Rabbhit System API

⚠️ Setup Required: Before using this API, please:

Update database credentials in /config/config.php
Run database migrations in /migrations/
Set proper file permissions on /storage/ directory

🔐 Authentication Endpoints

POST /api/auth/login

User login with email and password

Body: {"email": "user@example.com", "password": "password123"}

POST /api/auth/logout

User logout (requires authentication)

GET /api/auth/csrf-token

Get CSRF token for form submissions

POST /api/auth/refresh

Refresh session and get new CSRF token

📋 Project Management

GET /api/projects

List all projects (with pagination and filtering)

Query Params: ?page=1&limit=20&client_id=123&summary=true

POST /api/projects (Admin only)

Create a new project

Body:

{"name": "New Project", "client_id": 123, "description": "...",
          "deadline": "2024-12-31", "budget": 5000}

GET /api/projects?id=123

Get specific project details

PUT /api/projects?id=123

Update project details

DELETE /api/projects?id=123 (Admin only)

Delete a project

🎯 Milestones & Tasks

GET /api/milestones?project_id=123

List project milestones

POST /api/milestones (Admin only)

Create milestone

GET /api/tasks?project_id=123

List project tasks (filterable by milestone, status, priority)

Query Params: ?project_id=123&milestone_id=456&status=in_progress&priority=high

POST /api/tasks (Admin only)

Create task

📁 File Management

GET /api/files?project_id=123

List project files

POST /api/files

Upload file (multipart/form-data)

Form Data: file, project_id, task_id (optional), description (optional)

GET /api/files?id=123&download=true

Download file

DELETE /api/files?id=123

Delete file (owner or admin only)

💬 Messaging System

GET /api/messages?project_id=123

List project messages

Query Params: ?project_id=123&thread_id=456&mark_read=true

POST /api/messages

Send message

Body:

{"project_id": 123, "subject": "Hello", "content": "Message content",
          "parent_id": 456}

🔒 Security Features

Session-based Authentication: Secure login with session management
CSRF Protection: All write operations require CSRF tokens
Rate Limiting: Login attempts, message sending, and file uploads are rate limited
Role-based Access: Admin and client roles with appropriate permissions
Input Validation: All inputs are sanitized and validated
File Upload Security: File type validation and secure storage

📊 Response Format

All API responses follow a consistent JSON format:

Success: {"success": true, "data": {...}}
Error: {"success": false, "error": "Error message"}
Validation Error:

{"success": false, "error": "Validation failed", "errors": {"field":
        ["Error message"]}}

🚀 Deployment Notes

Designed for Hostinger shared hosting environment
Uses PHP 8.0+ and MySQL/MariaDB
File uploads stored in /storage/uploads/ directory
Database migrations available in /migrations/
Complete activity logging for audit trails
Ready for production with proper error handling

🎉 Your Rabbhit System API is ready for deployment!

Update the configuration, run the migrations, and start managing projects efficiently.

🐰 Rabbhit System API