Vendor Base URL

http://localhost:8000/api/vendor

All routes below are prefixed with this base URL.

1️⃣ Send OTP

POST /send-otp

Request Body

{ "phone": "9876543210" } OR { "email": "vendor@example.com" }

Success Response

{ "success": true, "message": "OTP sent successfully", "user_id": "681b2d9f5e9b3c7a12345678", "flag": 0 }

flag = 0 New Vendor Created

flag = 1 Existing Vendor

Error Responses

400 → Email or phone required

400 → Invalid Indian phone number

502 → Failed to send OTP

2️⃣ Register Vendor

POST /register Protected Route

Headers

Authorization: Bearer accessToken

Request Body

{ "businessname": "Neon Services", "ownername": "Rahul Sharma", "email": "rahul@example.com", "phone": "9876543210", "address": "Sector 62, Noida", "city": "Noida", "state": "Uttar Pradesh", "pinCode": "201301", "country": "India", "id_proof": { "fileUrl": "https://example.com/aadhar.jpg", "size": "2MB", "type": "image/jpeg" }, "business_proof": { "fileUrl": "https://example.com/gst.pdf", "size": "1MB", "type": "application/pdf" }, "address_proof": { "fileUrl": "https://example.com/bill.pdf", "size": "500KB", "type": "application/pdf" }, "subscription_id": "681b2d9f5e9b3c7a12345678" }

Success Response

{ "success": true, "message": "Profile registered successfully" }

Error Responses

400 → Invalid email format

400 → Missing required fields

404 → Vendor does not exist

404 → Invalid subscription

403 → Subscription does not belong to vendor

409 → Email already in use

3️⃣ Login Vendor

POST /login

Request Body

{ "phone": "9876543210", "otp": "123456" } OR { "email": "vendor@example.com", "otp": "123456" }

Success Response

{ "success": true, "message": "Vendor logged in successfully", "data": { vendorData }, "accessToken": "jwt-access-token", "refreshToken": "jwt-refresh-token" }

Cookies

accessToken refreshToken

Error Responses

400 → OTP required

400 → Invalid OTP

400 → OTP expired

404 → Vendor not found

403 → Account deactivated

4️⃣ Refresh Access Token

POST /refresh-token

Request

{ "refreshToken": "jwt-refresh-token" }

Success Response

{ "success": true, "message": "Access token refreshed", "accessToken": "new-access-token", "refreshToken": "new-refresh-token" }

Error Responses

401 → Unauthorized request

401 → Invalid refresh token

5️⃣ Update Vendor Profile

POST /update Protected Route

Headers

Authorization: Bearer accessToken

Request Body

{ "businessname": "Updated Business", "ownername": "Rahul Sharma", "address": "New Address", "city": "Delhi", "state": "Delhi", "pinCode": "110001", "country": "India" }

Success Response

{ "success": true, "message": "Profile updated successfully", "data": { updatedVendor } }

Error Responses

400 → Business name and owner name required

404 → Vendor does not exist

6️⃣ Keep Login

POST /keeplogin Protected Route

Success Response

{ "success": true, "vendor": { vendorData } }

7️⃣ Logout Vendor

POST /logout Protected Route

Headers

Authorization: Bearer accessToken

Success Response

{ "success": true, "message": "Vendor logged out successfully" }

8️⃣ Get Current Plan

GET /current-plan Protected Route

Headers

Authorization: Bearer accessToken

Success Response

{ "success": true, "message": "Current subscription fetched successfully", "data": { "subscriptionId": "681b2d9f5e9b3c7a12345678", "status": "ACTIVE", "startDate": "2026-05-01T00:00:00.000Z", "endDate": "2026-06-01T00:00:00.000Z", "autoRenew": true, "remainingDays": 25, "pricing": { "_id": "681a11111111111111111111", "name": "Premium Plan", "price": 999 }, "pricingSnapshot": { "employeeLimit": 25, "type": "SUBSCRIPTION" }, "payment": { "_id": "681c22222222222222222222", "status": "SUCCESS" } } }

Error Responses

401 → Unauthorized request

404 → No active subscription found

500 → Failed to fetch current subscription