Skip to content

Latest commit



1669 lines (1190 loc) · 34 KB

File metadata and controls

1669 lines (1190 loc) · 34 KB

Enhanced Music Library Management API


In this assignment, you will develop a Music Library Management API that allows users within an organization to manage their collection of Artists, Tracks, and Albums. Each organization has a single Admin who oversees the system and its users. The API also provides functionality for users to mark their favorite Artists, Albums, and Tracks for quick access and personalization.

Key Points:

  • One Organization, One Admin: Each organization has a single Admin with full control over the system.
  • Role-Based Access Control: Users have distinct roles (Admin, Editor, Viewer), with permissions tailored to their responsibilities.
  • Entity Relationships: Albums belong to Artists, and Tracks are associated with Albums and Artists.
  • Favorites: Users can personalize their experience by marking items as favorites for easy retrieval.

Your Task

Your task is to develop a RESTful API that allows users to manage their music library. The API should support the features listed below. Ensure you follow best practices for API development, including proper status codes, error handling, and response payloads.

Evaluation Criteria

  • API correctness: Ensure all 25(0 to 24) endpoints function as expected with proper request and response handling.
  • Code structure and cleanliness.
  • Error handling and status code implementation.
  • Adherence to best practices in RESTful API design.
  • Use Node.js for the backend and any database of your choice.


  • Create a new repository on GitHub and push your code to it.
  • Deploy your API to a hosting service (e.g. Render Heroku, Vercel, AWS, etc.)
  • Render is a free hosting service which you can use to deploy your API
  • Submit the repository link and the hosted API URL/Hosted URL(baseUrl).
  • Make sure you proved your hosted URL(baseUrl) in the submission based on that we will check the endpoints; example: base-url:https://your-hosted-url/ or base-url:https://your-hosted-url/api/v1
  • Based on the base-url we will check the endpoints, Base-url/logout, Base-url/signup, base-url/users, etc.
  • API responses must be in JSON format.
  • For GET requests, ensure the response structure matches the examples provided.
  • use same endpoint as below


Authentication and Authorization

  • Implement authentication and role-based access control using a method of your choice.
  • Roles:
    • Admin: Full CRUD operations on all entities, including user management.
    • Editor: Can edit and delete Artists, Albums, Tracks, and their own details (e.g., updating their password).
    • Viewer: Read-only access to all entities.
  • The first user registered in the system automatically becomes an Admin.

Entity Management

  1. Users:
    Admins can manage users by adding, deleting, and updating their roles (except for other Admins).
  2. Artists, Albums, Tracks:
    Full CRUD operations based on role permissions.
  3. Favorites:
    Users can add or remove their favorite Artists, Albums, and Tracks.

Database Schema

You are encouraged to design the tables based on the requirements provided. Below are hints for the schema structure.

1. User Table

Column Name Type Description
user_id UUID Unique identifier for the user.
email VARCHAR User's email address.
password VARCHAR Encrypted password.
role ENUM Role (Admin, Editor, Viewer).

2. Artist Table

Column Name Type Description
artist_id UUID Unique identifier for the artist.
name VARCHAR Name of the artist.
grammy BOOLEAN Indicates Grammy award status.
hidden BOOLEAN Visibility toggle.

3. Album Table

Column Name Type Description
album_id UUID Unique identifier for the album.
name VARCHAR Album name.
year INTEGER Release year.
hidden BOOLEAN Visibility toggle.

4. Track Table

Column Name Type Description
track_id UUID Unique identifier for the track.
name VARCHAR Track name.
duration INTEGER Track duration in seconds.
hidden BOOLEAN Visibility toggle.

5. Favorites Table

Column Name Type Description
favorite_id UUID Reference to the favorite entity.

Quick Summary of Endpoints:

Response Format

  • All responses must be in JSON format.
  • For GET requests, ensure the response structure matches the examples provided.

Status Codes

Below is a brief summary of all the endpoints and their key response codes: these status codes will be checked for each endpoint,a nd all get requests should return the same response format as below

  • Use the correct HTTP status codes for each operation.
  • Handle edge cases with appropriate error messages and status codes (e.g., 400 for bad requests, 401 for unauthorized access, etc.).
  1. GET BASEURL/Logout: 200, 400
  2. POST BASEURL/signup: 201, 400, 409
  3. POST BASEURL/login: 200, 400, 404
  4. GET BASEURL/users: 200, 400, 401
  5. POST BASEURL/users/add-user: 201, 400, 401, 409
  6. DELETE BASEURL/users/:id: 200, 400, 401, 403, 404
  7. PUT BASEURL/users/update-password: 204, 400, 401, 403, 404
  8. GET BASEURL/artists: 200, 400, 401
  9. GET BASEURL/artists/:id: 200, 401, 403, 404
  10. POST BASEURL/artists/add-artist: 201, 400, 401
  11. PUT BASEURL/artists/:id: 204, 400, 401, 403, 404
  12. DELETE BASEURL/artists/:id: 200, 400, 401, 403, 404
  13. GET BASEURL/albums: 200, 400, 401, 403, 404
  14. GET BASEURL/albums/:id: 200, 401, 403, 404
  15. POST BASEURL/albums/add-album: 201, 400, 401, 403, 400
  16. PUT BASEURL/albums/:id: 204, 400, 401, 403, 404
  17. DELETE BASEURL/albums/:id: 200, 400, 401, 403, 404
  18. GET BASEURL/tracks: 200, 400, 401, 403, 404
  19. GET BASEURL/tracks/:id: 200, 400, 401, 403, 404
  20. POST BASEURL/tracks/add-track: 201, 400, 401, 403, 404
  21. PUT BASEURL/tracks/:id: 204, 400, 401, 403, 404
  22. DELETE BASEURL/tracks/:id: 200, 400, 401, 403, 404
  23. GET BASEURL/favorites/:category: 200, 400, 401, 403
  24. POST BASEURL/favorites/add-favorite: 201, 400, 401, 403, 404
  25. DELETE BASEURL/favorites/remove-favorite/:id: 200, 400, 401, 403, 404


Base URL: your-hosted-url/api/v1

0. GET /logout - Logout a user

  • Description: This endpoint is used to log a user out of the system. After this, token should no longer work, it will be considered invalid.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:


Response Codes to Consider:

  • 200: User logged out successfully.
  • 400: Bad Request.


  • a. 200 - User Logged Out Successfully
  "status": 200,
  "data": null,
  "message": "User logged out successfully.",
  "error": null
  • b. 400 - Bad Request
  "status": 400,
  "data": null,
  "message": "Bad Request",
  "error": null

1. POST /signup - Register a new user

  • Description: This endpoint is used to register a new user in the system.

Request Endpoint:


Request Body:

  "email": "",
  "password": "password"

Response Codes to Consider:

  • 201: User created successfully.
  • 400: Missing fields, Bad Request, Etc.
  • 409: Email already exists.


  • a. 201 - User Created Successfully

      "status": 201,
      "data": null,
      "message": "User created successfully.",
      "error": null
  • b. 400 - Bad Request

      "status": 400,
      "data": null,
      "message": "Bad Request, Reason:${Missing Field}",
      "error": null
  • c. 409 - Email Already Exists

      "status": 409,
      "data": null,
      "message": "Email already exists.",
      "error": null

2. POST /login - Login a user

  • Description: This endpoint is used to login a user in the system.

Request Endpoint:


Request Body:

  "email": "",
  "password": "securePassword123"

Response Codes to Consider:

  • 200: User logged in successfully.
  • 400: Missing fields, Bad Request, Etc.
  • 404: User not found.


  • a. 200 - User Logged In Successfully
  "status": 200,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  "message": "Login successful.",
  "error": null
  • b. 400 - Bad Request
  "status": 400,
  "data": null,
  "message": "Bad Request, Reason:${Missing Field}",
  "error": null
  • c. 404 - User Not Found
  "status": 404,
  "data": null,
  "message": "User not found.",
  "error": null

3. GET /users - Retrieve All Users

  • Description: Retrieve a list of all users under the same Admin. This endpoint can only be accessed by the Admin user. Pagination is supported using limit and offset.

Query Parameters:

  • limit (optional): Number of records to fetch. Default is 5.
  • offset (optional): Number of records to skip. Default is 0.
  • role (optional): Filter users by role (Editor or Viewer).

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

GET BASE-URL/users?limit=5&offset=0&role=Editor



Response Codes to Consider:

  • 200: Users fetched successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.


  • a. 200 - Users Fetched Successfully
  "status": 200,
  "data": [
      "user_id": "123e4567-e89b-12d3-a456-426614174000",
      "email": "",
      "role": "editor",
      "created_at": "2024-12-03T10:00:00Z"
    ...4 more
  "message": "Users retrieved successfully.",
  "error": null
  • b. 400 - Bad Request
  "status": 400,
  "data": null,
  "message": "Bad Request",
  "error": null
  • c. 401 - Unauthorized Access
  "status": 401,
  "data": null,
  "message": "Unauthorized Access",
  "error": null

4. POST /users/add-user - Add a new user

  • Description: Only the Admin can create new users by providing their email, password, and role. The role cannot be "admin" when creating a new user, and users can only create other users with the "editor" or "viewer" roles.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

POST BASE-URL/users/add-user

Request Body:

  "email": "",
  "password": "password",
  "role": "editor" // or "viewer"

Response Codes to Consider:

  • 201: User created successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 409: Email already exists.


  • a. 201 - User Created Successfully
  "status": 201,
  "data": null,
  "message": "User created successfully.",
  "error": null
  • b. 400 - Bad Request
  "status": 400,
  "data": null,
  "message": "Bad Request",
  "error": null
  • c. 401 - Unauthorized Access
  "status": 401,
  "data": null,
  "message": "Unauthorized Access",
  "error": null
  • d. 403 - Forbidden Access
  "status": 403,
  "data": null,
  "message": "Forbidden Access/Operation not allowed.",
  "error": null
  • e. 409 - Email Already Exists
  "status": 409,
  "data": null,
  "message": "Email already exists.",
  "error": null

5. DELETE /users/:id - Delete a user

  • Description: Only the Admin can delete a user by providing their user ID.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

DELETE BASE-URL/users/:user_id


DELETE BASE-URL/users/123e4567-e89b-12d3-a456-426614174000

Response Codes to Consider:

  • 200: User deleted successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: User not found.


  • a. 200 - User Deleted Successfully
  "status": 200,
  "data": null,
  "message": "User deleted successfully.",
  "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - User Not Found

  "status": 404,
  "data": null,
  "message": "User not found.",
  "error": null

6. PUT /users/update-password - Update user password

  • Description: The user of any role can update their password by providing the old password and a new password.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

PUT BASE-URL/users/update-password

Request Body:

  "old_password": "oldPassword",
  "new_password": "newPassword"

Response Codes to Consider:

  • 204: Password updated successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: User not found.


  • a. 204 - Password Updated Successfully
// No response body


<empty response>
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - User Not Found : Same as above

7. GET /artists - Retrieve All Artists

  • Description: Retrieve a list of all artists.

You can filter artists by Grammy status, visibility, and control the number of records returned using limit and offset.

Query Parameters:

  • limit : Number of records to fetch. Default is 5.
  • offset : Number of records to skip. Default is 0.
  • grammy : Filter artists by number of Grammy awards artist has won(0 or 10).
  • hidden : Filter artists by visibility status(true or false).

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

GET BASE-URL/artists?limit=5&offset=0&grammy=10&hidden=false


GET BASE-URL/artists

Response Codes to Consider:

  • 200: Artists fetched successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.


  • a. 200 - Artists Fetched Successfully
  "status": 200,
  "data": [
      "artist_id": "123e4567-e89b-12d3-a456-426614174000",
      "name": "Adele",
      "grammy": 5,
      "hidden": false,
    ...4 more
  "message": "Artists retrieved successfully.",
  "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

8. GET /artists/:id - Retrieve an Artist

  • Description: Retrieve a single artist by providing their artist ID.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

GET BASE-URL/artists/:artist_id


GET BASE-URL/artists/123e4567-e89b-12d3-a456-426614174000

Response Codes to Consider:

  • 200: Artist fetched successfully.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: Artist not found.


  • a. 200 - Artist Fetched Successfully
  "status": 200,
  "data": {
    "artist_id": "123e4567-e89b-12d3-a456-426614174000",
    "name": "Adele",
    "grammy": 5,
    "hidden": false
  "message": "Artist retrieved successfully.",
  "error": null
  • b. 401 - Unauthorized Access : Same as above

  • c. 403 - Forbidden Access : Same as above

  • d. 404 - Artist Not Found: Same as above

9. POST /artists/add-artist - Add a new Artist

  • Description: Add a new artist to the system.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

POST BASE-URL/artists/add-artist

Request Body:

  "name": "Eminem",
  "grammy": 15,
  "hidden": false

Response Codes to Consider:

  • 201: Artist created successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.


  • a. 201 - Artist Created Successfully
  "status": 201,
  "data": null,
  "message": "Artist created successfully.",
  "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

10. PUT /artists/:id - Update an Artist

  • Description: Update an artist by providing their artist ID, details such as name, Grammy status, and visibility(hidden).

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

PUT BASE-URL/artists/:artist_id


PUT BASE-URL/artists/123e4567-e89b-12d3-a456-426614174000

Request Body:

  "name": "Eminem",
  "grammy": 18,
  "hidden": false

or any of the fields you want to update.

  "name": "Eminem (Slim Shady)"

Response Codes to Consider:

  • 204: Artist updated successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: Artist not found.


  • a. 204 - Artist Updated Successfully : Same as above

  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - Artist Not Found: Same as above

11. DELETE /artists/:id - Delete an Artist

  • Description: Delete an artist by providing their artist ID.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

DELETE BASE-URL/artists/:artist_id

Response Codes to Consider:

  • 200: Artist deleted successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: Artist not found.


  • a. 200 - Artist Deleted Successfully

      "status": 200,
      "data": {
        "artist_id": "123e4567-e89b-12d3-a456-426614174000"
      "message": "Artist:${artist_name} deleted successfully.",
      "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - Artist Not Found: Same as above

12. GET /albums - Retrieve All Albums

  • Description: Retrieve a list of all albums, can filter the albums by artist and visibility(hidden), and control the number of records returned using limit and offset.

Query Parameters:

  • limit : Number of records to fetch. Default is 5.
  • offset : Number of records to skip. Default is 0.
  • artist_id : Filter albums by artist ID.
  • hidden : Filter albums by visibility status(true or false).

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

GET BASE-URL/albums?limit=5&offset=0&artist_id=123e4567-e89b-12d3-a456-426614174000&hidden=false



Response Codes to Consider:

  • 200: Albums fetched successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: Artist not found, not valid artist ID.


  • a. 200 - Albums Fetched Successfully
  "status": 200,
  "data": [
      "album_id": "123e4567-e89b-12d3-a456-426614174000",
      "artist_name": "Eminem",
      "name": "Recovery",
      "year": 2010,
      "hidden": false,
    ...4 more
  "message": "Albums retrieved successfully.",
  "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

13. GET /albums/:id - Retrieve an Album

  • Description: Retrieve a single album by providing its album ID.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

GET BASE-URL/albums/:album_id


GET BASE-URL/albums/123e4567-e89b-12d3-a456-426614174000

Response Codes to Consider:

  • 200: Album fetched successfully.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: Resource Doesn't Exist.


  • a. 200 - Album Fetched Successfully
  "status": 200,
  "data": {
    "album_id": "123e4567-e89b-12d3-a456-426614174000",
    "artist_name": "Eminem",
    "name": "Recovery",
    "year": 2010,
    "hidden": false
  "message": "Album retrieved successfully.",
  "error": null
  • b. 401 - Unauthorized Access : Same as above

  • c. 403 - Forbidden Access : Same as above

  • d. 404 - Resource Doesn't Exist: Same as above

14. POST /albums/add-album - Add a new Album

  • Description: Add a new album to the system.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

POST BASE-URL/albums/add-album

Request Body:

  "artist_id": "123e4567-e89b-12d3-a456-426614174000",
  "name": "Marshall Mathers LP",
  "year": 2000,
  "hidden": false

Response Codes to Consider:

  • 201: Album created successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: Resource Doesn't Exist.


  • a. 201 - Album Created Successfully
  "status": 201,
  "data": null,
  "message": "Album created successfully.",
  "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - Resource Doesn't Exist: Same as above

15. PUT /albums/:id - Update an Album

  • Description: Update an album by providing its album ID, details such as name, year, and visibility(hidden).
  "Authorization": "Bearer <token>"

Request Endpoint:

PUT BASE-URL/albums/:album_id


PUT BASE-URL/albums/123e4567-e89b-12d3-a456-426614174000

Request Body:

  "name": "Marshall Mathers LP 2",
  "year": 2013,
  "hidden": false

or any of the fields you want to update.

  "name": "Marshall Mathers LP 2"

Response Codes to Consider:

  • 204: Album updated successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: Resource Doesn't Exist.


  • a. 204 - Album Updated Successfully : Same as above

  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - Resource Doesn't Exist: Same as above

16. DELETE /albums/:id - Delete an Album

  • Description: Delete an album by providing its album ID.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

DELETE BASE-URL/albums/:album_id


DELETE BASE-URL/albums/123e4567-e89b-12d3-a456-426614174000

Response Codes to Consider:

  • 200: Album deleted successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: Resource Doesn't Exist.


  • a. 200 - Album Deleted Successfully
  "status": 200,
  "data": null,
  "message": "Album:${album_name} deleted successfully.",
  "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - Resource Doesn't Exist: Same as above

17. GET /tracks - Retrieve All Tracks

  • Description: Retrieve a list of all tracks, can filter the tracks by artist, album, and visibility(hidden), and control the number of records returned using limit and offset.

Query Parameters:

  • limit : Number of records to fetch. Default is 5.
  • offset : Number of records to skip. Default is 0.
  • artist_id : Filter tracks by artist ID.
  • album_id : Filter tracks by album ID.
  • hidden : Filter tracks by visibility status(true or false).

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

GET BASE-URL/tracks?limit=5&offset=0&artist_id=123e4567-e89b-12d3-a456-426614174000&album_id=123e4567-e89b-12d3-a456-426614174000&hidden=false



Response Codes to Consider:

  • 200: Tracks fetched successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: Resource Doesn't Exist.


  • a. 200 - Tracks Fetched Successfully
  "status": 200,
  "data": [
      "track_id": "123e4567-e89b-12d3-a456-426614174000",
      "artist_name": "Eminem",
      "album_name": "Recovery",
      "name": "Not Afraid",
      "duration": 263,
      "hidden": false,
    ...4 more
  "message": "Tracks retrieved successfully.",
  "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - Resource Doesn't Exist: Same as above

18. GET /tracks/:id - Retrieve a Track

  • Description: Retrieve a single track by providing its track ID.

Request Headers:

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

GET BASE-URL/tracks/:track_id


GET BASE-URL/tracks/123e4567-e89b-12d3-a456-426614174000

Response Codes to Consider:

  • 200: Track fetched successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: Resource Doesn't Exist.


  • a. 200 - Track Fetched Successfully
  "status": 200,
  "data": {
    "track_id": "123e4567-e89b-12d3-a456-426614174000",
    "artist_name": "Eminem",
    "album_name": "Recovery",
    "name": "Not Afraid",
    "duration": 263,
    "hidden": false
  "message": "Track retrieved successfully.",
  "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - Resource Doesn't Exist: Same as above

19. POST /tracks/add-track - Add a new Track

  • Description: Add a new track to the system.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

POST BASE-URL/tracks/add-track

Request Body:

  "artist_id": "123e4567-e89b-12d3-a456-426614174000",
  "album_id": "123e4567-e89b-12d3-a456-426614174000",
  "name": "Not Afraid",
  "duration": 263,
  "hidden": false

Response Codes to Consider:

  • 201: Track created successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: Resource Doesn't Exist.


  • a. 201 - Track Created Successfully
  "status": 201,
  "data": null,
  "message": "Track created successfully.",
  "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - Resource Doesn't Exist: Same as above

20. PUT /tracks/:id - Update a Track

  • Description: Update a track by providing its track ID, details such as name, duration, and visibility(hidden).
  "Authorization": "Bearer <token>"

Request Endpoint:

PUT BASE-URL/tracks/:track_id


PUT BASE-URL/tracks/123e4567-e89b-12d3-a456-426614174000

Request Body:

  "name": "Not Afraid (Explicit)",
  "duration": 263,
  "hidden": false

or any of the fields you want to update.

  "name": "Not Afraid (Explicit)"

Response Codes to Consider:

  • 204: Track updated successfully.

  • 400: Bad Request.

  • 401: Unauthorized Access.

  • 403: Forbidden Access.

  • 404: Resource Doesn't Exist.


  • a. 204 - Track Updated Successfully : Same as above

  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - Resource Doesn't Exist: Same as above

21. DELETE /tracks/:id - Delete a Track

  • Description: Delete a track by providing its track ID.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

DELETE BASE-URL/tracks/:track_id


DELETE BASE-URL/tracks/123e4567-e89b-12d3-a456-426614174000

Response Codes to Consider:

  • 200: Track deleted successfully.

  • 400: Bad Request.

  • 401: Unauthorized Access.

  • 403: Forbidden Access.

  • 404: Resource Doesn't Exist.


  • a. 200 - Track Deleted Successfully
  "status": 200,
  "data": null,
  "message": "Track:${track_name} deleted successfully.",
  "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - Resource Doesn't Exist: Same as above

22. GET /favorites/:category - Retrieve Favorites

  • Description: Retrieve the user's favorite items based on the category(artist, album, or track) provided.

Query Parameters:

  • category : Category of favorites to retrieve (artist, album, track).
  • limit : Number of records to fetch. Default is 5.
  • offset : Number of records to skip. Default is 0.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

GET BASE-URL/favorites/:category?limit=5&offset=0


GET BASE-URL/favorites/artist

Response Codes to Consider:

  • 200: Favorites fetched successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.


  • a. 200 - Favorites Fetched Successfully
  "status": 200,
  "data": [
      "favorite_id": "123e4567-e89b-12d3-a456-426614174000",
      "category": "artist",
      "item_id": "123e4567-e89b-12d3-a456-426614174000", // item_id based on category type (artist_id, album_id, track_id)
      "name": "Eminem",
      "created_at": "2024-12-03T10:00:00Z"
    ...4 more
  "message": "Favorites retrieved successfully.",
  "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

23. POST /favorites/add-favorite - Add a Favorite

  • Description: Add a new favorite item to the user's list.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

POST BASE-URL/favorites/add-favorite

Request Body:

  "category": "artist", // artist, album, track
  "item_id": "123e4567-e89b-12d3-a456-426614174000" // item_id based on category type (artist_id, album_id, track_id)

Response Codes to Consider:

  • 201: Favorite added successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.
  • 403: Forbidden Access.
  • 404: Resource Doesn't Exist.


  • a. 201 - Favorite Added Successfully
  "status": 201,
  "data": null,
  "message": "Favorite added successfully.",
  "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - Resource Doesn't Exist: Same as above

24. DELETE /favorites/remove-favorite/:id - Remove a Favorite

  • Description: Remove a favorite item from the user's list by providing its favorite ID.

Request Headers:

  "Authorization": "Bearer <token>"

Request Endpoint:

DELETE BASE-URL/favorites/remove-favorite/:favorite_id


DELETE BASE-URL/favorites/remove-favorite/123e4567-e89b-12d3-a456-426614174000

Response Codes to Consider:

  • 200: Favorite removed successfully.
  • 400: Bad Request.
  • 401: Unauthorized Access.


  • a. 200 - Favorite Removed Successfully
  "status": 200,
  "data": null,
  "message": "Favorite removed successfully.",
  "error": null
  • b. 400 - Bad Request : Same as above

  • c. 401 - Unauthorized Access : Same as above

  • d. 403 - Forbidden Access : Same as above

  • e. 404 - Resource Doesn't Exist: Same as above