Backend API

The NeuroLab backend is an Express service that owns authentication, user and doctor workflows, appointments, uploads, reports, billing, notifications, and chat orchestration.

This page is an overview of the current route surface. For the full request and response schema details, use the generated Swagger UI exposed by the backend itself.

Base URL

• Local: http://localhost:5000
• Swagger UI: http://localhost:5000/api-docs
• OpenAPI JSON: http://localhost:5000/api-docs.json

The backend root endpoint is:

GET /

It returns a basic service status payload.

Authentication

Authentication routes are mounted under:

/api/auth

Current auth routes include:

• POST /api/auth/register
• POST /api/auth/login
• POST /api/auth/refresh
• POST /api/auth/logout
• GET /api/auth/verify-email/:token
• POST /api/auth/request-password-reset
• POST /api/auth/reset-password/:token

Example login request:

POST /api/auth/login
Content-Type: application/json

{
  "email": "user@example.com",
  "password": "yourpassword"
}

Example login response shape:

{
  "message": "Login successful",
  "accessToken": "jwt-access-token",
  "refreshToken": "jwt-refresh-token",
  "user": {
    "id": "user-id",
    "fullName": "John Doe",
    "username": "johndoe",
    "email": "user@example.com",
    "role": "USER"
  }
}

Primary Route Groups

The backend currently mounts the following route prefixes:

• /api/auth
• /api/users
• /api/admin
• /api/doctors
• /api/devices
• /api/sessions
• /api/analysis
• /api/reviews
• /api/uploads
• /api/reports
• /api/appointments
• /api/calendar
• /api/notifications
• /api/clinics
• /api/billing
• /api/chat

Appointments

Appointments are mounted under:

/api/appointments

Notable routes include:

• GET /api/appointments/
• GET /api/appointments/doctors
• GET /api/appointments/doctors/search
• GET /api/appointments/doctor/me
• GET /api/appointments/user/me

This area is broader than a single create/list pair. The backend supports patient, doctor, scheduling, and calendar-oriented appointment flows.

Uploads

Uploads are mounted under:

/api/uploads

Current documented routes include:

• POST /api/uploads/upload
• GET /api/uploads/
• GET /api/uploads/:uploadId
• GET /api/uploads/:uploadId/access
• DELETE /api/uploads/:uploadId

The upload route uses multipart/form-data with a file field.

Reports

Reports are mounted under:

/api/reports

Current documented routes include:

• POST /api/reports/
• GET /api/reports/
• GET /api/reports/:reportId
• GET /api/reports/:reportId/access
• GET /api/reports/:reportId/events

Report generation is modeled as a queued workflow rather than a single synchronous generate endpoint.

Chat

Chat is mounted under:

/api/chat

The backend chat API is conversation-based and supports both synchronous and queued AI responses.

Notable routes include:

• POST /api/chat/conversations
• GET /api/chat/conversations
• GET /api/chat/conversations/:id/messages
• POST /api/chat/conversations/:id/messages
• POST /api/chat/conversations/:id/messages/submit
• PATCH /api/chat/conversations/:id
• DELETE /api/chat/conversations/:id
• POST /api/chat/conversations/:id/refresh-title
• GET /api/chat/jobs/:jobId/status
• GET /api/chat/jobs/:jobId/sse

Use the submit and sse endpoints when you want asynchronous AI processing with job status and event streaming.

Devices, Analysis, and Other Domains

Additional route groups are active for:

• users and profile management
• admin operations
• doctors and patient workflows
• devices and device status
• session tracking
• analysis orchestration
• reviews
• notifications
• clinics
• billing
• calendar integrations

Those areas are part of the live backend surface even if they are not fully expanded on this page yet.

Notes

• Global rate limiting is enabled.
• Most application routes are mounted under /api/*.
• Swagger is the best current source of truth for backend request and response schemas.
• If this page and Swagger disagree, trust Swagger and the route files in backend/routes.