This document outlines the API endpoints for the DocuMindAI application, a collaborative document editing platform with AI-powered features. The API supports document management, user authentication, real-time collaboration, and AI-generated content. All endpoints require proper authentication unless specified otherwise.
https://api.documind-ai.web.id
- Authentication Routes:
POST /auth/google/callback- Google OAuth loginGET /auth/me- Get authenticated user profilePUT /auth/profile- Update user profile
- Document Routes:
GET /documents/public- Get all public documents (no auth required)POST /documents- Create a new documentGET /documents- Get all user-owned documentsGET /documents/shared- Get all documents shared with userGET /documents/:id- Get document by IDGET /documents/:id/access- Check document access permissionsPOST /documents/:id/share- Share document with another userPUT /documents/:id- Update documentPATCH /documents/:id- Update document (alias for PUT)DELETE /documents/:id- Delete documentGET /documents/test-email- Send test email
- AI Routes:
POST /ai/generate-title- Generate document title using AIPOST /ai/process- Process text using AIGET /ai/summaries/document/:documentId- Get summaries for a documentPOST /ai/summaries- Create or update a document summary
- WebSocket Events:
joinDocument- Join a document for real-time collaborationupdateDocument- Update document content in real-timeuserTyping- Notify typing activityuserStoppedTyping- Notify stopped typingleaveDocument- Leave a document roomdisconnect- Handle client disconnection- Server-emitted:
newDocument,documentUpdated,documentShared,documentDeleted,activeUsers,documentContentUpdated,aiSuggestion,aiSummary,userTyping,userStoppedTyping
Most endpoints require a JWT token obtained via the /auth/google/callback endpoint. Include the token in the Authorization header as follows:
Authorization: Bearer <your-jwt-token>
Initiates Google OAuth login and returns a JWT token.
- Request Body:
{ "idToken": "string" // Google ID token } - Response:
- 200 OK:
{ "access_token": "string", "user": { "id": "number", "username": "string", "email": "string" } } - 400 Bad Request: Missing
idToken. - 500 Internal Server Error: Server-side error.
- 200 OK:
Retrieves the profile of the authenticated user.
- Headers:
Authorization: Bearer <your-jwt-token> - Response:
- 200 OK:
{ "id": "number", "username": "string", "email": "string", "phoneNumber": "string|null" } - 401 Unauthorized: Missing or invalid token.
- 404 Not Found: User not found.
- 200 OK:
Updates the authenticated user's profile.
- Headers:
Authorization: Bearer <your-jwt-token> - Request Body:
{ "username": "string", // Optional "phoneNumber": "string" // Optional } - Response:
- 200 OK:
{ "id": "number", "username": "string", "email": "string", "phoneNumber": "string|null" } - 401 Unauthorized: Missing or invalid token.
- 404 Not Found: User not found.
- 500 Internal Server Error: Server-side error.
- 200 OK:
Retrieves all public documents. No authentication required.
- Response:
- 200 OK:
[ { "id": "number", "title": "string", "content": "string", "userId": "number", "isPublic": true, "createdAt": "string", "updatedAt": "string", "creator": { "id": "number", "username": "string", "email": "string" }, "lastEditor": { "id": "number", "username": "string", "email": "string" } } ] - 500 Internal Server Error: Server-side error.
- 200 OK:
Creates a new document.
- Headers:
Authorization: Bearer <your-jwt-token> - Request Body:
{ "content": "string", // Optional, default: "" "isPublic": false // Optional, default: false } - Response:
- 201 Created:
{ "message": "Document created successfully", "document": { "id": "number", "title": "string", // AI-generated if content provided "content": "string", "userId": "number", "isPublic": false, "lastEditedById": "number", "createdAt": "string", "updatedAt": "string" } } - 401 Unauthorized: Missing or invalid token.
- 500 Internal Server Error: Server-side error.
- 201 Created:
Retrieves all documents owned by the authenticated user.
- Headers:
Authorization: Bearer <your-jwt-token> - Response:
- 200 OK:
[ { "id": "number", "title": "string", "content": "string", "userId": "number", "isPublic": false, "createdAt": "string", "updatedAt": "string", "creator": { "id": "number", "username": "string", "email": "string" }, "lastEditor": { "id": "number", "username": "string", "email": "string" } } ] - 401 Unauthorized: Missing or invalid token.
- 500 Internal Server Error: Server-side error.
- 200 OK:
Retrieves all documents shared with the authenticated user.
- Headers:
Authorization: Bearer <your-jwt-token> - Response:
- 200 OK:
[ { "id": "number", "title": "string", "content": "string", "userId": "number", "isPublic": false, "createdAt": "string", "updatedAt": "string", "creator": { "id": "number", "username": "string", "email": "string" }, "lastEditor": { "id": "number", "username": "string", "email": "string" } } ] - 401 Unauthorized: Missing or invalid token.
- 500 Internal Server Error: Server-side error.
- 200 OK:
Retrieves a document by ID.
- Headers:
Authorization: Bearer <your-jwt-token> - Parameters:
id: Document ID
- Response:
- 200 OK:
{ "id": "number", "title": "string", "content": "string", "userId": "number", "isPublic": false, "createdAt": "string", "updatedAt": "string", "creator": { "id": "number", "username": "string", "email": "string" }, "lastEditor": { "id": "number", "username": "string", "email": "string" } } - 401 Unauthorized: Missing or invalid token.
- 403 Forbidden: Access denied.
- 404 Not Found: Document not found.
- 500 Internal Server Error: Server-side error.
- 200 OK:
Checks access permissions for a document.
- Headers:
Authorization: Bearer <your-jwt-token> - Parameters:
id: Document ID
- Response:
- 200 OK:
{ "hasAccess": true, "accessLevel": "edit|view|null" } - 401 Unauthorized: Missing or invalid token.
- 404 Not Found: Document not found.
- 500 Internal Server Error: Server-side error.
- 200 OK:
Shares a document with another user via email.
- Headers:
Authorization: Bearer <your-jwt-token> - Parameters:
id: Document ID
- Request Body:
{ "email": "string", "accessLevel": "edit" // Optional, default: "edit" } - Response:
- 200 OK:
{ "message": "Document shared successfully" } - 400 Bad Request: Invalid email or user already has access.
- 401 Unauthorized: Missing or invalid token.
- 403 Forbidden: Only the creator can share.
- 404 Not Found: Document not found.
- 500 Internal Server Error: Server-side error.
- 200 OK:
Updates a document.
- Headers:
Authorization: Bearer <your-jwt-token> - Parameters:
id: Document ID
- Request Body:
{ "title": "string", // Optional "content": "string", // Optional "isPublic": false // Optional } - Response:
- 200 OK:
{ "message": "Document updated successfully", "document": { "id": "number", "title": "string", "content": "string", "userId": "number", "isPublic": false, "lastEditedById": "number", "createdAt": "string", "updatedAt": "string" } } - 401 Unauthorized: Missing or invalid token.
- 403 Forbidden: Access denied.
- 404 Not Found: Document not found.
- 500 Internal Server Error: Server-side error.
- 200 OK:
Alias for PUT /documents/:id (same functionality).
Deletes a document.
- Headers:
Authorization: Bearer <your-jwt-token> - Parameters:
id: Document ID
- Response:
- 200 OK:
{ "message": "Document deleted successfully" } - 401 Unauthorized: Missing or invalid token.
- 404 Not Found: Document not found.
- 500 Internal Server Error: Server-side error.
- 200 OK:
Sends a test email for debugging purposes.
- Response:
- 200 OK:
{ "message": "Email tes berhasil dikirim" } - 500 Internal Server Error: Email sending failed.
- 200 OK:
Generates a document title using AI.
- Headers:
Authorization: Bearer <your-jwt-token> - Request Body:
{ "prompt": "string" // Document content or description } - Response:
- 200 OK:
{ "title": "string" } - 400 Bad Request: Missing or invalid prompt.
- 401 Unauthorized: Missing or invalid token.
- 502 Bad Gateway: AI service error.
- 500 Internal Server Error: Server-side error.
- 200 OK:
Processes a prompt using AI to generate content.
- Headers:
Authorization: Bearer <your-jwt-token> - Request Body:
{ "prompt": "string" // Text to process } - Response:
- 200 OK:
{ "result": "string" } - 400 Bad Request: Missing or invalid prompt.
- 401 Unauthorized: Missing or invalid token.
- 502 Bad Gateway: AI service error.
- 500 Internal Server Error: Server-side error.
- 200 OK:
Retrieves all summaries for a specific document.
- Headers:
Authorization: Bearer <your-jwt-token> - Parameters:
documentId: Document ID
- Response:
- 200 OK:
[ { "id": "number", "documentId": "number", "content": "string", "createdAt": "string", "updatedAt": "string" } ] - 401 Unauthorized: Missing or invalid token.
- 404 Not Found: Document not found.
- 500 Internal Server Error: Server-side error.
- 200 OK:
Creates or updates a summary for a document.
- Headers:
Authorization: Bearer <your-jwt-token> - Request Body:
{ "documentId": "number", "content": "string" } - Response:
- 201 Created (new summary):
{ "id": "number", "documentId": "number", "content": "string", "createdAt": "string", "updatedAt": "string" } - 200 OK (updated summary):
{ "id": "number", "documentId": "number", "content": "string", "createdAt": "string", "updatedAt": "string" } - 400 Bad Request: Missing documentId or content.
- 401 Unauthorized: Missing or invalid token.
- 404 Not Found: Document not found.
- 500 Internal Server Error: Server-side error.
- 201 Created (new summary):
The API supports real-time collaboration via Socket.IO. Clients connect to the server at the base URL and listen for the following events:
Joins a document room for real-time collaboration.
- Payload:
{ "documentId": "number", "userId": "number" } - Emitted Events:
activeUsers: List of active users in the document.{ "documentId": "number", "users": [ { "id": "number", "name": "string", "color": "string" } ] }error: If document not found or access denied.
Updates document content in real-time.
- Payload:
{ "documentId": "number", "content": "string", "userId": "number" } - Emitted Events:
documentContentUpdated: Broadcasts updated content.{ "documentId": "number", "content": "string", "userId": "number" }aiSuggestion: AI-generated suggestion for content continuation.{ "documentId": "number", "suggestion": "string" }aiSummary: AI-generated summary of the document.{ "documentId": "number", "summary": "string" }error: If document not found or access denied.
Notifies other users of typing activity.
- Payload:
{ "documentId": "number", "userId": "number", "userName": "string", "cursorPos": "number", "selection": "object" } - Emitted Event:
userTyping: Broadcasts typing information.{ "documentId": "number", "userId": "number", "userName": "string", "cursorPos": "number", "selection": "object" }
Notifies other users when a user stops typing.
- Payload:
{ "documentId": "number", "userId": "number" } - Emitted Event:
userStoppedTyping: Broadcasts stopped typing information.{ "documentId": "number", "userId": "number" }
Removes a user from a document room.
- Payload:
{ "documentId": "number", "userId": "number" } - Emitted Event:
activeUsers: Updated list of active users.
Handles client disconnection.
- Emitted Event:
activeUsers: Updated list of active users for all affected documents.
newDocument: When a new document is created.{ "id": "number", "title": "string", "userId": "number", "isPublic": false, "createdAt": "string" }documentUpdated: When a document is updated.{ "documentId": "number", "title": "string", "content": "string", "isPublic": false, "updatedAt": "string" }documentShared: When a document is shared.{ "documentId": "number", "email": "string", "sharedBy": "string" }documentDeleted: When a document is deleted.{ "documentId": "number" }
All endpoints return error responses in the following format:
{
"message": "string"
}Common status codes:
- 400 Bad Request: Invalid input.
- 401 Unauthorized: Missing or invalid token.
- 403 Forbidden: Access denied.
- 404 Not Found: Resource not found.
- 500 Internal Server Error: Server-side error.
- 502 Bad Gateway: AI service error.
- The API uses a PostgreSQL database configured in
config.json. - Environment variables (e.g.,
GOOGLE_AI_API_KEY,JWT_SECRET,EMAIL_USER) must be set in a.envfile. - Real-time features rely on Socket.IO with CORS enabled for the client URL.
- AI functionalities use Google’s Gemini 2.0 Flash model.
- Email notifications are sent via Nodemailer using a Gmail account.
For further details, refer to the source code or contact the development team.