Skip to main content

API Endpoints Summary

This document provides an overview of all API endpoints created for the FishingLog application.

Authorization & Authentication

All endpoints require JWT Bearer token authentication via AWS Cognito.

User Roles

  • Standard: Regular user
  • DNR: Department of Natural Resources - can access all data for research (with consent)
  • Researcher: Approved researcher (with consent)
  • Admin: System administrator
  • Moderator: Content moderator

Controllers Created

1. FishingLogController (/api/fishinglog)

Manages fishing log entries, sessions, and catches with privacy controls.

Endpoints:

  • GET /api/fishinglog/entries - Get all accessible fishing log entries
  • GET /api/fishinglog/entries/{id} - Get specific entry
  • POST /api/fishinglog/entries - Create new entry
  • PUT /api/fishinglog/entries/{id} - Update entry (owner only)
  • DELETE /api/fishinglog/entries/{id} - Delete entry (owner only)
  • GET /api/fishinglog/sessions - Get user's fishing sessions
  • GET /api/fishinglog/sessions/{id} - Get specific session
  • POST /api/fishinglog/sessions - Create new session
  • GET /api/fishinglog/entries/{entryId}/catches - Get catches for entry
  • POST /api/fishinglog/entries/{entryId}/catches - Add catch to entry
  • GET /api/fishinglog/dnr/analysis - DNR-only: Get data for analysis

Privacy:

  • Entries respect LogVisibility (Public, Private, Friends, Circle)
  • DNR users can access entries with consent
  • Owners can always access their own entries

2. TournamentController (/api/tournament)

Manages tournaments with organizer and sponsor permissions.

Endpoints:

  • GET /api/tournament - Get all accessible tournaments
  • GET /api/tournament/{id} - Get specific tournament
  • POST /api/tournament - Create tournament (verified organizers only)
  • PUT /api/tournament/{id} - Update tournament (organizer only)
  • POST /api/tournament/{tournamentId}/register - Register for tournament
  • GET /api/tournament/{tournamentId}/registrations - Get registrations
  • GET /api/tournament/{tournamentId}/registrations/{registrationId} - Get specific registration
  • GET /api/tournament/{tournamentId}/results - Get tournament results/leaderboard
  • POST /api/tournament/{tournamentId}/results - Add result (organizer only)
  • GET /api/tournament/{tournamentId}/sponsors - Get tournament sponsors
  • POST /api/tournament/{tournamentId}/sponsors - Add sponsor (organizer only)

Permissions:

  • Only verified tournament organizers can create tournaments
  • Organizers can manage their tournaments
  • Users can register for public tournaments
  • Organizers can see all registrations, users see only their own

3. UserProfileController (/api/userprofile)

Manages user profiles with privacy controls.

Endpoints:

  • GET /api/userprofile/me - Get current user's profile
  • GET /api/userprofile/{userId} - Get user's public profile (respects privacy)
  • PUT /api/userprofile/me - Update current user's profile
  • GET /api/userprofile/{userId}/personal-bests - Get user's PBs
  • GET /api/userprofile/{userId}/ultimate-pb - Get user's ultimate PB

Privacy:

  • Respects ProfileVisibility settings
  • Circle members can see circle profiles
  • Public profiles visible to all

4. PersonalBestController (/api/personalbest)

Manages Personal Best records and criteria.

Endpoints:

  • GET /api/personalbest/me - Get all user's PBs
  • GET /api/personalbest/me/criteria - Get PB criteria
  • POST /api/personalbest/me/criteria - Create PB criteria
  • PUT /api/personalbest/{pbId}/set-ultimate - Set ultimate PB

5. GearController (/api/gear)

Manages fishing gear (reference data) and user gear setups.

Endpoints:

  • GET /api/gear/rods - Get all rods (reference data)
  • GET /api/gear/rods/{id} - Get specific rod
  • GET /api/gear/reels - Get all reels (reference data)
  • GET /api/gear/reels/{id} - Get specific reel
  • GET /api/gear/lines - Get all lines (reference data)
  • GET /api/gear/lines/{id} - Get specific line
  • GET /api/gear/lures - Get all lures (reference data)
  • GET /api/gear/lures/{id} - Get specific lure
  • GET /api/gear/apparel - Get all apparel (reference data)
  • GET /api/gear/apparel/{id} - Get specific apparel
  • GET /api/gear/boats - Get user's boats
  • GET /api/gear/boats/{id} - Get specific boat
  • POST /api/gear/boats - Create boat
  • PUT /api/gear/boats/{id} - Update boat
  • DELETE /api/gear/boats/{id} - Delete boat
  • GET /api/gear/setups - Get user's gear setups
  • GET /api/gear/setups/{id} - Get specific setup
  • POST /api/gear/setups - Create gear setup
  • PUT /api/gear/setups/{id} - Update setup
  • DELETE /api/gear/setups/{id} - Delete setup

Note: Rods, Reels, Lines, and Lures are reference/catalog data (not user-owned). Users create GearSetups that reference these items. Boats are user-owned.

6. SocialController (/api/social)

Manages social media features with Facebook-like functionality.

Endpoints:

  • GET /api/social/posts - Get posts feed (respects privacy)
  • GET /api/social/posts/{id} - Get specific post
  • POST /api/social/posts - Create post
  • PUT /api/social/posts/{id} - Update post (owner only)
  • DELETE /api/social/posts/{id} - Delete post (owner only)
  • POST /api/social/posts/{id}/like - Like post
  • DELETE /api/social/posts/{id}/like - Unlike post
  • POST /api/social/posts/{id}/comments - Add comment
  • GET /api/social/posts/{id}/comments - Get comments
  • GET /api/social/friends - Get friends list
  • POST /api/social/friends/{friendId} - Add friend
  • DELETE /api/social/friends/{friendId} - Remove friend

Privacy: Posts respect PostVisibility (Public, Private, Friends, Circle)

7. CharterController (/api/charter)

Manages charter listings and bookings.

Endpoints:

  • GET /api/charter/listings - Get all active listings
  • GET /api/charter/listings/{id} - Get specific listing
  • POST /api/charter/listings - Create listing (charter captains only)
  • POST /api/charter/listings/{listingId}/book - Book charter trip
  • GET /api/charter/bookings - Get user's bookings
  • GET /api/charter/bookings/{id} - Get specific booking

Permissions: Only charter captains can create listings

8. RegulationsController (/api/regulations)

Manages fishing regulations and Master Angler programs.

Endpoints:

  • GET /api/regulations/by-location - Get regulations for location
  • GET /api/regulations/master-angler/{stateId} - Get Master Angler program
  • GET /api/regulations/master-angler/submissions - Get user's submissions

9. FishSpeciesController (/api/fish-species)

Manages fish species and taxonomic relationships.

Endpoints:

  • GET /api/fish-species - Get all species
  • GET /api/fish-species/{id} - Get specific species

Note: Reference data - read-only for most users

10. BrandController (/api/brands)

Manages fishing gear brands.

Endpoints:

  • GET /api/brands - Get all brands
  • GET /api/brands/{id} - Get specific brand

Note: Reference data - read-only for most users

11. EventController (/api/events)

Manages fishing events (expos, swap meets, seminars).

Endpoints:

  • GET /api/events - Get all public events
  • GET /api/events/{id} - Get specific event
  • POST /api/events/{id}/register - Register for event

12. ClubController (/api/clubs)

Manages fishing clubs and memberships.

Endpoints:

  • GET /api/clubs - Get all public clubs
  • GET /api/clubs/{id} - Get specific club
  • POST /api/clubs/{id}/join - Join club
  • GET /api/clubs/my-clubs - Get user's clubs

13. SpotController (/api/spots)

Manages fishing spots, ratings, and boat ramps.

Endpoints:

  • GET /api/spots/nearby - Get spots near location
  • GET /api/spots/{id} - Get specific spot
  • POST /api/spots/{id}/rate - Rate spot

14. ReportController (/api/reports)

Manages fishing reports and conditions.

Endpoints:

  • GET /api/reports/by-location - Get reports for location
  • GET /api/reports/{id} - Get specific report
  • POST /api/reports - Create report
  • POST /api/reports/{id}/rate - Rate report as helpful

Implementation Patterns

All controllers follow these patterns:

Authorization

  • Use AuthorizationHelper.GetCurrentUserAsync() to get current user
  • Check ownership with AuthorizationHelper.IsOwner()
  • Check roles with AuthorizationHelper.IsDnrUserAsync(), IsAdminAsync(), etc.
  • Use [Authorize] attribute on controllers

Privacy

  • Use QueryExtensions.WithAccessFilter() for privacy-filtered queries
  • Check access with AuthorizationHelper.CanViewFishingLogEntryAsync()
  • Respect visibility enums (Public, Private, Circle, Friends)

DNR Access

  • DNR users can access data with consent
  • Log all DNR access in DnrAccessLog
  • Check consent levels before granting access

Response Format

  • Return entities directly (no DTOs/mapping)
  • Include related data via .Include() for full details
  • Use proper HTTP status codes (200, 201, 404, 403, 401)

Swagger Documentation

  • Use XML comments for all endpoints
  • Include [ProducesResponseType] attributes
  • Document parameters and return types

Notes

  • All endpoints return entities directly (no DTOs/mapping)
  • Detailed Swagger documentation included
  • Privacy and authorization checks implemented
  • DNR access logging for compliance
  • Tournament organizer verification required for paid tournaments
  • Sponsor permissions checked for tournament sponsors