Overview
These endpoints require a valid JWT. Access rules:
- List / Detail: admin, employee, customer, delivery
- Add: admin, employee
- Delete: admin only
Categories
GET
/categories
Public
List all categories (no auth required).
200 OK
{
"categories": [
{"id": 1, "name": "Fruits", "slug": "fruits", "description": "All fruits"}
]
}
POST
/categories
Admin or Employee
Create a category.
Request Body
name(required)slug(required, unique)description(optional)
Example:
POST /categories
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "Fruits",
"slug": "fruits",
"description": "All fruits"
}201 Created
400 missing required
409 slug exists
GET
/categories/<category_id>
Public
Get a category and its products (no auth required).
200 OK
{
"category": {"id": 1, "name": "Fruits", "slug": "fruits"},
"products": [
{"id": 10, "name": "Bananas", "category_id": 1}
]
}404 Not Found
DELETE
/categories/<category_id>
Admin Only
Delete a category.
200 OK
404 Not Found