A RESTful API for a blogging platform with user authentication, email verification, and full CRUD for blog posts.
- User Registration & Login (JWT authentication, cookie-based)
- Email Verification via OTP
- Logout
- Healthcheck Endpoint
- CRUD for Blog Posts
- Create, Read (all/single), Update, Delete
- Only the post owner can update or delete their post
- Tags (basic support in post model)
- Backend: Node.js, Express
- Database: MongoDB (Mongoose)
- Auth: JWT, bcryptjs, cookie-based sessions
- Email: Nodemailer (Brevo/Sendinblue SMTP)
- Other: dotenv, cors, helmet, morgan
-
Clone the repository
git clone https://github.com/your-username/blog-api.git cd blog-api -
Install dependencies
npm install
-
Configure environment variables
Create a
.envfile in the root directory with the following:PORT=4000 MONGODB_URI=your_mongodb_connection_string JWT_SECRET=your_jwt_secret CORS_ORIGIN=http://localhost:3000 SMTP_USER=your_brevo_user SMTP_PASS=your_brevo_pass [email protected] NODE_ENV=development -
Start the server
npm start
The API will run on
http://localhost:4000by default.
POST /api/v1/auth/register— Register a new userPOST /api/v1/auth/login— Login and receive JWT in cookiePOST /api/v1/auth/logout— Logout userPOST /api/v1/auth/send-verify-otp— Send email verification OTP (requires login)POST /api/v1/auth/verify-account— Verify email with OTP (requires login)
GET /api/v1/healthcheck— Check if API is running
POST /api/v1/posts— Create a post (requires login)GET /api/v1/posts— List all postsGET /api/v1/posts/:id— Get a single postPUT /api/v1/posts/:id— Update a post (owner only, requires login)DELETE /api/v1/posts/:id— Delete a post (owner only, requires login)
Use Postman or similar tools to test the endpoints.
- Register and login to receive the
tokencookie. - Use the same tab/session for all requests to keep cookies.
- Only the post owner can update or delete their post.
MIT
Happy coding!