Live Link : Link
Video Demonstration Link : Link
This is a full-featured backend API developed for a ride-sharing platform, enabling riders to book and manage rides, drivers to handle trips and availability, and admins to oversee the entire system. The project emphasizes security, scalability, and a modular architecture, with clear role-based access control.
Built using typescript, Express.js and MongoDB, Mongoose, the system implements JWT-based authentication, bcrypt for password hashing, GeoJSON location queries and haversine-distance to match nearby drivers and riders, for email sending purpose nodemailer is used, for validation Zod is used, for authentication passportjs is used and for maintaining the tokens JWT is used. It supports a full ride lifecycle, from request to completion, with real-time status updates, role-specific permissions, and admin-level user and driver management. Driver document uploads are handled via Multer, and the API is fully tested and documented using Postman.
- Node.js + Express.js – Server-side development and API routing
- TypeScript – Adds static typing for better scalability and developer experience
- MongoDB + Mongoose – Database to store users, rides, and system data
- JWT – Secure token-based authentication for protected routes
- bcryptjs – Password hashing for user security
- Zod – Request validation and schema enforcement
- Passport.js – User authentication local and Google OAuth support was used
- cookie-parser + express-session – Session handling and cookie management
- Multer + Cloudinary – File uploads driver documents
- haversine-distance – Calculate distance between pickup and driver location
- nodemailer – Send emails in case like password reset links
- CORS + dotenv – Environment config and cross-origin requests handling
- ts-node-dev – Auto reload server during development
- ESLint – Enforce consistent code quality
- Secure JWT-based login system
- Passwords hashed using bcrypt
- Role-based access control for ADMIN, RIDER, and DRIVER
- Google OAuth 2.0 login support and manual registration/login
- Set password route available after Google login
- Forgot password sends email with reset link containing temporary token
- Reset password and change password with proper access control
- Token refresh via
/auth/refresh-token - Logout clears tokens from cookies for secure sign-out
- Request ride (only if no ongoing ride and user is not blocked)
- Fare calculated dynamically using Haversine formula × base rate (
100 BDT/km) - Cancel ride if:
- Not yet accepted
- Fewer than 3 cancellations in the last 24 hours
- View ride history:
- All rides via
/all-rides-rider - Specific ride via
/my-ride/:id
- All rides via
- Discover nearby drivers within 1 km using pickup coordinates
- Submit feedback & rate drivers post-ride
- Driver’s average rating dynamically updates
- Blocked users can't request rides
- Register as driver with vehicle details & driving license (via
form-data) - Update driver profile with new vehicle/license info (also via
form-data) - View own driver profile (
/drivers/me) - Go online (location submitted & saved); go offline (location removed)
- Discover nearby ride requests within 1 km
- Accept(Only when not engaged in another ride) or reject ride requests (based on current status)
- Progress ride statuses:
ACCEPTED → PICKED_UP → IN_TRANSIT → COMPLETED
- View:
- Ride history via
/all-rides-driver - Earnings via
/stats/earning-history
- Ride history via
- Upon ride completion:
- Driver income updated
- Rider's current location set to destination
- All statuses reset
- As driver/admin are also user and they can also Request Rides. Bu here driver can not accept his own created ride request.
- Approve/Suspend drivers:
/drivers/status/:id - Block/Unblock users:
/users/change-status/:id - View:
- All users
- Single user
- All drivers
- Single driver
- All rides in the system
- Generate system-wide ride and earnings report via
/stats/earning-history
- Modular folder structure:
auth/,users/,drivers/,rides/,stats/ - Robust Zod validation & centralized
AppError-based error handling - JWT-based route protection with role-based guards
- Geo Location ride matching:
- Uses
GeoJSON+Haversine-distance
- Uses
- Full ride lifecycle tracking with timestamps per status transition
- Tokens stored in
HTTP-only cookies; logout clears tokens securely - Password, token, and status logic properly handled for Google login users
ADMIN_EMAIL= admin@gmail.com
ADMIN_PASSWORD= Admin123@
Driver_EMAIL= driver@gmail.com
Driver_PASSWORD= Driver123@
Rider_EMAIL= rider@gmail.com
Rider_PASSWORD= Rider123@
├─ .gitignore
├─ Postman_Collection
│ └─ B5-A5_Postman_Collection.json
├─ Readme.md
├─ eslint.config.mjs
├─ package-lock.json
├─ package.json
├─ src
│ ├─ app.ts
│ ├─ app
│ │ ├─ config
│ │ │ ├─ cloudinary.config.ts
│ │ │ ├─ env.ts
│ │ │ ├─ multer.config.ts
│ │ │ └─ passport.ts
│ │ ├─ constants.ts
│ │ ├─ errorHelpers
│ │ │ └─ AppError.ts
│ │ ├─ helpers
│ │ │ ├─ handleCastError.ts
│ │ │ ├─ handleDuplicateError.ts
│ │ │ ├─ handleValidationError.ts
│ │ │ └─ handleZodError.ts
│ │ ├─ interfaces
│ │ │ ├─ error.types.ts
│ │ │ └─ index.d.ts
│ │ ├─ middlewares
│ │ │ ├─ checkAuth.ts
│ │ │ ├─ globalErrorHandler.ts
│ │ │ ├─ notFound.ts
│ │ │ └─ validateRequest.ts
│ │ ├─ modules
│ │ │ ├─ auth
│ │ │ │ ├─ auth.controller.ts
│ │ │ │ ├─ auth.route.ts
│ │ │ │ └─ auth.service.ts
│ │ │ ├─ driver
│ │ │ │ ├─ driver.controller.ts
│ │ │ │ ├─ driver.interface.ts
│ │ │ │ ├─ driver.model.ts
│ │ │ │ ├─ driver.route.ts
│ │ │ │ ├─ driver.service.ts
│ │ │ │ └─ driver.validation.ts
│ │ │ ├─ ride
│ │ │ │ ├─ ride.controller.ts
│ │ │ │ ├─ ride.interface.ts
│ │ │ │ ├─ ride.model.ts
│ │ │ │ ├─ ride.route.ts
│ │ │ │ ├─ ride.service.ts
│ │ │ │ └─ ride.validation.ts
│ │ │ ├─ stats
│ │ │ │ ├─ stats.controller.ts
│ │ │ │ ├─ stats.route.ts
│ │ │ │ └─ stats.service.ts
│ │ │ └─ user
│ │ │ ├─ user.constant.ts
│ │ │ ├─ user.controller.ts
│ │ │ ├─ user.interface.ts
│ │ │ ├─ user.model.ts
│ │ │ ├─ user.route.ts
│ │ │ ├─ user.service.ts
│ │ │ └─ user.validation.ts
│ │ ├─ routes
│ │ │ └─ index.ts
│ │ └─ utils
│ │ ├─ QueryBuilder.ts
│ │ ├─ calculateDistanceAndFare.ts
│ │ ├─ catchAsync.ts
│ │ ├─ jwt.ts
│ │ ├─ seedAdmin.ts
│ │ ├─ sendEmail.ts
│ │ ├─ sendResponse.ts
│ │ ├─ setCookie.ts
│ │ ├─ templates
│ │ │ └─ forgetPassword.ejs
│ │ └─ userToken.ts
│ └─ server.ts
├─ tsconfig.json
└─ vercel.json
git clone https://github.com/Sazid60/Ride-Booking-App-Backend-Sazid.git
cd Ride-Booking-App-Backend-Sazid
PORT=
DB_URL=
NODE_ENV=
BCRYPT_SALT_ROUND=
JWT_ACCESS_EXPIRES=
JWT_ACCESS_SECRET=
JWT_REFRESH_SECRET=
JWT_REFRESH_EXPIRES=
ADMIN_EMAIL=
ADMIN_PASSWORD=
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_CALLBACK_URL=
EXPRESS_SESSION_SECRET=
FRONTEND_URL=
CLOUDINARY_CLOUD_NAME=
CLOUDINARY_API_KEY=
CLOUDINARY_API_SECRET=
SMTP_HOST=
SMTP_PORT=
SMTP_USER=
SMTP_PASS=
SMTP_FROM=
npm install
npm run dev
I Recommend To use my postman collection in the postman_collection folder for testing this project and for clarities check all detailed Api Endpoints here.
Endpoint:
api/v1/users/register
Method: POST
URL:
https://cario-ride-backend.vercel.app/api/v1/users/register
Access: Everyone can Access this Route
Description: By default the user role will be RIDER
Special Notes : N/A
Required Fields:
{
"name": "Rider",
"email": "shahnawazsazid69@gmail.com",
"password": "Rider@123",
"location": {
"type": "Point",
"coordinates": [90.4125, 23.8103]
},
"phone": "+8801787654321"
}Endpoint:
api/v1/auth/login
Method: POST
URL:
https://cario-ride-backend.vercel.app/api/v1/auth/login
Access: Everyone can Access this Route
Description: The Login Information will go through validations like exists or not, password matches or not and In return It Will Give us a access token and a refresh token
Special Notes: N/A
Required Fields:
{
"email": "driver@gmail.com",
"password": "Driver@123a"
}https://cario-ride-backend.vercel.app/api/v1/auth/google
- Hit This route in your browser this will redirect you to the google consent screen
Special Notes: As There Is No Frontend The token will not be set using the google login for now! You have to set Password Additionally If You have Logged In usinmg google !
Endpoint:
/api/v1/auth/set-password
Method: POST
URL:
https://cario-ride-backend.vercel.app/api/v1/auth/set-password
Access: Everyone can Access this Route
Description: The Google Logged in user can set their password as for google login not password is set.
Special Notes: Set the Access token retrieved from frontend inside the header Authorization
Required Fields:
{
"password": "Shakil33@"
}Endpoint:
/api/v1/auth/forgot-password
Method: POST
URL:
https://cario-ride-backend.vercel.app/api/v1/auth/forgot-password
Access: Everyone can Access this Route
Description: This will send an email with a button named reset. by clicking the button it will redirect to a frontend url in the url there will be a access token (10 minute validation) and the userId. with this information Hit The reset password route for reset password
Special Notes: N/A
Required Fields:
{
"email": "shahnawazsazid69@gmail.com"
}Endpoint:
/api/v1/auth/reset-password
Method: POST
URL:
https://cario-ride-backend.vercel.app/api/v1/auth/reset-password
Access: Who have requested for forget password
Description: After Hitting forget-password route set the access token(short time access token) in header Authorization and id newPassword in body and this will validate and reset the password.
Special Notes: Set the access token from the frontend url in the header Authorization
Required Fields:
{
"id": "688ce948d9111e28bdc2331f",
"newPassword": "Rider123@"
}Endpoint:
/api/v1/auth/change-password
Method: POST
URL:
https://cario-ride-backend.vercel.app/api/v1/auth/change-password
Access: Every User has This Route Access
Description:
Special Notes: Set The Access token to the header to access this route if everything is valid it will change the password
Required Fields:
{
"oldPassword": "Rider@123",
"newPassword": "Rider123@"
}Endpoint:
api/v1/users/me
Method: GET
URL:
https://cario-ride-backend.vercel.app/api/v1/users/me
Access: Every Logged In User has This Route Access
Description: Will retrieve the logged In User information using the token.
Special Notes: Token Must Needed As userId From The Token Will be Used to search The User
Required Fields: N/A
Endpoint:
/api/v1/users/:id
This Id Will be the _id of a user from the user collection
Method: PATCH
URL:
https://cario-ride-backend.vercel.app/api/v1/users/688ce948d9111e28bdc2331f
Access: Every Logged In User has This Route Access
Description: this will update the desired fields that user wants to update. Data sanitization will be done here because sensitive information that a user has no right to change will be prevented.
Special Notes: Set the access token after login in the authorization As userId From The Token Will be Used to search The User
Required Fields:
{
"phone": "+8801639768727",
"location": {
"type": "Point",
"coordinates": [
90.4125,
23.8103
]
}
}Endpoint:
/api/v1/users/all-users
Method: GET
URL:
https://cario-ride-backend.vercel.app/api/v1/users/all-users
Access: Only Logged In Admin has this route access
Description: If there is valid token of admin inside the header authorization it will retrieve all users information
Special Notes: Set the access token after login in the authorization As userId From The Token Will be Used to search The User
Required Fields: N/A
Endpoint:
/api/v1/users/688ce8b3ae33ed0887c79358
Method: GET
URL:
https://cario-ride-backend.vercel.app/api/v1/users/688ce8b3ae33ed0887c79358
Access: Only Logged In Admin has this route access
Description: If there is valid token of admin inside the header authorization it will retrieve all users information
Special Notes: Set the access token after login in the authorization As userId From The Token Will be Used to search The User
Required Fields: N/A
Endpoint:
/api/v1/users/:id
This Id Will be the _id of a user from the user collection
Method: PATCH
URL:
https://cario-ride-backend.vercel.app/api/v1/users/change-status/688ce948d9111e28bdc2331f
Access: Only Logged In Admin has this route access
Description: If there is valid token of admin inside the header authorization it will change the status from blocked to unblocked and unblocked to blocked.
Special Notes: Set the access token after login in the authorization As userId From The Token Will be Used to search The User
Required Fields:
{
"isBlocked": "BLOCKED"
}Endpoint:
/api/v1/auth/:id
Method: POST
URL:
https://cario-ride-backend.vercel.app/api/v1/auth/refresh-token
Access: Every User has This Route Access
Description: If login token is expired use this route to generate new access token
Special Notes: N/A
Required Fields:
{
"email": "driver@gmail.com",
"password": "Driver@123"
}Endpoint:
/api/v1/auth/logout
Method: POST
URL:
https://cario-ride-backend.vercel.app/api/v1/auth/logout
Access: Every User has This Route Access
Description: If user is logged in hit this route to logout the user. It will remove the tokens from the cookies
Special Notes: N/A
Required Fields: N/A
Endpoint:
/api/v1/drivers/register
Method: POST
URL:
https://cario-ride-backend.vercel.app/api/v1/drivers/register
Access: Every User has This Route Access
Description: If a user/rider Want He can register as a driver. A user have to give vehicle information and upload his drivingLicense.
Special Notes: You have to set the login access token in header authorization to access this route. And remember you have to put the information in form data and upload an image of driving license.
Required Fields:
// add in form data - > data
{
"vehicle": {
"vehicleNumber": "ABC-1234",
"vehicleType": "BIKE"
}
}
// upload driving license image in form data -> fileEndpoint:
https://cario-ride-backend.vercel.app/api/v1/drivers/status/:id
Method: PATCH
This Id Will be the _id of a driver from the Driver collection
URL:
https://cario-ride-backend.vercel.app/api/v1/drivers/status/688cf801d38ee39b116d95ea
Access: Only Admin has The Access of This Route
Description: If Admin hits this route with te status in the body admin can APPROVED, SUSPENDED a driver.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields:
{
"driverStatus": "APPROVED"
// SUSPENDED
}Endpoint:
/api/v1/drivers/:id
Method: GET
This Id Will be the _id of a driver from the Driver collection
URL:
https://cario-ride-backend.vercel.app/api/v1/drivers/688cf4e7fb36356243740aa1
Access: Only Admin has The Access of This Route
Description: This will give the single driver information
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/drivers/all-drivers
Method: GET
URL:
https://cario-ride-backend.vercel.app/api/v1/drivers/all-drivers
Access: Only Admin has The Access of This Route
Description: Admin can see all the Drivers by hitting this route
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
After Approval The User Who have Requested to be a driver will have to login gain or refresh the token asd Token do not get automatically refreshed
Endpoint:
/api/v1/drivers/me
Method: GET
URL:
https://cario-ride-backend.vercel.app/api/v1/drivers/me
Access: Only Driver has The Access of This Route
Description: This will give the single driver information
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/drivers/update-my-driver-profile
Method: PATCH
URL:
https://cario-ride-backend.vercel.app/api/v1/drivers/update-my-driver-profile
Access: Only Driver has The Access of This Route
Description: Driver can Update his vehicle information and Driving License from here.
Special Notes: You have to set the login access token in header authorization to access this route. And remember you have to put the information in form data and upload an image of driving license.
Required Fields:
// add in form data - > data
{
"vehicle": {
"vehicleNumber": "ABC-1234",
"vehicleType": "BIKE"
}
}
// upload driving license image in form data -> fileEndpoint:
/api/v1/drivers/go-online
Method: PATCH
URL:
https://cario-ride-backend.vercel.app/api/v1/drivers/go-online
Access: Only Driver has The Access of This Route
Description: Driver have to put the location coordinate to go online this will be set as current Location.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields:
{
"type": "Point",
"coordinates": [90.4015, 23.751]
}Endpoint:
/api/v1/drivers/go-offline
Method: PATCH
URL:
https://cario-ride-backend.vercel.app/api/v1/drivers/go-offline
Access: Only Driver has The Access of This Route
Description: If Driver Hits This Route Driver status will be Offline and the Current Location will be removed And neo one can see this driver.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/rides/request
Method: POST
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/request
Access: Only RIDER has The Access of This Route
Description: If The ride is requested the distance between pickup location and destination will be calculated accordingly the distance and the base ride price.
Special Notes: You have to set the login access token in header authorization to access this route. the base fare price is kept baseFarePerKm = 100
Required Fields:
{
"pickupLocation": {
"type": "Point",
"coordinates": [90.4015, 23.751]
},
"destination": {
"type": "Point",
"coordinates": [90.39148, 23.75096]
}
}Endpoint:
/api/v1/rides/cancel-ride/:id
Method: PATCH
This Id Will be the _id of a Ride from the Ride collection
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/cancel-ride/688cfa6fd38ee39b116d9634
Access: Only RIDER has The Access of This Route
Description: A Rider can cancel a ride he has created. The logic is if the ride is already accepted the rid can not be cancelled. And a rider can not cancel more than 3 rides in a day
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/rides/drivers-near
Method: GET
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/drivers-near
Access: Only RIDER has The Access of This Route
Description: A rider can see the drivers around his pickup location (within 1 km). This pickup location will match the current location of driver who are with in 1 km of the pickup location.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/rides/my-ride/:id
This Id Will be the _id of a Ride from the Ride collection
Method: GET
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/my-ride/688cf90bd38ee39b116d95fe
Access: Only RIDER has The Access of This Route
Description: The requested Ride Info will be retrieved if the ride's riderId and The user requested user id matches.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/rides/all-rides-rider
Method: GET
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/all-rides-rider
Access: Only RIDER has The Access of This Route
Description: All the rides Info will be retrieved if the ride's riderId and The user requested user id matches.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/rides/rides-near
Method: GET
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/rides-near
Access: Only DRIVER has The Access of This Route
Description: A driver can see the rides around him within 1 km. This will be matched accordingly with the driver currentLocation and rider pickupLocation
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/rides/reject-ride/:id
This Id Will be the _id of a Ride from the Ride collection
Method: PATCH
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/reject-ride/688cf90bd38ee39b116d95fe
Access: Only DRIVER has The Access of This Route
Description: A Driver can reject a ride only if its not already accepted or already in a ride. If rejected any ride the ride will not more show around him and the rider can not also even see the driver around him.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/rides/accept-ride/:id
This Id Will be the _id of a Ride from the Ride collection
Method: PATCH
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/accept-ride/688d0ca1ef2ee7a54fb72d5f
Access: Only DRIVER has The Access of This Route
Description: A Driver can reject a ride only if its not already accepted or already in a ride. If rejected any ride the ride will not more show around him and the rider can not also even see the driver around him.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/rides/pickup-rider/:id
This Id Will be the _id of a Ride from the Ride collection
Method: PATCH
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/pickup-rider/688d0ca1ef2ee7a54fb72d5f
Access: Only DRIVER has The Access of This Route
Description: If the ride is accepted by the driver trying to pickup will be allowed to pickup the rider.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/rides/start-ride/:id
This Id Will be the _id of a Ride from the Ride collection
Method: PATCH
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/start-ride/688dd2d202a28032cbfcca3f
Access: Only DRIVER has The Access of This Route
Description: If the rider is picked up the driver can start the ride.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/rides/complete-ride/:id
This Id Will be the _id of a Ride from the Ride collection
Method: PATCH
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/complete-ride/688dd2d202a28032cbfcca3f
Access: Only DRIVER has The Access of This Route
Description: Driver can Hit Complete the ride. This will add the fare amount to diver Income and driver all status will be reset and the rider status will be reset as well.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/rides/feedback/:id
This Id Will be the _id of a Ride from the Ride collection
Method: POST
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/feedback/688d0ca1ef2ee7a54fb72d5f
Access: Only RIDER has The Access of This Route
Description: A rider can give feedback to the ride and rate the ride. the rating will be dynamically adjusted wih the current rating of the driver
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields:
{
"feedback": "Vey Nice",
"rating": 4.5
}Endpoint:
/api/v1/rides/all-rides-driver
Method: GET
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/all-rides-driver
Access: Only DRIVER has The Access of This Route
Description: A rider can see all the rides associated by him.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/rides/all-rides-admin
Method: GET
URL:
https://cario-ride-backend.vercel.app/api/v1/rides/all-rides-admin
Access: Only ADMIN has The Access of This Route
Description: A rider can see all the rides created by users.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/stats/earning-history
Method: GET
URL:
https://cario-ride-backend.vercel.app/api/v1/stats/earning-history
Access: Only ADMIN has The Access of This Route
Description: Admin can see all the summary on rides collections. can see summary of completed, cancelled, Requested rides, total revenue, total riders, total drivers, average fare.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
Endpoint:
/api/v1/stats/earning-history
Method: GET
URL:
https://cario-ride-backend.vercel.app/api/v1/stats/earning-history
Access: Only DRIVER has The Access of This Route
Description: Admin can see all the summary on rides collections. can see summary of completed, cancelled, total Earnings.
Special Notes: You have to set the login access token in header authorization to access this route.
Required Fields: N/A
| Method | Endpoint | Access | Body Parameters | Description |
|---|---|---|---|---|
| POST | /api/v1/users/register |
Everyone | name, email, password, location, phone | Register as Rider |
| POST | /api/v1/auth/login |
Everyone | email, password | Login with credentials |
| POST | /api/v1/auth/set-password |
Google Users | password | Set password for Google login |
| POST | /api/v1/auth/forgot-password |
Everyone | Request password reset | |
| POST | /api/v1/auth/reset-password |
Requested Users | id, newPassword | Reset password using token |
| POST | /api/v1/auth/change-password |
Logged-in users | oldPassword, newPassword | Change current password |
| GET | /api/v1/users/me |
Logged-in users | – | Get logged-in user profile |
| PATCH | /api/v1/users/:id |
Logged-in users | phone, location | Update user info |
| GET | /api/v1/users/all-users |
Admin | – | Get all users |
| GET | /api/v1/users/:id |
Admin | – | Get user by ID |
| PATCH | /api/v1/users/change-status/:id |
Admin | isBlocked | Block or unblock user |
| POST | /api/v1/auth/refresh-token |
Logged-in users | email, password | Refresh access token |
| POST | /api/v1/auth/logout |
Logged-in users | – | Logout and clear cookies |
| Method | Endpoint | Access | Body Parameters | Description |
|---|---|---|---|---|
| POST | /api/v1/drivers/register |
User | vehicle (form-data), driving license (file) | Register as driver |
| PATCH | /api/v1/drivers/status/:id |
Admin | driverStatus | Approve/Suspend driver |
| GET | /api/v1/drivers/:id |
Admin | – | Get single driver |
| GET | /api/v1/drivers/all-drivers |
Admin | – | Get all drivers |
| GET | /api/v1/drivers/me |
Driver | – | Get own driver profile |
| PATCH | /api/v1/drivers/update-my-driver-profile |
Driver | vehicle (form-data), driving license (file) | Update driver profile |
| PATCH | /api/v1/drivers/go-online |
Driver | type, coordinates | Set driver online |
| PATCH | /api/v1/drivers/go-offline |
Driver | – | Set driver offline |
| Method | Endpoint | Access | Body Parameters | Description |
|---|---|---|---|---|
| POST | /api/v1/rides/request |
Rider | pickupLocation, destination | Request a ride |
| PATCH | /api/v1/rides/cancel-ride/:id |
Rider | – | Cancel a ride |
| GET | /api/v1/rides/drivers-near |
Rider | – | Find drivers nearby |
| GET | /api/v1/rides/my-ride/:id |
Rider | – | Get single ride |
| GET | /api/v1/rides/all-rides-rider |
Rider | – | Get all rides by rider |
| GET | /api/v1/rides/rides-near |
Driver | – | Get nearby ride requests |
| PATCH | /api/v1/rides/reject-ride/:id |
Driver | – | Reject ride request |
| PATCH | /api/v1/rides/accept-ride/:id |
Driver | – | Accept a ride |
| PATCH | /api/v1/rides/pickup-rider/:id |
Driver | – | Pickup the rider |
| PATCH | /api/v1/rides/start-ride/:id |
Driver | – | Start the ride |
| PATCH | /api/v1/rides/complete-ride/:id |
Driver | – | Complete the ride |
| POST | /api/v1/rides/feedback/:id |
Rider | feedback, rating | Submit feedback & rating |
| GET | /api/v1/rides/all-rides-driver |
Driver | – | Get all driver rides |
| GET | /api/v1/rides/all-rides-admin |
Admin | – | Get all system rides |
| Method | Endpoint | Access | Body Parameters | Description |
|---|---|---|---|---|
| GET | /api/v1/stats/earning-history |
Admin | – | Full system stats (rides, earnings, revenue) |
| GET | /api/v1/stats/earning-history |
Driver | – | Driver-specific ride stats and earnings |