User Service โ API Reference ๐ค
This document describes the public and admin APIs exposed by the User Service in ShopVerse.
All APIs are accessed via the API Gateway, and user identity is propagated using gateway-injected headers.
๐ Base URLโ
/api/users
๐ Authentication & Authorizationโ
- JWT is validated at the API Gateway
- Gateway injects:
X-User-EmailX-User-Role
- User Service trusts only gateway headers
- Role-Based Access Control (RBAC) is enforced
๐ค Get Current User Profileโ
Fetch the profile of the currently authenticated user.
โค Endpointโ
GET /api/users/me
โค Headersโ
Authorization: Bearer <JWT>
โค Success Response (200 OK)โ
{
"id": 1,
"fullName": "John Doe",
"email": "john@example.com",
"phoneNo": "9876543210",
"role": "CUSTOMER",
"createdAt": "2026-01-10T10:15:00"
}
โค Error Responsesโ
| Status | Reason |
|---|---|
| 401 | Unauthorized |
| 500 | Internal server error |
โ๏ธ Update User Profileโ
Update profile details of the current user.
โค Endpointโ
PUT /api/users/me
โค Request Bodyโ
{
"fullName": "John Updated",
"phoneNo": "9123456789"
}
โค Success Response (200 OK)โ
{
"message": "Profile updated successfully"
}
โค Error Responsesโ
| Status | Reason |
|---|---|
| 400 | Invalid input |
| 403 | Forbidden |
| 500 | Internal server error |
๐ Add Addressโ
Add a new address for the authenticated user.
โค Endpointโ
POST /api/users/addresses
โค Request Bodyโ
{
"street": "MG Road",
"city": "Pune",
"state": "Maharashtra",
"pincode": "411001"
}
โค Success Response (201 CREATED)โ
{
"message": "Address added successfully"
}
๐ Get User Addressesโ
Fetch all addresses belonging to the authenticated user.
โค Endpointโ
GET /api/users/addresses
โค Success Response (200 OK)โ
[
{
"id": 101,
"street": "MG Road",
"city": "Pune",
"state": "Maharashtra",
"pincode": "411001"
}
]
๐ Update Addressโ
Update an existing address owned by the user.
โค Endpointโ
PUT /api/users/addresses/{addressId}
โค Request Bodyโ
{
"street": "FC Road",
"city": "Pune",
"state": "Maharashtra",
"pincode": "411004"
}
โค Success Response (200 OK)โ
{
"message": "Address updated successfully"
}
โ Delete Addressโ
Delete an address owned by the user.
โค Endpointโ
DELETE /api/users/addresses/{addressId}
โค Success Response (204 NO CONTENT)โ
๐ Admin โ Get All Usersโ
Fetch all users (admin-only).
โค Endpointโ
GET /api/users
โค Role Requiredโ
ADMIN
โค Success Response (200 OK)โ
[
{
"id": 1,
"email": "admin@shopverse.com",
"role": "ADMIN"
},
{
"id": 2,
"email": "user@shopverse.com",
"role": "CUSTOMER"
}
]
โ Admin โ Delete Userโ
Delete a user by ID (admin-only).
โค Endpointโ
DELETE /api/users/{userId}
โค Role Requiredโ
ADMIN
โค Success Response (204 NO CONTENT)โ
๐ก๏ธ Authorization Rules Summaryโ
| Role | Allowed Actions |
|---|---|
| CUSTOMER | Manage own profile & addresses |
| ADMIN | Manage all users |
Ownership is enforced using X-User-Email.
๐ Request Flowโ
โ ๏ธ Common Errorsโ
| Status | Meaning |
|---|---|
| 401 | Invalid or missing token |
| 403 | Access denied |
| 404 | Resource not found |
| 409 | Conflict (duplicate data) |
๐ Summaryโ
The User API provides:
- Secure access to user profiles
- Strict ownership enforcement
- Clean separation of admin and user actions
- Gateway-based authentication trust model
It ensures user data integrity and security in ShopVerse.