API Documentation

Overview

The Member Management API provides comprehensive team member management capabilities for the Bee O'clock platform. This API handles member registration, profile management, role assignments, service assignments, and team administration within business contexts.

Base URL

{baseUrl}/api/v1/member

Authentication

All endpoints require authentication via:

• Bearer Token: Firebase JWT token in Authorization header

• Business Tenant ID: Required in x-business-tenant-id header for tenant isolation

API Endpoints

1. Get Paginated Members

Endpoint: GET /member/paged

Description: Retrieves a paginated list of team members with search and filtering capabilities.

Request Parameters:

Query Parameters:

• page (optional): Page number starting from 1

• pageSize (optional): Number of items per page (1-100)

• search (optional): Search in firstName, lastName, email

• role (optional): Filter by role (ADMIN, SPECIALIST, RECEPTION)

• profileStatus (optional): Filter by status (active, inactive, pending)

• sortBy (optional): Field to sort by

• sortDirection (optional): Sort direction

Response:

Example Request:

Example Response:

2. Get Member by ID

Endpoint: GET /member/:id

Description: Retrieves detailed information for a specific team member.

Path Parameters:

• id (required): Member ID (ObjectId format)

Response:

Example Request:

Example Response:

3. Create New Member

Endpoint: POST /member

Description: Creates a new team member and sends invitation.

Request Body:

Response:

Validation Rules:

• email: Required, valid email format, unique within business

• firstName or lastName: At least one is recommended

• role: Must be valid role enum value

• phone: Valid phone format if provided

Example Request:

Example Response:

4. Update Member

Endpoint: PUT /member/:memberId

Description: Updates an existing team member's information.

Path Parameters:

• memberId (required): Member ID to update

Request Body:

Response:

Business Rules:

• Email must remain unique within business if changed

• Role changes require appropriate permissions

• Cannot update email to existing member's email

• Profile status changes affect member access

Example Request:

Example Response:

5. Update Member Service Assignments

Endpoint: PATCH /member/:memberId/assignments

Description: Updates service assignments for a team member.

Path Parameters:

• memberId (required): Member ID to update assignments

Request Body:

Response:

Assignment Rules:

• full: true: Member can provide all business services

• full: false: Member can only provide services in include array

• Empty include array with full: false means no service assignments

• Service references must exist and belong to the business

Example Request:

Example Response:

6. Delete Member

Endpoint: DELETE /member/:memberId

Description: Soft deletes a team member (marks as deleted while preserving data).

Path Parameters:

• memberId (required): Member ID to delete

Response:

Business Rules:

• Performs soft delete (preserves historical data)

• Member cannot delete themselves

• Requires DELETE_MEMBER permission

• Checks for active orders before deletion

• Maintains audit trail of deletion

Deletion Validations:

1. Self-deletion protection: Members cannot delete themselves

2. Active orders check: Cannot delete members with pending/active orders

3. Permission validation: Requires appropriate deletion permissions

4. Role validation: May have restrictions based on member role

Example Request:

Example Response:

Member Media Management

7. Upload Member Avatar

Endpoint: POST /member-media/:memberId/avatar

Description: Uploads or updates a member's profile avatar image.

Path Parameters:

• memberId (required): Member ID for avatar upload

Request Body:

Response:

File Requirements:

• Formats: JPG, JPEG, PNG, WebP

• Size: Maximum 5MB

• Dimensions: Recommended 400x400px (will be auto-resized)

Example Request:

Example Response:

8. Delete Member Avatar

Endpoint: DELETE /member-media/:memberId/avatar

Description: Removes a member's profile avatar image.

Path Parameters:

• memberId (required): Member ID for avatar deletion

Response:

Example Request:

Example Response:

Data Transfer Objects

MemberDto

AssignmentsDto

MemberPaginationDto

Enumerations

RoleEnum

MemberProfileStatusEnum

LanguageCodeEnum

Permission Requirements

All member management endpoints require appropriate permissions:

Required Permissions

Permission Scopes

• OWN: Can only access own member data

• ANY: Can access all members within the business

• ADMIN: Full administrative access

Error Responses

Standard Error Format

Common Error Responses

400 Bad Request

401 Unauthorized

403 Forbidden

404 Not Found

409 Conflict

422 Unprocessable Entity

Member-Specific Errors

Member Not Found

Email Already Exists

Cannot Delete Self

Has Active Orders

Tariff Plan Limit Reached

Rate Limiting

API endpoints are rate-limited to prevent abuse:

• General endpoints: 100 requests per minute per IP

• File upload endpoints: 10 requests per minute per user

• Bulk operations: 5 requests per minute per user

Rate limit headers are included in responses:

Caching

Member data is cached for performance optimization:

• Member details: Cached for 5 minutes

• Member lists: Cached for 1 minute

• Search results: Cached for 3 minutes

Cache headers indicate freshness:

API Versioning

The API uses URL-based versioning:

• Current version: /api/v1/

• Version format: v{major}

• Backward compatibility maintained within major versions

Integration Examples

JavaScript/TypeScript Client

cURL Examples

Best Practices

API Usage Guidelines

1. Pagination: Always use pagination for member lists to avoid performance issues

2. Caching: Implement client-side caching with appropriate TTL

3. Error Handling: Handle all error responses gracefully

4. Rate Limiting: Respect rate limits and implement exponential backoff

5. Validation: Validate data on client side before API calls

Security Considerations

1. Token Management: Secure storage and rotation of authentication tokens

2. HTTPS Only: Always use HTTPS in production environments

3. Input Validation: Validate and sanitize all inputs

4. Tenant Isolation: Always include tenant ID header

5. Permission Checking: Verify user permissions before UI actions

Performance Optimization

1. Selective Loading: Only request needed fields using field selection

2. Batch Operations: Group related API calls when possible

3. Lazy Loading: Load member details on demand

4. Image Optimization: Compress avatar images before upload

5. Connection Pooling: Reuse HTTP connections for multiple requests

For additional information about member management workflows and business logic, see the Use Case Documentation and Interface Documentation.