This is a comprehensive booking management system with role-based access control for Customers, Business Owners, and Staff Members.
Create a new booking
- Role:
CUSTOMER - Body:
{
"serviceId": "service-id",
"staffId": "staff-id",
"startTime": "2024-12-25T10:00:00Z",
"customerNotes": "Optional notes"
}- Validations:
- Service must be active
- Staff must be assigned to service
- Time slot must be available
- Booking time must be in the future
- Response: Created booking with service, staff, and business details
Get my bookings
- Role:
CUSTOMER - Query Params:
status: BookingStatus (optional)startDate: ISO date (optional)endDate: ISO date (optional)
- Response: Array of bookings
Get specific booking details
- Role:
CUSTOMER - Response: Detailed booking with payment info
Update my booking
- Role:
CUSTOMER - Body:
{
"startTime": "2024-12-26T11:00:00Z",
"customerNotes": "Updated notes"
}- Restrictions: Only PENDING bookings can be updated
- Validations: New time slot must be available
Cancel my booking
- Role:
CUSTOMER - Body:
{
"cancellationReason": "Personal emergency"
}- Restrictions: Cannot cancel COMPLETED bookings
Get all business bookings
- Role:
BUSINESS_OWNER - Query Params: Same as customer endpoint
- Response: All bookings for the business with customer details
Get booking details
- Role:
BUSINESS_OWNER - Response: Full booking details including payment
Update booking status
- Role:
BUSINESS_OWNER - Body:
{
"status": "CONFIRMED",
"staffNotes": "Confirmed with client"
}- Allowed Statuses:
CONFIRMED- Sets confirmedAt timestampCOMPLETED- Sets completedAt timestampCANCELLED- Sets cancelledAt timestampNO_SHOW- Customer didn't show up
Get my assigned bookings
- Role:
STAFF - Query Params: Same as other endpoints
- Response: Bookings assigned to this staff member
Get booking details
- Role:
STAFF - Response: Booking details for assigned booking
Update booking status
- Role:
STAFF - Body: Same as owner status update
- Allowed Statuses:
CONFIRMED,COMPLETED
Get my staff profile
- Role:
STAFF - Response:
{
"id": "staff-id",
"userId": "user-id",
"businessId": "business-id",
"position": "Senior Hair Stylist",
"bio": "10+ years experience...",
"isActive": true,
"customSchedule": {...},
"user": {...},
"business": {...},
"_count": {
"services": 5,
"bookings": 120
}
}Update my profile
- Role:
STAFF - Body:
{
"position": "Senior Hair Stylist",
"bio": "Updated bio...",
"customSchedule": {
"monday": { "open": "10:00", "close": "18:00", "closed": false },
"tuesday": { "open": "10:00", "close": "18:00", "closed": false }
}
}Get my assigned services
- Role:
STAFF - Response: Array of services assigned to staff member
Get my schedule
- Role:
STAFF - Query Params:
startDate: ISO date (optional, defaults to today)endDate: ISO date (optional, defaults to +7 days)
- Response:
{
"customSchedule": {...},
"bookings": [...],
"dateRange": {
"start": "2024-12-20T00:00:00Z",
"end": "2024-12-27T00:00:00Z"
}
}Get today's bookings
- Role:
STAFF - Response: Array of today's bookings sorted by start time
Get upcoming bookings
- Role:
STAFF - Response: Next 10 upcoming bookings
Get my statistics
- Role:
STAFF - Query Params:
startDate: ISO date (optional)endDate: ISO date (optional)
- Response:
{
"totalBookings": 150,
"completedBookings": 130,
"cancelledBookings": 10,
"pendingBookings": 5,
"confirmedBookings": 5,
"totalRevenue": 125000.0,
"completionRate": "86.67"
}Get my business details
- Role:
STAFF - Response: Business information including owner and stats
Get all business staff members
- Role:
STAFF - Response: Array of all active staff in the same business
- JwtAuthGuard: Validates JWT token
- RolesGuard: Validates user role
ADMIN- System administratorBUSINESS_OWNER- Business ownerSTAFF- Staff memberCUSTOMER- Regular customer
All protected endpoints require:
Authorization: Bearer <jwt_token>
200 OK- Success201 Created- Resource created400 Bad Request- Validation error401 Unauthorized- Missing/invalid token403 Forbidden- Insufficient permissions404 Not Found- Resource not found409 Conflict- Duplicate resource or conflicting state
{
"statusCode": 400,
"message": "Validation error message",
"error": "Bad Request"
}The system automatically:
- Validates time slots are in the future
- Checks for conflicting bookings
- Calculates end time based on service duration
Services and staff with active bookings are deactivated instead of deleted:
{
"message": "Service deactivated (has active bookings)!",
"deactivated": true
}- Deleting a business removes all related data
- Deleting a user removes their sessions and accounts
- Staff removal considers active bookings
- All timestamps stored in UTC
- Use ISO 8601 format:
2024-12-25T10:00:00Z - Consider business timezone for display
- All list endpoints use proper indexes
- Selective field loading with
select - Related data loaded with
include
PENDING β CONFIRMED β COMPLETED
β β
CANCELLED CANCELLED
β
NO_SHOW (only from CONFIRMED)
- Customer: Can create (PENDING) and cancel
- Staff: Can confirm and complete
- Owner: Can manage all statuses including NO_SHOW
The schema includes a Payment model linked to bookings:
- Payment status tracked separately
- Provider reference for external payment gateways
- Webhook payload storage for reconciliation
- Staff Assignment: Staff must be assigned to a service before customers can book
- Business Hours: Validated against
businessHoursand staffcustomSchedule - Multi-tenancy: Each business is isolated via
businessId - Audit Trail: Timestamps tracked for key actions (confirmed, completed, cancelled)
- Import modules in
app.module.ts - Run Prisma migrations
- Seed initial data (admin user, test business)
- Test endpoints with Swagger UI at
/api