4.2 KiB
4.2 KiB
Member Lookup API Documentation
Overview
This API endpoint allows secure lookup of member information using encrypted member IDs. It's designed to be used with an Expo Android app that scans QR codes containing encrypted member IDs.
Endpoint
GET /api/member-lookup?encryptedId={encrypted_member_id}
Security
- Member IDs are encrypted using AES-256-CBC encryption
- QR codes contain encrypted member IDs, not plain text IDs
- The API validates and decrypts the member ID before database lookup
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| encryptedId | string | Yes | The encrypted member ID obtained from QR code |
Response Format
Success Response (200)
{
"success": true,
"message": "Member information retrieved successfully",
"data": {
"name": "John Doe",
"gender": "m",
"planDelay": 1,
"planStart": "Mon, 01 Jan 2024 00:00:00 GMT",
"planStatus": "active",
"planExpAt": "Thu, 01 Feb 2024 00:00:00 GMT"
}
}
Error Responses
Missing Parameter (400)
{
"success": false,
"message": "Missing encrypted member ID"
}
Invalid Encryption (400)
{
"success": false,
"message": "Invalid encrypted member ID"
}
Member Not Found (404)
{
"success": false,
"message": "Member not found"
}
Server Error (500)
{
"success": false,
"message": "Server error"
}
Response Data Fields
| Field | Type | Description |
|---|---|---|
| name | string | Full name (firstName + lastName) |
| gender | string | Gender ("m" for male, "f" for female) |
| planDelay | number | Plan duration in months |
| planStart | string | Plan start date (UTC string) |
| planStatus | string | "active" or "expired" |
| planExpAt | string | Plan expiration date (UTC string) |
Usage with Android App
1. QR Code Scanning
- Scan the QR code from the member details popup
- Extract the encrypted member ID from the QR code data
2. API Call
// Example using fetch in React Native/Expo
const lookupMember = async (encryptedId) => {
try {
const response = await fetch(
`https://your-domain.com/api/member-lookup?encryptedId=${encodeURIComponent(encryptedId)}`
);
const data = await response.json();
if (data.success) {
// Display member information in card view
return data.data;
} else {
// Handle error
console.error('API Error:', data.message);
}
} catch (error) {
console.error('Network Error:', error);
}
};
3. Display in Card View
Use the returned data to populate your Android card view with:
- Member name
- Gender
- Plan information (duration, start date, expiration)
- Plan status (active/expired with appropriate styling)
Security Considerations
- Encryption Key: Ensure the
ENCRYPTION_KEYenvironment variable is set to a secure 32-character string in production - HTTPS: Always use HTTPS in production to protect data in transit
- Rate Limiting: Consider implementing rate limiting to prevent abuse
- Authentication: For additional security, consider adding API authentication
Environment Variables
ENCRYPTION_KEY=your-32-character-secret-key-here!
Files Modified/Created
- Created:
src/utils/encryption.ts- Encryption/decryption utilities - Created:
src/app/api/member-lookup/route.ts- API endpoint - Modified:
src/components/dashboard/members/parts/detailsPopUp.tsx- QR code generation with encryption - Modified:
src/messages/en.json- English translations - Modified:
src/messages/ar.json- Arabic translations
Testing
- Start the development server:
npm run dev - Open a member details popup to generate a QR code
- The QR code now contains an encrypted member ID
- Test the API endpoint with the encrypted ID
Example QR Code Flow
- Web App: Generates QR code with encrypted member ID
- Android App: Scans QR code and extracts encrypted ID
- Android App: Calls
/api/member-lookup?encryptedId=... - API: Decrypts ID, looks up member, returns information
- Android App: Displays member information in card view