This document covers all active endpoints, schemas, authentication patterns, and validation rules for the Brownie-Bliss Bakery Order Management system.
- Development:
http://localhost:3000 - Production: Mapped via Vercel Serverless Function
Admin routes are secured using JWT (JSON Web Tokens). Authenticated requests must include the token in the Authorization header.
Authorization: Bearer <your_admin_jwt_token>Logs in the administrator and returns a JWT access token.
- Request Body:
{ "username": "admin", "password": "your_secure_password" } - Response (Success):
{ "success": true, "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "expiresIn": "2h" } - Errors:
400 Bad Request: Missing username or password parameters.401 Unauthorized: Invalid username or password comparison.
Retrieves all bakery products (standard items and birthday cakes).
- Response:
{ "success": true, "products": [ { "_id": "603d15a31d950f24f0c4391e", "type": "standard", "id_ref": 1, "name": "Velvet Dream Cake", "category": "cakes", "price": 850, "emoji": "🎂", "img": "https://theobroma.in/..." } ] }
Adds a new product to the catalog.
- Request Body:
{ "type": "standard", "name": "Triple Chocolate Cookie", "category": "cookies", "price": 120, "emoji": "🍪", "img": "https://example.com/cookie.jpg" } - Response (Success):
{ "success": true, "product": { ... } }
Updates an existing product's details.
- Request Body (All fields optional):
{ "name": "Updated Delight Name", "price": 1050, "img": "https://example.com/new_image.jpg" } - Response (Success):
{ "success": true, "product": { ... } }
Removes a product from the database.
- Response:
{ "success": true, "message": "Product deleted" }
Submits a new customer order.
- Request Body:
{ "customer_name": "John Doe", "phone": "+919876543210", "address": "123 Sweet Lane", "city": "Mumbai", "pincode": "400001", "items": [ { "name": "Velvet Dream Cake", "price": 850, "qty": 1, "emoji": "🎂", "category": "cakes" } ], "total": 850 } - Response:
{ "success": true, "order_id": "BB-20260524-8149", "message": "Order placed successfully" }
Retrieves all orders, optionally filtered by status or payment status.
- Query Parameters:
status: Filter by status (pending,confirmed,preparing,delivered,cancelled) or payment status (unpaid,paid). Passallto bypass filter.
- Response:
{ "success": true, "orders": [ ... ] }
Retrieves a single order's details by order_id reference.
- Response:
{ "success": true, "order": { ... } }
Marks an order's payment status as paid and advances order status to confirmed.
- Request Body:
{ "notes": "Paid via UPI transaction reference #123456" } - Response:
{ "success": true, "message": "Payment confirmed" }
Updates the preparation/delivery status of an order.
- Request Body:
{ "status": "preparing" } - Response:
{ "success": true }
Returns revenue, counts of total, pending, and paid orders.
- Response:
{ "success": true, "stats": { "total_orders": 42, "pending_orders": 5, "paid_orders": 37, "total_revenue": 31450 } }
Sends a one-time numeric passcode to a customer's phone number for validation.
- Request Body:
{ "phone": "9876543210" } - Response:
{ "success": true, "message": "OTP sent successfully" }
Verifies the numeric passcode sent to the phone number.
- Request Body:
{ "phone": "9876543210", "otp": "123456" } - Response:
{ "success": true, "message": "OTP verified" }