Other API Endpoints
Admin
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| POST | /admin/login | Public | Admin login |
| GET | /admin/me | Admin | Current admin profile |
| GET | /admin/dashboard | Admin | Dashboard stats (counts, revenue) |
| GET | /admin/suppliers/pending | Admin | Pending supplier approvals |
| PATCH | /admin/suppliers/:id/verify | Admin | Verify supplier |
| GET | /admin/activities/pending | Admin | Pending activity approvals |
| PATCH | /admin/activities/:id/approve | Admin | Approve activity |
| PATCH | /admin/activities/:id/reject | Admin | Reject activity |
Users
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /users | Admin | List all users |
| GET | /users/:id | User/Admin | User profile |
| PATCH | /users/:id | User | Update profile |
| DELETE | /users/:id | User/Admin | Delete account |
| GET | /users/me | User | Current user profile |
| PATCH | /users/me | User | Update current user |
Suppliers
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| POST | /supplier/register | Public | Supplier registration |
| POST | /supplier/login | Public | Supplier login |
| GET | /supplier | Public | List suppliers |
| GET | /supplier/:id | Public | Supplier profile |
| PATCH | /supplier/:id | Supplier | Update profile |
| GET | /supplier/:id/activities | Public | Supplier's activities |
Supplier Registration
Supplier registration requires:
- Full name, email, password
- Company details (legal name, license number, address)
- Company description and logo
- Admin verification required before listing activities
Reviews
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /review/:activityId | Public | Reviews for an activity |
| POST | /review | User | Create review |
| PATCH | /review/:id | User | Update review |
| DELETE | /review/:id | User/Admin | Delete review |
Reviews include a rating (1–5) and text content. The activity's averageRating is recomputed when reviews change.
Wishlist
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /wishlist | User | User's wishlist |
| POST | /wishlist | User | Add to wishlist |
| DELETE | /wishlist/:itemId | User | Remove from wishlist |
Newsletter
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| POST | /newsletter/subscribe | Public | Subscribe email |
| POST | /newsletter/unsubscribe | Public | Unsubscribe with secret |
| GET | /newsletter/subscribers | Admin | List subscribers |
Cities
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /city | Public | List cities |
| GET | /city/:id | Public | City detail |
| POST | /city | Admin | Create city |
| PATCH | /city/:id | Admin | Update city |
| DELETE | /city/:id | Admin | Delete city |
Cities are shared between activities and the CMS (separate tables in each database). The API's city controller handles city CRUD for activity location tagging.
Regions
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /region | Public | List regions |
| POST | /region | Admin | Create region |
| PATCH | /region/:id | Admin | Update region |
| DELETE | /region/:id | Admin | Delete region |
Trip Categories & Types
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /trip-category | Public | List trip categories |
| POST | /trip-category | Admin | Create category |
| PATCH | /trip-category/:id | Admin | Update category |
| DELETE | /trip-category/:id | Admin | Delete category |
| GET | /trip-type | Public | List trip types |
| POST | /trip-type | Admin | Create type |
| PATCH | /trip-type/:id | Admin | Update type |
| DELETE | /trip-type/:id | Admin | Delete type |
Featured Tags
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /featured | Public | List featured tags |
| POST | /featured | Admin | Create tag |
| PATCH | /featured/:id | Admin | Update tag |
| DELETE | /featured/:id | Admin | Delete tag |
| POST | /featured/activity | Admin | Tag activity as featured |
| DELETE | /featured/activity/:id | Admin | Remove featured tag from activity |
Media Upload
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| POST | /upload | Admin | Upload single file |
| POST | /upload/multiple | Admin | Upload multiple files |
| POST | /upload/local | Admin | Upload to local storage |
| GET | /media-library | Admin | List media library |
| POST | /media-library | Admin | Add to library |
| DELETE | /media-library/:id | Admin | Delete from library |
| GET | /media-library/entity/:entityType/:entityId | Public | Images for an entity |
Uploaded images are processed with Sharp (WebP conversion) and uploaded to Cloudflare Images.
Legal Documents
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /legal/:category | Public | Get legal document by category |
| POST | /legal | Admin | Create legal document |
| PATCH | /legal/:id | Admin | Update legal document |
Image Proxy
/media routes serve as an image proxy via Express + Axios.
Cron Jobs
Popularity Score Update
Runs every 10 minutes. Updates each activity's popularityScore:
popularityScore = views × 1
+ bookingsCount × 10
+ averageRating × 20
+ (isFeatured ? 100 : 0)
- (days since creation × 0.5)The score powers the "Popular" sort option and featured sections.
Typesense Sync (Disabled)
A sync cron exists but is commented out in the server config. Typesense integration is not currently active.