# Quran App API Reference This document describes the backend API endpoints for the Quran learning platform. It covers authentication, student flows, sheikh flows, admin management, payments, session workflows, reviews, availability, and real-time signaling. > Base URL: `http://localhost:8080` (default local backend) > Protected endpoints require `Authorization: Bearer `. --- ## 1. Root / Health ### `GET /` - Description: Simple root response for backend availability. - Response: `Welcome to Quran App Backend! API endpoints: /api/auth, /api/admin, /api/sheikh, /api/student, /api/common` --- ## 2. Authentication & User Onboarding ### `POST /api/auth/register/student` - Description: Register a new student account. - Body: - `fullName` (string) - `email` (string) - `password` (string) - `phone` (string) - `gender` (string) - `birthDate` (date) - `country` (string) - Response: `AuthResponse` with JWT token and user info. ### `POST /api/auth/register/sheikh` - Description: Register a new sheikh account. - Body: same as student registration. - Response: `AuthResponse` with JWT token and user info. ### `POST /api/auth/login` - Description: Login using email and password. - Body: - `email` (string) - `password` (string) - Response: `AuthResponse` with JWT token. ### `POST /api/auth/forgot-password` - Description: Request a password reset OTP. - Body: - `email` (string) - Response: success message. ### `POST /api/auth/verify-otp` - Description: Verify the OTP sent for password reset. - Body: - `email` (string) - `otp` (string) - Response: success message. ### `POST /api/auth/reset-password` - Description: Reset a password after OTP verification. - Body: - `email` (string) - `otp` (string) - `newPassword` (string) - `confirmNewPassword` (string) - Response: success message. ### `POST /api/auth/logout` - Description: Logout current authenticated user. - Requires: JWT. - Response: success message. ### `POST /api/auth/google` - Description: Authenticate using Google Sign-In. - Body: - `idToken` (string) - `role` (string) — `STUDENT` or `SHEIKH` - Response: `AuthResponse` with JWT token. ### `POST /api/auth/complete-google-profile` - Description: Complete the student profile for a Google-authenticated student. - Requires: JWT. - Body: - `birthDateTime` (datetime) - `country` (string) - `gender` (string) - `phone` (string) - `quranLevel` (string) - `preferredLanguage` (string) - `preferredAccent` (string) - `profilePhotoUrl` (string) - Response: success message. ### `POST /api/auth/complete-google-profile/sheikh` - Description: Complete the sheikh profile for a Google-authenticated sheikh. - Requires: JWT. - Body: - `birthDateTime` (datetime) - `country` (string) - `gender` (string) - `phone` (string) - `bio` (string) - `specialization` (string) - `yearsOfExperience` (integer) - `hourlyRate` (decimal) - `certificateUrl` (string) - `profilePhotoUrl` (string) - Response: success message. ### `GET /api/auth/verify-profile` - Description: Verify the currently authenticated user profile status. - Requires: JWT. - Response: `ProfileCheckDto`. --- ## 3. Dashboard Endpoints ### `GET /api/dashboard/student` - Description: Fetch student dashboard data. - Requires: role `STUDENT`. - Response: `StudentDashboardDto`. ### `GET /api/dashboard/sheikh` - Description: Fetch sheikh dashboard data. - Requires: role `SHEIKH`. - Response: `SheikhDashboardDto`. ### `GET /api/dashboard/admin` - Description: Fetch admin dashboard data. - Requires: role `ADMIN`. - Response: `AdminDashboardDto`. ### `GET /api/admin/dashboard/pending-sheikhs` - Description: Get pending sheikh approvals for admin. - Requires: role `ADMIN`. - Response: list of pending sheikhs. ### `GET /api/admin/dashboard/platform-analytics-and-stats` - Description: Get platform analytics and admin statistics. - Requires: role `ADMIN`. - Response: `statsForAdminDto`. --- ## 4. Student Profile & Student Data ### `POST /api/student/profile/complete` - Description: Complete the student onboarding profile. - Requires: JWT. - Body: - `quranLevel` (string) - `preferredLanguage` (string) - `preferredAccent` (string) - `profilePhotoUrl` (string) - Response: success message. ### `GET /api/student/profile/me` - Description: Fetch the authenticated student’s profile. - Requires: JWT. - Response: `StudentProfileDto`. ### `GET /api/student/profile/{id}` - Description: Get a student profile by ID. - Response: `StudentProfileDto`. ### `GET /api/student/profile/all` - Description: List all student profiles. - Requires: role `ADMIN`. - Query: - `page` (int, default `0`) - `size` (int, default `50`) - Response: paged list of `StudentProfileDto`. ### `GET /api/student/streak` - Description: Get the authenticated student’s Quran practice streak. - Requires: JWT. - Response: `StreakDto`. ### `GET /api/student/practice/stats` - Description: Get student recitation practice statistics. - Requires: JWT. - Response: `RecitationStatsDto`. ### `GET /api/student/practice/month-count` - Description: Get the count of recitations completed this month. - Requires: JWT. - Response: numeric count. --- ## 5. Student Recitation Endpoints ### `GET /api/student/recitations` - Description: Get all recitations for the authenticated student. - Requires: JWT. - Response: list of `StudentRecitationDto`. ### `GET /api/student/recitations/recent` - Description: Get the top 5 most recent recitations. - Requires: JWT. - Response: list of `StudentRecitationDto`. ### `GET /api/student/recitations/stats` - Description: Get summary statistics for student recitations. - Requires: JWT. - Response: `RecitationStatsDto`. ### `POST /api/student/recitations` - Description: Submit recitation audio for AI evaluation. - Requires: JWT. - Consumes: `multipart/form-data` - Form fields: - `surahNumber` (int) - `audio` (file) - Response: `RecitationDetailsDto`. ### `GET /api/student/recitations/{id}` - Description: Get detailed recitation result by ID. - Requires: JWT. - Response: `RecitationDetailsDto`. --- ## 6. Sheikh Discovery & Availability ### `GET /api/sheikhs/allSheikhsToStudents` - Description: Get a paged list of sheikhs for student search. - Query: - `page` (int, default `0`) - `size` (int, default `20`) - Response: list of `ShiekhProfileResponse`. ### `POST /api/sheikhs/filter` - Description: Filter sheikhs by search criteria. - Body: - `name` (string) - `country` (string) - `ratingAsc` (boolean) - `priceAsc` (boolean) - Response: filtered list of `ShiekhProfileResponse`. ### `GET /api/sheikhs/{sheikhId}/available-dates` - Description: Get available booking dates for a sheikh. - Query: - `from` (date, optional) - `days` (int, default `30`, max `90`) - Response: list of available dates. ### `GET /api/sheikhs/{sheikhId}/available-slots/day` - Description: Get available slots on a specific date. - Query: - `date` (date, required) - Response: list of `AvailableSlotDto`. ### `GET /api/sheikhs/{sheikhId}/available-slots` - Description: Get available slots across a date range. - Query: - `from` (date, optional) - `days` (int, default `30`, max `90`) - Response: list of `AvailableSlotDto`. ### `GET /api/sheikhs/{sheikhId}/profile` - Description: Get a detailed sheikh public profile. - Response: `sheikhProfileResponseComposed`. ### `GET /api/sheikhs/{sheikhId}/Top-Reviews` - Description: Get top reviews for a sheikh. - Response: list of `ReviewDto`. --- ## 7. Sheikh Profile Management ### `POST /api/sheikh/profile/complete` - Description: Complete the sheikh onboarding profile. - Requires: JWT. - Body: - `bio` (string) - `specialization` (string) - `yearsOfExperience` (integer) - `hourlyRate` (decimal) - `certificateUrl` (string) - `profilePhotoUrl` (string) - `payoutMethod` (enum) - `fullNameOnAccount` (string) - `vodafoneCashNumber` (string) - `bankCardNumber` (string) - `bankCode` (string) - Response: success message. ### `GET /api/sheikh/profile/me` - Description: Get the authenticated sheikh’s own profile. - Requires: JWT. - Response: `SheikhProfileDto`. ### `GET /api/sheikh/profile/{id}` - Description: Get a sheikh profile by ID. - Response: `SheikhProfileDto`. ### `GET /api/sheikh/profile/all` - Description: Get all approved sheikh profiles. - Query: - `page` (int, default `0`) - `size` (int, default `20`) - Response: list of `SheikhProfileDto`. ### `GET /api/sheikh/profile/approved` - Description: Get all approved sheikhs, ordered by rating. - Query: - `page` (int, default `0`) - `size` (int, default `20`) - Response: list of `SheikhProfileDto`. --- ## 8. Session Booking & Live Session Lifecycle ### `GET /api/student/sessions` - Description: List student sessions. - Query: - `sessionStatus` (optional enum) - Requires: JWT. - Response: list of `StudentSessionDto`. ### `GET /api/student/sessions/{sessionId}` - Description: Get a specific student session. - Requires: JWT. - Response: `StudentSessionDto`. ### `POST /api/student/sessions` - Description: Book a new session with a sheikh. - Requires: JWT. - Body: - `sheikhId` (long) - `startDateTime` (datetime) - `sessionDescription` (string) - Response: `StudentSessionDto`. ### `POST /api/student/sessions/{sessionId}/join` - Description: Mark the student as joined for the session. - Requires: JWT. - Response: confirmation message. ### `POST /api/student/sessions/{sessionId}/leave` - Description: Mark the student as left from the session. - Requires: JWT. - Response: confirmation message. ### `POST /api/student/sessions/{sessionId}/end` - Description: Students are not allowed to end sessions. - Requires: JWT. - Response: 403 error. --- ## 9. Sheikh Session Management ### `GET /api/sheikh/sessions` - Description: List sheikh sessions. - Query: - `sessionStatus` (optional enum) - Requires: JWT. - Response: list of `SessionDTO`. ### `GET /api/sheikh/sessions/{sessionId}` - Description: Get a specific sheikh session. - Requires: JWT. - Response: `SessionDTO`. ### `POST /api/sheikh/sessions/{sessionId}/accept` - Description: Accept a requested session and move it to payment. - Requires: JWT. - Response: confirmation message. ### `POST /api/sheikh/sessions/{sessionId}/join` - Description: Mark the sheikh as joined. - Requires: JWT. - Response: confirmation message. ### `POST /api/sheikh/sessions/{sessionId}/leave` - Description: Mark the sheikh as left. - Requires: JWT. - Response: confirmation message. ### `POST /api/sheikh/sessions/process-missed` - Description: Trigger missed-session processing on demand. - Requires: JWT. - Response: confirmation message. ### `POST /api/sheikh/sessions/{sessionId}/force-missed` - Description: Force a session into MISSED state and trigger refund. - Requires: JWT. - Response: confirmation message. ### `POST /api/sheikh/sessions/{sessionId}/reject` - Description: Reject a session request. - Requires: JWT. - Response: confirmation message. ### `POST /api/sheikh/sessions/{sessionId}/start` - Description: Mark a session as started. - Requires: JWT. - Response: confirmation message. ### `POST /api/sheikh/sessions/{sessionId}/end` - Description: End a session and save sheikh notes. - Requires: JWT. - Body: - `notes` (string) - Response: confirmation message. ### `POST /api/sheikh/sessions/{sessionId}/notes` - Description: Update session notes. - Requires: JWT. - Body: - `notes` (string) - Response: confirmation message. --- ## 10. Sheikh Availability ### `GET /api/sheikh/availability` - Description: Fetch authenticated sheikh availability slots. - Requires: JWT. - Response: list of `AvailabilitySlotDto`. ### `PUT /api/sheikh/availability` - Description: Set availability for a sheikh. - Requires: JWT. - Body: - `slots` (array of objects): - `dayOfWeek` (enum) - `startTime` (time) - `endTime` (time) - Response: success. --- ## 11. Payments & Payouts ### `POST /api/payments/initiate/card` - Description: Create a Stripe PaymentIntent for card payment. - Body: - `sessionId` (long) - `amount` (double) - `mobileNumber` (string, optional for Vodafone Cash) - Response: `StripePaymentResponse` with `clientSecret`. ### `POST /api/payments/confirm-payment/{paymentIntentId}` - Description: Confirm the payment after Stripe.js completion. - Path: - `paymentIntentId` (string) - Response: `StripePaymentResponse`. ### `POST /api/payments/confirm-session/{sessionId}` - Description: Confirm a session after payment has completed and the sheikh accepts. - Path: - `sessionId` (long) - Response: void. ### `POST /api/payments/payout/{sessionId}` - Description: Transfer funds to the sheikh after session completion. - Path: - `sessionId` (long) - Response: `StripeRefundResponse`. ### `POST /api/payments/refund/{sessionId}` - Description: Issue a refund for a cancelled or missed session. - Path: - `sessionId` (long) - Query: - `reason` (string, optional) - Response: `StripeRefundResponse`. ### `POST /api/payments/connect/sheikh/{sheikhId}` - Description: Create or refresh a Stripe connected account for a sheikh. - Path: - `sheikhId` (long) - Response: map with Stripe account info. --- ## 12. Reviews & Notes ### `GET /api/reviews/student/session/{sessionId}/details` - Description: Student fetches session details and own review. - Requires: role `STUDENT`. - Response: `SessionDetailsDto`. ### `POST /api/reviews/session/{sessionId}` - Description: Student submits or updates a review. - Requires: role `STUDENT`. - Body: - `reviews` (string) - `rate` (integer) - Response: `NotesAndReviewsDto`. ### `PUT /api/reviews/sheikh/session/{sessionId}/notes` - Description: Sheikh saves private session notes. - Requires: role `SHEIKH`. - Body: - `notes` (string) - Response: `NotesAndReviewsDto`. ### `GET /api/reviews/sheikh/session/{sessionId}/details` - Description: Sheikh fetches completed session details. - Requires: role `SHEIKH`. - Response: `SessionDetailsDto`. ### `DELETE /api/reviews/{reviewId}` - Description: Admin deletes a review. - Requires: role `ADMIN`. - Path: - `reviewId` (long) - Response: `204 No Content`. --- ## 13. Admin User Management ### `GET /api/admin/user-management/stats` - Description: Get user management statistics. - Requires: role `ADMIN`. - Response: `userManagementStatsAdmin`. ### `GET /api/admin/user-management/students` - Description: List all student users. - Requires: role `ADMIN`. - Response: list of `studentDtoAdmin`. ### `GET /api/admin/user-management/sheikhs` - Description: List all sheikh users. - Requires: role `ADMIN`. - Response: list of `sheikhDtoAdmin`. ### `GET /api/admin/user-management/users` - Description: List all users. - Requires: role `ADMIN`. - Response: list of user summaries. ### `POST /api/admin/user-management/block-user` - Description: Block a user account. - Requires: role `ADMIN`. - Query: - `userId` (long) - Response: success. ### `POST /api/admin/user-management/unblock-user` - Description: Unblock a user account. - Requires: role `ADMIN`. - Query: - `userId` (long) - Response: success. ### `GET /api/admin/user-management/sheikh-profile` - Description: Get detailed sheikh profile by user ID. - Requires: role `ADMIN`. - Query: - `userId` (long) - Response: `viewSheikhProfile`. ### `GET /api/admin/user-management/student-profile` - Description: Get detailed student profile by user ID. - Requires: role `ADMIN`. - Query: - `userId` (long) - Response: `viewStudentProfile`. --- ## 14. Admin Sheikh Approval ### `GET /api/admin/pending-sheikhs` - Description: Get pending sheikh approvals. - Requires: role `ADMIN`. - Response: list of pending sheikh profiles. ### `POST /api/admin/sheikh/{id}/approve` - Description: Approve a pending sheikh. - Requires: role `ADMIN`. - Path: - `id` (long) - Response: success message. ### `POST /api/admin/sheikh/{id}/reject` - Description: Reject a pending sheikh. - Requires: role `ADMIN`. - Path: - `id` (long) - Response: success message. --- ## 15. Sheikh Dashboard APIs ### `PUT /api/sheikh/sheikh-dashboard-view/update-price` - Description: Update the authenticated sheikh’s hourly rate. - Requires: JWT. - Body: - `newPrice` (decimal) - Response: success message. ### `GET /api/sheikh/sheikh-dashboard-view/stats` - Description: Get widget stats for the sheikh dashboard. - Requires: JWT. - Response: `sheikhdashboardResponse`. ### `GET /api/sheikh/sheikh-dashboard-view/upcoming-classes` - Description: Get upcoming session list for sheikh. - Requires: JWT. - Response: list of `SessionDTO`. ### `GET /api/sheikh/sheikh-dashboard-view/Two-reviews` - Description: Get two most recent reviews. - Requires: JWT. - Response: list of `ReviewDto`. ### `GET /api/sheikh/sheikh-dashboard-view/reviews` - Description: Get sheikh review history. - Requires: JWT. - Response: list of `ReviewDto`. --- ## 16. Pending Sheikh Onboarding ### `GET /api/sheikh/pending` - Description: Get the authenticated pending sheikh onboarding details. - Requires: JWT. - Response: `pendingSheikhDatailsdto`. --- ## 17. Real-Time Signaling ### WebSocket endpoint: `/ws` - Description: SockJS / STOMP endpoint for WebRTC signaling. - Frontend connects using SockJS and STOMP. - Application destination prefix: `/app` - Message mapping: `/app/signal` - Broadcast topic: `/topic/session/{sessionId}` ### STOMP signaling message payload - `type` — `join`, `offer`, `answer`, `ice-candidate`, `chat` - `sender` — user ID or display name - `sessionId` — live session ID - Any additional SDP or ICE payload fields required for P2P negotiation. --- ## 18. Notes - All protected endpoints require JWT authentication in the `Authorization` header. - Admin routes require `hasRole('ADMIN')`. - Sheikh-specific routes require sheikh authentication. - Student-specific routes require student authentication. - `multipart/form-data` is used only for `POST /api/student/recitations`. - The Stripe payment endpoints are split into initiation, confirmation, payout, and refund flows. --- ## 19. Recommended Usage Flow 1. Register/Login via `/api/auth/login` or `/api/auth/register/*`. 2. Complete profile using `/api/student/profile/complete` or `/api/sheikh/profile/complete`. 3. Students browse sheikhs via `/api/sheikhs/*`. 4. Book session with `/api/student/sessions`. 5. Confirm payment through `/api/payments/initiate/card` and `/api/payments/confirm-payment/{paymentIntentId}`. 6. Sheikh accepts session via `/api/sheikh/sessions/{sessionId}/accept`. 7. Start the session through `/api/sheikh/sessions/{sessionId}/start` and join via `/api/*/sessions/{sessionId}/join`. 8. End session notes via `/api/sheikh/sessions/{sessionId}/end`. 9. Student submits review via `/api/reviews/session/{sessionId}`. 10. Admin manages users through `/api/admin/*`.