/api
All protected endpoints require Bearer token authentication in the Authorization header:
Authorization: Bearer <token>
Available tokens:
- Admin user (ID: 1):
abcdef1234567890 - Consumer user (ID: 2):
1234567890
GET /api/movies/popularQuery Parameters:
page(optional): Page number for pagination
Response:
{
"page": 1,
"total_pages": 500,
"total_results": 10000,
"results": [
{
"id": 123,
"title": "Movie Title",
"release_date": "2024-01-01",
"overview": "Movie description",
"popularity": 123.45,
"vote_average": 7.8
}
]
}Notes:
- Cached for 30 seconds (configurable via CACHE_DURATION_SECONDS env var)
- Implements retry and exponential backoff on external API failures
- Falls back to cached data on IOError
- All external API errors are logged to stderr
POST /api/users/{user_id}/favoritesAuthentication: Required (Bearer token)
Request Body:
{
"movie_id": 123
}Response (201 Created):
{
"id": 456,
"movie_id": 123,
"created_at": "2024-01-01T12:00:00Z"
}DELETE /api/users/{user_id}/favorites/{id}Authentication: Required (Bearer token)
Response (204 No Content)
GET /api/users/{user_id}/favoritesAuthentication: Required (Bearer token)
Query Parameters:
sort: Sort criteria (optional)release_date(default): Sort by movie release daterating: Sort by user rating
order: Sort order (optional)desc(default): Descending orderasc: Ascending order
Response:
{
"favorites": [
{
"id": 456,
"movie_id": 123,
"title": "Movie Title",
"release_date": "2024-01-01",
"overview": "Movie description",
"popularity": 123.45,
"vote_average": 7.8,
"user_rating": 4,
"created_at": "2024-01-01T12:00:00Z"
}
]
}Notes:
- Returns complete movie details from TheMovieDB
- Includes user's rating if available
- Cached for 30 seconds (configurable)
- Falls back to cached data on external API errors
POST /api/movies/ratingsAuthentication: Required (Bearer token)
Request Body:
{
"movie_id": 123,
"rating": 4
}Validation:
- Rating must be between 0 and 5 (inclusive)
- Movie must exist in TheMovieDB
Response (201 Created):
{
"id": 789,
"movie_id": 123,
"rating": 4,
"created_at": "2024-01-01T12:00:00Z"
}PUT /api/movies/ratings/{id}Authentication: Required (Bearer token)
Request Body:
{
"rating": 5
}Validation:
- Rating must be between 0 and 5 (inclusive)
- Rating must exist and belong to the authenticated user
Response (200 OK):
{
"id": 789,
"movie_id": 123,
"rating": 5,
"updated_at": "2024-01-01T12:00:00Z"
}DELETE /api/admin/users/{userId}/favoritesAuthentication: Required (Admin token only)
Response (204 No Content)
All endpoints return errors in the following format:
{
"error": {
"code": "ERROR_CODE",
"message": "Human readable error message",
"details": {} // Optional additional information
}
}Common Error Codes:
INVALID_TOKEN: Missing or invalid authentication tokenINSUFFICIENT_PERMISSIONS: Valid token but insufficient permissionsINVALID_RATING: Rating value out of range (0-5)MOVIE_NOT_FOUND: Movie ID not found in TheMovieDBRATING_NOT_FOUND: Rating ID not found or doesn't belong to userEXTERNAL_API_ERROR: Error communicating with TheMovieDBVALIDATION_ERROR: Request validation failed
HTTP Status Codes:
- 200: Success
- 201: Created
- 204: No Content
- 400: Bad Request (validation errors)
- 401: Unauthorized (missing or invalid token)
- 403: Forbidden (insufficient permissions)
- 404: Not Found
- 500: Internal Server Error
- 503: Service Unavailable (external API unavailable)
- All GET endpoints are cached in Redis
- Default cache duration: 30 seconds
- Configurable via environment variables:
CACHE_DURATION_SECONDS: Cache duration (default: 30)REDIS_URL: Redis connection URLREDIS_PASSWORD: Redis password (if required)
- Implements retry with exponential backoff:
- Max retries: 3
- Initial delay: 1 second
- Max delay: 5 seconds
- Exponential multiplier: 2
- Falls back to cached data on failures
- All errors are logged to stderr with:
- Error details
- Request context
- Stack trace
- Retry attempt number