTP/1.1 200 OK
Content-Type: text/plain;charset=UTF-8
Content-Length: 34

Admin role downgraded successfully

It downgrades a admin to "MANAGER" role.

2.7.1 Error Response - 401 - Unauthorized

These are example outputs for the PUT /users/{userId}/downgrade-admin endpoint for unauthorized access.

2.7.1.1 Missing Authorization Header

This is an example output when the Authorization header is missing in the request.

request

PUT /users/100/downgrade-admin HTTP/1.1
Accept: application/json
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 75

{
  "message" : "Full authentication is required to access this resource"
}

It returns a 401 Unauthorized error indicating that full authentication is required.

2.7.1.2 Malformed Token

This is an example output when the token provided is malformed.

request

PUT /users/100/downgrade-admin HTTP/1.1
Accept: application/json
Authorization: Bearer this.is.not.a.valid.token
Host: localhost:8080
Content-Type: application/x-www-form-urlencoded

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 72

{
  "message" : "The token was expected to have 3 parts, but got > 3."
}

It returns a 401 Unauthorized error indicating that the token is invalid.

2.8 Delete User

This is an example output for the DELETE /users/{userId} endpoint.

request

DELETE /users/100 HTTP/1.1
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LmFkbWluQHRlc3QuY29tIiwiZmlyc3ROYW1lIjoiVGVzdCIsImxhc3ROYW1lIjoiQWRtaW4iLCJtYWluUm9sZSI6IkFETUlOIiwiZXhwIjoxNzY0MDgxMDQ1LCJpYXQiOjE3NjQwNzc0NDV9.6ZQLECNv_dD2ZjxS9dEVf0Oa_TNxE391_x9Dr88uc6o
Host: localhost:8080

response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 90

{
  "message" : "User deleted successfully",
  "deletedUserLogin" : "test.user@test.com"
}

It deletes a user.

2.8.1 Error Response - 401 - Unauthorized

These are example outputs for the DELETE /users/{userId} endpoint for unauthorized access.

2.8.1.1 Missing Authorization Header

This is an example output when the Authorization header is missing in the request.

request

DELETE /users/100 HTTP/1.1
Accept: application/json
Host: localhost:8080

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 75

{
  "message" : "Full authentication is required to access this resource"
}

It returns a 401 Unauthorized error indicating that full authentication is required.

2.8.1.2 Malformed Token

This is an example output when the token provided is malformed.

request

DELETE /users/100 HTTP/1.1
Accept: application/json
Authorization: Bearer this.is.not.a.valid.token
Host: localhost:8080

response

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 72

{
  "message" : "The token was expected to have 3 parts, but got > 3."
}

It returns a 401 Unauthorized error indicating that the token is invalid.