Social Media API is a feature-rich backend for a modern social networking platform. It supports user authentication, posts, comments, likes, follows, chat, and notifications. Built with Java Spring Boot, it offers RESTful endpoints and real-time WebSocket communication. The project is designed for scalability, security, and easy integration with frontend clients.
A RESTful API for a social media platform built with Java Spring Boot and Spring Security.
- User authentication with JWT
- User registration and management
- Post creation and management
- Comment system
- Like system
- Follow/Unfollow functionality
- Real-time chat functionality using WebSocket
- User online status tracking
- Media uploads (profile pictures, post images/videos, chat attachments)
- Real-time notifications (new messages, posts, likes)
- Comprehensive user profiles
- Post saving/bookmarking
- API versioning
- Response filtering
- Internationalization support
- Java 17 or higher
- Maven
- H2 Database (in-memory)
- Clone the repository
- Build the project:
./mvnw clean install
- Run the application:
./mvnw spring-boot:run
The application will start on http://localhost:8080
POST /auth/register
Content-Type: application/json
{
"name": "string",
"email": "string",
"password": "string",
"birthDate": "yyyy-MM-ddTHH:mm:ss"
}POST /auth/login
Content-Type: application/json
{
"email": "string",
"password": "string"
}Response:
{
"token": "string",
"email": "string",
"name": "string"
}GET /api/v1/posts?page=0&size=10
Authorization: Bearer <token>GET /api/v1/posts/{id}
Authorization: Bearer <token>POST /api/v1/posts
Authorization: Bearer <token>
Content-Type: application/json
{
"content": "string"
}PUT /api/v1/posts/{id}
Authorization: Bearer <token>
Content-Type: application/json
{
"content": "string"
}DELETE /api/v1/posts/{id}
Authorization: Bearer <token>Response: HTTP 204 No Content (empty body)
GET /api/v1/posts/{postId}/comments
Authorization: Bearer <token>POST /api/v1/posts/{postId}/comments
Authorization: Bearer <token>
Content-Type: application/json
{
"content": "string"
}PUT /api/v1/posts/{postId}/comments/{commentId}
Authorization: Bearer <token>
Content-Type: application/json
{
"content": "string"
}DELETE /api/v1/posts/{postId}/comments/{commentId}
Authorization: Bearer <token>POST /api/v1/posts/{postId}/likes
Authorization: Bearer <token>DELETE /api/v1/posts/{postId}/likes
Authorization: Bearer <token>GET /api/v1/posts/{postId}/likes/count
Authorization: Bearer <token>GET /api/v1/posts/{postId}/likes/status
Authorization: Bearer <token>GET /api/v1/users
Authorization: Bearer <token>GET /api/v1/users/{id}
Authorization: Bearer <token>GET /api/v1/users/{id}/profile?includeFollowers=false&includeFollowing=false
Authorization: Bearer <token>GET /api/v1/users/me/profile
Authorization: Bearer <token>PUT /api/v1/users/me/profile
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "New Name", // optional
"birthDate": "2025-05-29T00:00:00", // optional, ISO format
"password": "newpassword123" // optional
}Response example:
{
"id": 1,
"name": "New Name",
"email": "[email protected]",
"birthDate": "2025-05-29T00:00:00",
"online": true,
"lastSeen": "2025-05-29T12:34:56"
}GET /api/v1/users/{id}/status
Authorization: Bearer <token>DELETE /api/v1/users/{id}
Authorization: Bearer <token>POST /api/v1/media/upload
Authorization: Bearer <token>
Content-Type: multipart/form-data
file: <file>
type: "profile" | "post" | "chat"GET /api/v1/media/{id}
Authorization: Bearer <token>DELETE /api/v1/media/{id}
Authorization: Bearer <token>POST /api/v1/saved-posts/{postId}
Authorization: Bearer <token>DELETE /api/v1/saved-posts/{postId}
Authorization: Bearer <token>GET /api/v1/saved-posts/{postId}/status
Authorization: Bearer <token>GET /api/v1/saved-posts?page=0&size=10
Authorization: Bearer <token>GET /api/v1/notifications?page=0&size=20
Authorization: Bearer <token>GET /api/v1/notifications/unread
Authorization: Bearer <token>GET /api/v1/notifications/count
Authorization: Bearer <token>PATCH /api/v1/notifications/{id}/read
Authorization: Bearer <token>PATCH /api/v1/notifications/read-all
Authorization: Bearer <token>ws://localhost:8080/wsws://localhost:8080/notification-wsws://localhost:8080/wsSend message:
stompClient.send("/app/send", {}, JSON.stringify({
receiverId: "123",
content: "Hello!"
}));Receive messages:
stompClient.subscribe('/user/queue/messages', function(message) {
const messageData = JSON.parse(message.body);
console.log(messageData);
});Receive notifications:
stompClient.subscribe('/user/queue/notifications', function(notification) {
const data = JSON.parse(notification.body);
console.log(data);
});Update status:
stompClient.send("/app/user.status", {}, JSON.stringify(true)); // Online
stompClient.send("/app/user.status", {}, JSON.stringify(false)); // OfflineReceive status updates:
stompClient.subscribe('/topic/user.status', function(statusUpdate) {
const data = JSON.parse(statusUpdate.body);
console.log(data);
});- All endpoints except
/auth/registerand/auth/loginrequire authentication - JWT tokens expire after 24 hours
- Users can only update/delete their own posts and comments
The API returns appropriate HTTP status codes and error messages:
{
"timestamp": "2024-04-24T16:45:00.000Z",
"status": 400,
"error": "Bad Request",
"message": "Error message here"
}Common status codes:
- 200: Success
- 201: Created
- 400: Bad Request
- 401: Unauthorized
- 403: Forbidden
- 404: Not Found
- 500: Internal Server Error
The application uses H2 in-memory database by default. You can access the H2 console at:
http://localhost:8080/h2-console
Connection details (default):
- JDBC URL:
jdbc:h2:mem:social_media_db - Username:
sa - Password: (empty)
- Fork the repository
- Create your feature branch
- Commit your changes
- Push to the branch
- Create a new Pull Request
This project is licensed under the MIT License.