A comprehensive financial management API built with Node.js, Express, TypeScript, and PostgreSQL.
- Node.js (v18 or higher)
- PostgreSQL (v13 or higher)
- npm or yarn
# Clone the repository
git clone https://github.com/Ayman-Zeyada/financial-app-server.git
cd financial-app-server
# Install dependencies
npm install
# Set up environment variables
cp .env.example .env
# Edit .env with your database configuration
# Run database migrations
npm run db:create
npm run db:migrate
npm run db:seed
# Start development server
npm run devWhen running in development mode, you can access the interactive Swagger UI documentation at:
- Swagger UI: http://localhost:4000/api-docs
- OpenAPI JSON: http://localhost:4000/api-docs.json
Most endpoints require authentication using JWT Bearer tokens. Include the token in the Authorization header:
Authorization: Bearer <your-jwt-token>
To get a token:
- Register a new user via
POST /api/auth/register - Verify your email via
GET /api/auth/verify-email/{token}(check server logs for the verification link) - Login via
POST /api/auth/loginto receive access and refresh tokens
POST /api/auth/register- Register a new userPOST /api/auth/login- Login and get tokensPOST /api/auth/refresh-token- Refresh access tokenGET /api/auth/verify-email/{token}- Verify email addressPOST /api/auth/request-password-reset- Request password resetPOST /api/auth/reset-password/{token}- Reset passwordGET /api/auth/me- Get current user info
GET /api/users/profile- Get user profilePUT /api/users/profile- Update user profileDELETE /api/users/profile- Delete user accountPOST /api/users/avatar- Upload avatarGET /api/users/avatar- Get avatar URLGET /api/users/preferences- Get user preferencesPUT /api/users/preferences- Update user preferences
GET /api/categories- List categoriesPOST /api/categories- Create categoryGET /api/categories/{id}- Get category by IDPUT /api/categories/{id}- Update categoryDELETE /api/categories/{id}- Delete categoryPOST /api/categories/bulk- Bulk create categoriesGET /api/categories/{id}/transactions- Get category transactions
GET /api/transactions- List transactions (with pagination and filtering)POST /api/transactions- Create transactionGET /api/transactions/{id}- Get transaction by IDPUT /api/transactions/{id}- Update transactionDELETE /api/transactions/{id}- Delete transactionPOST /api/transactions/bulk- Bulk create transactionsGET /api/transactions/recurring- Get recurring transactions
GET /api/budgets- List budgetsPOST /api/budgets- Create budgetGET /api/budgets/{id}- Get budget by IDPUT /api/budgets/{id}- Update budgetDELETE /api/budgets/{id}- Delete budgetGET /api/budgets/{id}/progress- Get budget progressGET /api/budgets/progress- Get all budgets progress
GET /api/goals- List financial goalsPOST /api/goals- Create financial goalGET /api/goals/{id}- Get goal by IDPUT /api/goals/{id}- Update goalDELETE /api/goals/{id}- Delete goalPATCH /api/goals/{id}/progress- Update goal progress
GET /api/reports/income-vs-expenses- Income vs expenses reportGET /api/reports/expenses-by-category- Expenses by categoryGET /api/reports/monthly/{year}/{month}- Monthly cash flowGET /api/reports/annual/{year}- Annual reportGET /api/reports/trends- Trend analysis
POST /api/data/import/transactions- Import transactions from CSV/JSONPOST /api/data/import/categories- Import categories from CSV/JSONPOST /api/data/import/budgets- Import budgets from CSV/JSONPOST /api/data/import/goals- Import financial goals from CSV/JSONGET /api/data/export/transactions- Export transactions to CSVGET /api/data/export/categories- Export categories to CSVGET /api/data/export/budgets- Export budgets to CSVGET /api/data/export/goals- Export financial goals to CSVPOST /api/data/validate- Validate import file
GET /api/webhooks- List webhooksPOST /api/webhooks- Create webhookGET /api/webhooks/{id}- Get webhook by IDPUT /api/webhooks/{id}- Update webhookDELETE /api/webhooks/{id}- Delete webhookPOST /api/webhooks/{id}/regenerate-secret- Regenerate webhook secretPOST /api/webhooks/{id}/test- Test webhook
GET /api/health- Basic health checkGET /api/health/detailed- Detailed health check with database status
- users - User accounts and authentication
- user_preferences - User settings and preferences
- categories - Transaction categories (income/expense)
- transactions - Financial transactions
- budgets - Budget planning and limits
- financial_goals - Savings goals and targets
- webhooks - Webhook configurations for notifications
- Users have many Categories, Transactions, Budgets, Goals, and Webhooks
- Transactions belong to Categories and Users
- Budgets can be linked to specific Categories
- All entities include created/updated timestamps
{
"status": "success|error",
"message": "Descriptive message",
"data": { /* Response data */ }
}{
"status": "success",
"pagination": {
"totalItems": 100,
"totalPages": 10,
"currentPage": 1,
"limit": 10,
"hasNextPage": true,
"hasPrevPage": false
},
"data": [ /* Array of items */ ]
}{
"status": "error",
"message": "Error description",
"statusCode": 400,
"errors": { /* Validation errors if applicable */ }
}page- Page number (default: 1)limit- Items per page (default: 10, max: 100)
startDate- Filter by start date (ISO 8601 format)endDate- Filter by end date (ISO 8601 format)type- Filter by type (INCOME, EXPENSE, TRANSFER)categoryId- Filter by category IDrecurring- Filter recurring transactions (true/false)
sortBy- Field to sort by (default: varies by endpoint)sortOrder- Sort direction (ASC/DESC, default: DESC)
- 400 - Bad Request (validation errors)
- 401 - Unauthorized (authentication required)
- 403 - Forbidden (insufficient permissions)
- 404 - Not Found (resource doesn't exist)
- 409 - Conflict (duplicate resource)
- 429 - Too Many Requests (rate limiting)
- 500 - Internal Server Error
- JWT-based authentication with access and refresh tokens
- Password hashing with bcrypt
- Email verification for new accounts
- Password reset functionality
- Rate limiting to prevent abuse
- Input validation and sanitization
- CORS configuration for cross-origin requests
- Default: 100 requests per 15-minute window per IP/user
- Authenticated users are tracked by user ID
- Anonymous users are tracked by IP address
- Rate limit headers included in responses
- Import: CSV, JSON
- Export: CSV
- Avatars: JPG, JPEG, PNG, GIF (max 5MB)
- Import files: 10MB
- Avatar uploads: 5MB
Connect to the Socket.IO endpoint with JWT authentication:
transaction:created- New transaction addedtransaction:updated- Transaction modifiedtransaction:deleted- Transaction removedbudget:alert- Budget limit exceededgoal:achieved- Financial goal reachednotification- General notifications
- Start the development server
- Navigate to http://localhost:4000/api-docs
- Click "Authorize" and enter your JWT token
- Try out the endpoints directly in the browser
# Register a new user
curl -X POST http://localhost:4000/api/auth/register \
-H "Content-Type: application/json" \
-d '{
"username": "testuser",
"email": "test@example.com",
"password": "password123",
"firstName": "Test",
"lastName": "User"
}'
# Login
curl -X POST http://localhost:4000/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"username": "testuser",
"password": "password123"
}'# Server Configuration
NODE_ENV=development
PORT=4000
CLIENT_URL=http://localhost:3000
# Database Configuration
DB_HOST=localhost
DB_PORT=5432
DB_USER=financial_app
DB_PASSWORD=your_password
DB_NAME=financial_app_dev
# JWT Configurations
JWT_SECRET=your_jwt_secret_key
JWT_EXPIRES_IN=86400 # 1 day in seconds
JWT_REFRESH_EXPIRES_IN=604800 # 7 days in secondsThis API is designed to be RESTful and follows standard HTTP conventions. All dates should be in ISO 8601 format, and all monetary amounts are stored as decimal values.