basePath: /api/v1 definitions: response.APIError: properties: code: type: string details: type: string message: type: string type: object response.APIResponse: properties: data: {} error: $ref: '#/definitions/response.APIError' message: type: string meta: $ref: '#/definitions/response.Meta' success: type: boolean type: object response.Meta: properties: limit: type: integer offset: type: integer page: type: integer pages: type: integer total: type: integer type: object user.AuthResponse: properties: access_token: type: string expires_at: type: integer refresh_token: type: string user: $ref: '#/definitions/user.UserResponse' type: object user.ChangePasswordForm: properties: new_password: type: string old_password: type: string type: object user.CreateUserForm: properties: company_id: type: string department: type: string email: type: string full_name: type: string password: type: string phone: type: string position: type: string profile_image: type: string role: type: string username: type: string type: object user.LoginForm: properties: password: type: string username: type: string type: object user.RefreshTokenForm: properties: refresh_token: type: string type: object user.ResetPasswordForm: properties: email: type: string type: object user.UpdateUserForm: properties: company_id: type: string department: type: string email: type: string full_name: type: string phone: type: string position: type: string profile_image: type: string role: type: string status: type: string username: type: string type: object user.UpdateUserRoleForm: properties: role: type: string type: object user.UpdateUserStatusForm: properties: status: type: string type: object user.UserListResponse: properties: limit: type: integer offset: type: integer total: type: integer total_pages: type: integer users: items: $ref: '#/definitions/user.UserResponse' type: array type: object user.UserResponse: properties: company_id: type: string created_at: type: integer created_by: type: string department: type: string email: type: string full_name: type: string id: type: string is_verified: type: boolean last_login_at: type: integer phone: type: string position: type: string profile_image: type: string role: type: string status: type: string updated_at: type: integer updated_by: type: string username: type: string type: object host: localhost:8081 info: contact: email: support@swagger.io name: API Support url: http://www.swagger.io/support description: This is the API documentation for the Tender Management System. license: name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html termsOfService: http://swagger.io/terms/ title: Tender Management API version: 1.0.0 paths: /users/admin: get: consumes: - application/json description: List users with search and filters (admin only) parameters: - description: Search term in: query name: search type: string - description: User status filter in: query name: status type: string - description: User role filter in: query name: role type: string - description: Company ID filter in: query name: company_id type: string - description: Limit results in: query name: limit type: integer - description: Offset results in: query name: offset type: integer - description: Sort field in: query name: sort_by type: string - description: Sort order in: query name: sort_order type: string produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserListResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: List users tags: - users post: consumes: - application/json description: Create a new user (admin only) parameters: - description: User creation data in: body name: user required: true schema: $ref: '#/definitions/user.CreateUserForm' produces: - application/json responses: "201": description: Created schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Create user tags: - users /users/admin/{id}: delete: consumes: - application/json description: Delete a user (admin only) parameters: - description: User ID in: path name: id required: true type: string produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Delete user tags: - users get: consumes: - application/json description: Get user details by ID (admin only) parameters: - description: User ID in: path name: id required: true type: string produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get user by ID tags: - users put: consumes: - application/json description: Update user information (admin only) parameters: - description: User ID in: path name: id required: true type: string - description: User update data in: body name: user required: true schema: $ref: '#/definitions/user.UpdateUserForm' produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update user tags: - users /users/admin/{id}/role: put: consumes: - application/json description: Update user role (admin only) parameters: - description: User ID in: path name: id required: true type: string - description: Role update data in: body name: role required: true schema: $ref: '#/definitions/user.UpdateUserRoleForm' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update user role tags: - users /users/admin/{id}/status: put: consumes: - application/json description: Update user account status (admin only) parameters: - description: User ID in: path name: id required: true type: string - description: Status update data in: body name: status required: true schema: $ref: '#/definitions/user.UpdateUserStatusForm' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update user status tags: - users /users/admin/company/{company_id}: get: consumes: - application/json description: Get users belonging to a specific company (admin only) parameters: - description: Company ID in: path name: company_id required: true type: string - description: Limit results in: query name: limit type: integer - description: Offset results in: query name: offset type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get users by company ID tags: - users /users/admin/role/{role}: get: consumes: - application/json description: Get users with a specific role (admin only) parameters: - description: User role in: path name: role required: true type: string - description: Limit results in: query name: limit type: integer - description: Offset results in: query name: offset type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "403": description: Forbidden schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get users by role tags: - users /users/change-password: put: consumes: - application/json description: Change current user password parameters: - description: Password change data in: body name: password required: true schema: $ref: '#/definitions/user.ChangePasswordForm' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Change password tags: - users /users/login: post: consumes: - application/json description: Authenticate user with email/username and password parameters: - description: Login credentials in: body name: login required: true schema: $ref: '#/definitions/user.LoginForm' produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.AuthResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' summary: Login user tags: - users /users/logout: post: consumes: - application/json description: Logout current user and invalidate tokens produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Logout user tags: - users /users/profile: get: consumes: - application/json description: Get current user profile information produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "404": description: Not Found schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Get user profile tags: - users put: consumes: - application/json description: Update current user profile information parameters: - description: Profile update data in: body name: profile required: true schema: $ref: '#/definitions/user.UpdateUserForm' produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.UserResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' security: - BearerAuth: [] summary: Update user profile tags: - users /users/refresh-token: post: consumes: - application/json description: Refresh access token using refresh token parameters: - description: Refresh token in: body name: refresh required: true schema: $ref: '#/definitions/user.RefreshTokenForm' produces: - application/json responses: "200": description: OK schema: allOf: - $ref: '#/definitions/response.APIResponse' - properties: data: $ref: '#/definitions/user.AuthResponse' type: object "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "401": description: Unauthorized schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' summary: Refresh access token tags: - users /users/reset-password: post: consumes: - application/json description: Send password reset email to user parameters: - description: Password reset request in: body name: reset required: true schema: $ref: '#/definitions/user.ResetPasswordForm' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/response.APIResponse' "400": description: Bad Request schema: $ref: '#/definitions/response.APIResponse' "500": description: Internal Server Error schema: $ref: '#/definitions/response.APIResponse' summary: Reset password tags: - users securityDefinitions: BearerAuth: description: Type "Bearer" followed by a space and JWT token. in: header name: Authorization type: apiKey swagger: "2.0" tags: - description: Customer management operations name: customers - description: User management operations name: users - description: Health check operations name: health - description: Authentication operations name: auth