Skip to content

๐Ÿ‘ฅ Staff API โ€‹

๐Ÿ“‹ List Staff โ€‹

GET /api/staff?page=1&limit=20&role=MANAGER&search=john&isActive=true
Authorization: Bearer <manager-or-admin-token>

Requires MANAGER or SUPER_ADMIN role.

Query Parameters:

ParamTypeDescription
pagenumber๐Ÿ“„ Page number (default: 1)
limitnumber๐Ÿ“Š Items per page (default: 20, max: 50)
rolestring๐Ÿท๏ธ Filter by role: SUPER_ADMIN, MANAGER, STAFF
searchstring๐Ÿ” Search by name or email (case-insensitive)
isActivestringโœ… Filter by active status: true or false

Response: 200 OK

json
{
  "success": true,
  "data": [
    {
      "id": "cuid",
      "email": "staff@example.com",
      "name": "Jane Doe",
      "role": "STAFF",
      "phone": null,
      "isActive": true,
      "locationId": "cuid",
      "location": { "id": "cuid", "name": "Downtown" },
      "createdAt": "2025-01-01T00:00:00.000Z"
    }
  ],
  "pagination": {
    "page": 1,
    "limit": 20,
    "total": 5,
    "totalPages": 1
  }
}

๐Ÿ” Get Staff Member โ€‹

GET /api/staff/:id
Authorization: Bearer <manager-or-admin-token>

Requires MANAGER or SUPER_ADMIN role.

Response: 200 OK

json
{
  "success": true,
  "data": {
    "id": "cuid",
    "email": "staff@example.com",
    "name": "Jane Doe",
    "role": "STAFF",
    "phone": null,
    "isActive": true,
    "locationId": "cuid",
    "location": { "id": "cuid", "name": "Downtown" },
    "createdAt": "2025-01-01T00:00:00.000Z",
    "updatedAt": "2025-01-01T00:00:00.000Z"
  }
}

โœ๏ธ Update Staff Member โ€‹

PATCH /api/staff/:id
Authorization: Bearer <super-admin-token>

Requires SUPER_ADMIN role. Cannot change your own role.

Request:

json
{
  "name": "Jane Smith",
  "role": "MANAGER",
  "phone": "+1234567890",
  "locationId": "cuid",
  "isActive": true
}

All fields are optional.

Response: 200 OK

json
{
  "success": true,
  "data": {
    "id": "cuid",
    "email": "staff@example.com",
    "name": "Jane Smith",
    "role": "MANAGER",
    "phone": "+1234567890",
    "isActive": true,
    "locationId": "cuid",
    "location": { "id": "cuid", "name": "Downtown" }
  }
}

๐Ÿšซ Deactivate Staff Member โ€‹

DELETE /api/staff/:id
Authorization: Bearer <super-admin-token>

Requires SUPER_ADMIN role. Sets isActive to false. Cannot deactivate yourself.

Response: 200 OK

json
{
  "success": true,
  "data": { "message": "Staff member deactivated" }
}

๐Ÿ“จ Invite Staff โ€‹

POST /api/staff/invite
Authorization: Bearer <super-admin-token>

Requires SUPER_ADMIN role. Creates a single-use invite token and sends an email.

Request:

json
{
  "email": "newstaff@example.com",
  "name": "Optional Name",
  "role": "STAFF"
}
FieldRequiredDescription
emailโœ… YesEmail address for the invitation
nameโŒ NoPre-filled name suggestion
roleโŒ NoRole to assign (default: STAFF)

Response: 201 Created

json
{
  "success": true,
  "data": {
    "id": "cuid",
    "email": "newstaff@example.com",
    "role": "STAFF",
    "expiresAt": "2025-01-08T00:00:00.000Z"
  }
}

๐Ÿ”— Validate Invite Token โ€‹

GET /api/staff/invite/:token

Public endpoint โ€” no authentication required.

Returns the invite details if the token is valid, unused, and not expired.

Response: 200 OK

json
{
  "success": true,
  "data": {
    "email": "newstaff@example.com",
    "role": "STAFF"
  }
}

โœ… Accept Invite โ€‹

POST /api/staff/accept-invite

Public endpoint โ€” no authentication required.

Creates a new user account and returns a JWT.

Request:

json
{
  "token": "hex-invite-token",
  "name": "Jane Doe",
  "password": "securepassword"
}

Response: 201 Created

json
{
  "success": true,
  "data": {
    "token": "eyJhbG...",
    "user": {
      "id": "cuid",
      "email": "newstaff@example.com",
      "name": "Jane Doe",
      "role": "STAFF"
    }
  }
}

โš ๏ธ Error Cases โ€‹

ScenarioStatusError
๐Ÿ”’ Not authenticated401Authentication required
๐Ÿšซ Insufficient role403Insufficient permissions
๐Ÿ” Staff not found404Staff member not found
๐Ÿ“ง Email already exists (invite)409A user with this email already exists
๐Ÿ”— Token already used400This invite has already been used
โฐ Token expired400This invite has expired
๐Ÿšซ Self-demotion400Cannot change your own role
๐Ÿšซ Self-deactivation400Cannot deactivate your own account