API Endpoints
Complete reference for all TrickBook API endpoints.
Base URL: https://api.thetrickbook.com/api
Authentication
Login
POST /api/auth
Request:
{
"email": "user@example.com",
"password": "password123"
}
Response:
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Google SSO
POST /api/auth/google-auth
Request:
{
"idToken": "google_id_token_here"
}
Response:
{
"token": "jwt_token",
"user": {
"_id": "user_id",
"email": "user@gmail.com",
"name": "User Name"
}
}
Apple Sign-In
POST /api/auth/apple-auth
Request:
{
"identityToken": "apple_identity_token",
"user": {
"email": "user@icloud.com",
"name": { "firstName": "John", "lastName": "Doe" }
}
}
Response:
{
"token": "jwt_token",
"user": { "_id": "user_id", "email": "user@icloud.com", "name": "John Doe" }
}
Users
Register User
POST /api/users
Request:
{
"name": "John Doe",
"email": "john@example.com",
"password": "securepass123"
}
Response: 201 Created
Get User by Email
GET /api/users?email=user@example.com
Get Current User
GET /api/user/me
Headers: x-auth-token: jwt_token
Get User by ID
GET /api/user/:id
Headers: x-auth-token: jwt_token
Get Public Profile
GET /api/user/:id/public
No authentication required.
Get User Stats
GET /api/user/:id/stats
Response:
{
"trickCount": 42,
"postCount": 15,
"spotCount": 8,
"loveCount": 120,
"respectCount": 85
}
Get User Activity
GET /api/user/:id/activity
Get User Count
GET /api/user/count
No authentication required.
Check Homie Status
GET /api/user/homie-status/:targetId
Headers: x-auth-token: jwt_token
Response:
{
"status": "friends" | "pending_sent" | "pending_received" | "none"
}
Update User
PUT /api/user/:id
Headers: x-auth-token: jwt_token
Delete User
DELETE /api/users/:id
Headers: x-auth-token: jwt_token (must be account owner or admin)
Get All Users (Admin)
GET /api/users/all
Trick Lists
Get User's Trick Lists
GET /api/listings
Headers: x-auth-token: jwt_token
Response:
[
{
"_id": "list_id",
"name": "Kickflips to learn",
"user": "user_id",
"completed": 2,
"isPublic": false,
"tricks": [...]
}
]
Create Trick List
POST /api/listings
Headers: x-auth-token: jwt_token
Request:
{
"name": "New Trick List"
}
Get Public Trick Lists
GET /api/listings/public
Toggle Visibility
PUT /api/listings/:id/visibility
Headers: x-auth-token: jwt_token
Count User's Lists
GET /api/listings/countTrickLists
Delete Trick List
DELETE /api/listings/:id
Individual Tricks
Get Tricks in List
GET /api/listing?list_id=xxx
Get All User's Tricks
GET /api/listing/allTricks?userId=xxx
Get Trick Completion Graph
GET /api/listing/graph
Add Trick to List
POST /api/listing
Request:
{
"list_id": "list_id",
"name": "Kickflip",
"checked": "Not Started"
}
Update Trick Status
PUT /api/listing/:id
Request:
{
"checked": "Landed"
}
Edit Trick Details
PUT /api/listing/edit
Delete Trick
DELETE /api/listing/:id
Trickipedia (Global Encyclopedia)
Get All Tricks
GET /api/trickipedia
Query Parameters:
category- Filter by categorydifficulty- Filter by difficultysearch- Search by name
Get Trick by ID
GET /api/trickipedia/:id
Get Tricks by Category
GET /api/trickipedia/category/:category
Create Trick (Admin)
POST /api/trickipedia
Headers: x-auth-token: admin_jwt_token
Request:
{
"name": "Kickflip",
"category": "Flip Tricks",
"difficulty": "Intermediate",
"description": "A flip trick...",
"steps": ["Step 1", "Step 2"],
"videoUrl": "https://youtube.com/...",
"url": "kickflip"
}
Update Trick (Admin)
PUT /api/trickipedia/:id
Delete Trick (Admin)
DELETE /api/trickipedia/:id
Spots
Get All Spots
GET /api/spots
Headers: x-auth-token: jwt_token
Get Spot by ID
GET /api/spots/:id
Create Spot
POST /api/spots
Headers: x-auth-token: jwt_token
Request:
{
"name": "Venice Beach Skatepark",
"latitude": 33.9850,
"longitude": -118.4695,
"description": "Famous beachside park",
"rating": 5,
"tags": "park, transitions",
"city": "Los Angeles",
"state": "CA",
"sportTypes": ["skateboarding"],
"category": "park"
}
Update Spot
PUT /api/spots/:id
Delete Spot
DELETE /api/spots/:id
Get Sport Types
GET /api/spots/sport-types
Google Places Search
GET /api/spots/places-search?query=skatepark
Headers: x-auth-token: jwt_token
Spot Lists
Get User's Spot Lists
GET /api/spotlists
Headers: x-auth-token: jwt_token
Create Spot List
POST /api/spotlists
Headers: x-auth-token: jwt_token
Request:
{
"name": "LA Spots",
"description": "Best spots in Los Angeles"
}
Subscription Limits
Free users limited to 3 spot lists, 5 spots per list, 15 total spots.
Get Spot List
GET /api/spotlists/:id
Update Spot List
PUT /api/spotlists/:id
Delete Spot List
DELETE /api/spotlists/:id
Add Spot to List
POST /api/spotlists/:id/spots
Request:
{
"spotId": "spot_object_id"
}
Remove Spot from List
DELETE /api/spotlists/:id/spots/:spotId
Get Spots in List
GET /api/spotlists/:id/spots
Get Subscription Usage
GET /api/spotlists/usage
Spot Reviews
Get Reviews for Spot
GET /api/spot-reviews?spotId=xxx
Create Review
POST /api/spot-reviews
Headers: x-auth-token: jwt_token
Request:
{
"spotId": "spot_id",
"rating": 4,
"content": "Great park with smooth concrete"
}
Update Review
PUT /api/spot-reviews/:id
Delete Review
DELETE /api/spot-reviews/:id
Social Feed
Get Feed
GET /api/feed
Headers: x-auth-token: jwt_token
Returns posts ranked by algorithm (engagement, recency, homie boost).
Get Post Details
GET /api/feed/:postId
Create Post
POST /api/feed/posts
Headers: x-auth-token: jwt_token
Request:
{
"caption": "First kickflip!",
"mediaType": "video",
"mediaUrl": "https://cdn.example.com/video.mp4",
"thumbnailUrl": "https://cdn.example.com/thumb.jpg",
"tricks": ["Kickflip"]
}
Update Post
PUT /api/feed/:postId
Delete Post
DELETE /api/feed/:postId
React to Post
POST /api/feed/:postId/reactions
Request:
{
"type": "love" | "respect"
}
Get Comments
GET /api/feed/:postId/comments
Add Comment
POST /api/feed/:postId/comments
Request:
{
"content": "Sick clip!"
}
Delete Comment
DELETE /api/feed/:postId/comments/:commentId
Feed Algorithm
Posts are ranked using a weighted scoring algorithm:
| Factor | Weight | Description |
|---|---|---|
| Engagement | 0.35 | Reactions, comments, shares, views |
| Recency | 0.25 | 48-hour half-life decay |
| Completion | 0.25 | User engagement rate |
| Interaction | 0.15 | User-specific interaction history |
| Homie boost | 2.5x | Multiplier for posts from friends |
Direct Messages
Get Conversations
GET /api/dm/conversations
Headers: x-auth-token: jwt_token
Get Conversation
GET /api/dm/conversations/:conversationId
Send Message
POST /api/dm/messages
Request:
{
"conversationId": "conv_id",
"content": "Hey, want to skate today?"
}
Get Messages
GET /api/dm/messages/:conversationId
Mark as Read
PUT /api/dm/messages/:messageId/read
Payments (Stripe)
Create Checkout Session
POST /api/payments/create-checkout-session
Headers: x-auth-token: jwt_token
Response:
{
"sessionId": "cs_xxx",
"url": "https://checkout.stripe.com/..."
}
Get Subscription Status
GET /api/payments/subscription
Response:
{
"plan": "premium",
"status": "active",
"currentPeriodEnd": "2024-12-31T00:00:00Z"
}
Cancel Subscription
POST /api/payments/cancel-subscription
Reactivate Subscription
POST /api/payments/reactivate-subscription
Admin Toggle Subscription
POST /api/payments/admin/toggle-subscription
Headers: x-auth-token: admin_jwt_token
Stripe Webhook
POST /api/payments/webhook
Handles: checkout.session.completed, invoice.paid, customer.subscription.updated/deleted
The Couch
Get Videos
GET /api/couch
Returns curated action sports videos from Google Drive/Bunny.net CDN.
Media & Uploads
Upload Media
POST /api/media
Content-Type: multipart/form-data
Upload Profile Image
POST /api/image/upload
Content-Type: multipart/form-data
Form Fields:
file- Image fileemail- User email
Upload Trick Image
POST /api/trickImage/upload?trickUrl=kickflip
Content-Type: multipart/form-data
Delete Trick Images
DELETE /api/trickImage/delete-folder/:slug
Upload Blog Image
POST /api/blogImage
Content-Type: multipart/form-data
Blog
Get All Posts
GET /api/blog
Create Post (Admin)
POST /api/blog
Update Post (Admin)
PATCH /api/blog/update/:id
Delete Post (Admin)
DELETE /api/blog/:id
Other Endpoints
Categories
GET /api/categories
Contact Form
POST /api/contact
Register Push Token
POST /api/expoPushTokens
Request:
{
"token": "ExponentPushToken[xxx]"
}
Get Messages (Legacy)
GET /api/messages
Real-Time (Socket.IO)
In addition to REST endpoints, the backend provides real-time features via Socket.IO.
Connection: wss://api.thetrickbook.com
Auth: JWT token passed in socket.handshake.auth.token
Feed Namespace (/feed)
| Event | Direction | Description |
|---|---|---|
post:update | Server → Client | Post data changed |
reaction:update | Server → Client | Reaction counts changed |
comment:new | Server → Client | New comment on post |
Messages Namespace (/messages)
| Event | Direction | Description |
|---|---|---|
message:new | Server → Client | New message received |
typing | Client → Server | User typing indicator |
read | Client → Server | Message read receipt |