Recido Server

Backend Documentation Portal

Source-driven docs for the NestJS + GraphQL backend. Includes auto-generated examples for every GraphQL operation, module deep dives, copy-ready snippets, and fast in-page search.

Open Module Deep Dives
GraphQL: /graphql
Subscriptions: graphql-ws
REST files: /file/*
Auth: Bearer JWT

Overview

Recido Server is built with NestJS, Apollo GraphQL, Prisma, Redis cache, and i18n. It exposes a schema-driven API for auth, business management, customers, products, documents, sales, and subscriptions.

  • Soft-delete middleware filters deleted records in reads.
  • GraphQL errors are formatted with statusCode and safe messages.
  • Guards enforce JWT auth, business access, and permissions.
  • Redis-backed caching is attached to many query resolvers.

Headers

Use these request headers when calling protected GraphQL operations:

Content-Type: application/json
Authorization: Bearer <JWT_TOKEN>
recido-user-locale: en

Locale keys checked by server: recido-user-locale, lang, language, Accept-Language, accept-language.

Authentication and Guards

AuthGuard

Validates Bearer JWT, loads user into request, and supports websocket connectionParams authorization.

BusinessAccessGuard

Extracts businessId from args/input/filter, validates membership, assigns role context.

PermissionGuard

Requires operation permissions for SALES_REP. OWNER and MANAGER bypass checks.

Auth Flows

register/login issue JWT; forgot/reset password use tokenized email links; verifyEmail sets isEmailVerified.

Expected Response Shape

{
  "data": {
    "me": {
      "id": "user-id",
      "email": "dev@example.com",
      "locale": "EN"
    }
  }
}
{
  "errors": [
    {
      "message": "Session expired",
      "statusCode": 401,
      "path": ["me"]
    }
  ],
  "data": null
}

DateTime format

Use ISO-8601 UTC timestamps.

2026-03-12T10:00:00.000Z

Operation Explorer

Auto-generated examples for every GraphQL operation in schema.gql.

0 operations

One-command refresh

Run Tasks: Run Task -> Docs: Watch Operations to auto-regenerate operation docs whenever schema.gql changes.

File API (REST)

Upload and retrieval routes are under /file.

Method Route Auth
POST/file/upload/public/imageRequired
POST/file/upload/private/imageRequired
GET/file/pb/:filenamePublic
GET/file/pv/:filenameRequired