Login with username and password to retrieve access/refresh tokens

Logout from current session

Logout from all other sessions, except for current session

May get new refreshToken if current token is about to expire

Renew expired access token using refresh token. Renew refresh token if it about to expire.

User to change the password by using the refresh token and current password. Logout from the other sessions once the change password operation success.

When user fail to provide correct current password or the new password does not comply with the password rule, it throws 400 BadRequest Error.

May get new refreshToken if current token is about to expire

Create a new user account.

Need username and password to create the account, admission year, legal name, and email. Also accept nickname, phone number, and affiliation as optional fields

Email will be verified after the creation of the account, while the phone number will not be verified.

username and password that do not comply with rules may lead 400 Bad Request error.

List up users with matching search criteria. Only signed in user can search the article.

User can specify the search term with query string. Supported options are:

• admissionYear
• name
• username
• verified

Other options will be ignored but will not throw error. The search result will be ordered by name.

50 results will be returned at most, user can search further by indicating page parameter in the query string.

Retrieve user's information.

Returns user's public information if the other user try to retrieve the information. If owner/admin of the account try to retrieve the information, the private/public information associated with the user account will be returned.

This API requires username (provided as path parameter).

Modify user's information. Only the owner of the account and admin account can use this API. Suspended and deleted users cannot be updated.

This API requires username (provided as path parameter). In the RequestBody, the contents to be modified are listed. User is only allowed to modify nickname, phone number, affiliation, and email.

If the user changed the email, the user need to verify the new email. Before the verification, the email will not be used for notification and public contact.

If part of requests failed, the other change requests will be proceed. It will respond with 200, but with "Partially processed" message in the response body.

Issue verification ticket and send it to the email in order to verify email of newly created user and changed email of existing user. Used to get new verification ticket as after calling new account creation API and user information update API will trigger verification process automatically and send the verification ticket to the provided email.

Need email address to be verified

Verify email with the provided veify ticket/link generated by send email verify link API. This API require ticketID (provided as path parameter).

Find username by using email, name, and admission year.

If the user with matching information found, the part of the username (first three and last two characters) will be returned.

Find and send username by using email, name, admission year, and search result of find-username API.

If the user with matching information found, the email containing username will send.

Send password reset link (ticketID) to user's email having matching name, username, email, and admission year information.

Reset password with the reset ticket/link generated by send password reset link API. This API require ticketID (provided as path parameter), username and new password.

Users can report other fake/spam user to admin. They need to provide proper reasons why they think the other user is harmful or fake/spam account.

If the number of report counts spikes, the reported user is temporarily lost access to the website during investigation.

Get list of challenge questions that let user to instantly approved as an alumni.

Only new users can do the challenge once. If the approved user or new user that already consumed their attempt, it will throw 400 error.

Submit the answers of the challenge questions that generated by GET /user/promote API. The result of the challenge will be returned as the result.

This API should be used after the challenge question retrival API called.

Users have authority to help admins to identify real alumni. They can upvote the other user as alumni of BSS.

If the upvotes the new user received exceed threshold, the user is considered as a verified BSS alumni.

Retrieve the list of alumni members who upvoted the new user. This API will return the array of usernames and their names.

Users have authority to help admins to identify real alumni. The users can cancel the upvote for the new user. If they want to alert admin spam/fake user, they need to use report features, rather than just deleting the upvote.

If the upvotes the new user received exceed threshold, the user is considered as a verified BSS alumni.

Write a new post on board. Only Signed in user can upload the article.

Need title and category of the post, and the contents. Once the post successfully created, return the URL of the article. Note that article URL contains postID, and this is created by mixing generated date, userID, and title.

List up posts with matching search criteria. Only Signed in user can search the article.

User can specify search terms as query string. Supported options are

• Title
• Writer (ID/Name)
• Content
• Category

Other options will be ignored but will not throw error. The search result will be ordered by last modified date.

50 results will be returned at most; user can search further by indicating page parameter in the query string.

Make a new category. Admin can only create category.

Retrieve list of all existing categories.

Delete a category with given categoryName. Only admin user can delete the post.

The articles in the category are not removed, but the category information is removed.

Delete a post having given postID. Only writer of the article or admin user can delete the post.

Modify an existing post having matching postID. Only writer of the article or admin user can modify the post.

Can modify either title, category of the post, or the contents. Once the post successfully created, return the URL of the article.

Retrieve a post having given postID. Every verified user can read the article.

Give Like to the post. Every user with read access to the post can add Like.

Remove Like to the post. Every user with read access to the post can remove Like.

Retrieve Like counts of the post. Every user with read access to the post can retrieve the number of Likes.

Users can report harmful article; they need to provide proper reasons why they think the article is harmful. Admin should review the article.

If the number of report counts spikes, the article is automatically blinded while the admin reviewing the contents.

Write a new comment associated with a post. Only signed in user can create a comment.

Need postID to indicate which article the user want to write a comment on. Each comment has unique comentID, which generated by mixing associated post's ID, writer's ID, generated datetime, and part of contents.

If user want to reply to an existing comment, specify parentComment field with commentID of parent's comment.

List the comments associated with the post. Only signed in user can upload the article.

This API require postID as a query string in order to specify which article that user want to retrieve the comments.

By default, first 50 comments will be returned. To navigate next comments, specify page argument in query string.

Other options will be ignored but will not throw any exception. The comment will be ordered by generated date, and the child comments will follow the its parent.

Delete the comment having given commentID. Only writer of the comment or admin user can delete the comment.

Modify an existing comment having matching commentID. Only writer of the comment or admin user can modify the comment.

Users can report harmful comment; they need to provide proper reasons why they think the comment is harmful. Admin should review the comment.

If the number of report counts spikes, the comment is automatically blind while the admin reviewing the contents.

Create new notification that will be displayed when user logged in.

New comments and replies on the article/comment that the user wrote are subject to the notification. The notifications will be grouped by postID or commentID based on the context of the notifications. The timestamp and replier's/commenter's id will be saved as an array for each commentID or postID.

Note that this API is only accessible from other API servers. Individual users, including admin, cannot call this API directly.

Retrieve list of notifications that has been created by create new notification API calls. Result is ordered by most recently created date-time.

All read notifications will be removed after 7 days from read.

Indicate existing notification as read.

Send HTML formatted email to the user.

Note that this API is only accessible from other API servers. Individual users, including admin, cannot call this API directly.

Send weekly digest to every users. Once this API called, it will generate weekly digest emails by combining templates with user's unread notifications, featured article, and other event information. Then, it will call sendEmail API to send the digest emails.

Note that this API is only accesible from other API servers. Individual users, including admin, cannot call this API directly.