Skip to main content

Introduction

The SkillRise API is a RESTful API that powers the SkillRise e-learning platform. It provides endpoints for course management, user enrollment, AI-powered learning assistance, community features, quiz generation, and payment processing. The API is built with Express.js and uses MongoDB for data persistence, with integrations for:
  • Clerk for authentication
  • Razorpay for payment processing
  • Cloudinary for media storage
  • Groq SDK for AI features

Base URL

The API base URL varies by environment: 
https://api.skillrise.com
All API routes are prefixed with /api followed by the resource category:
  • /api/course - Public course endpoints
  • /api/user - User-specific endpoints (protected)
  • /api/educator - Educator endpoints (role-protected)
  • /api/admin - Admin endpoints (role-protected)
  • /api/community - Community posts and groups
  • /api/quiz - Quiz generation and submission

API Architecture

Route Structure

The SkillRise API follows a modular route structure organized by resource type: 
server.js
├── /api/course        // Course browsing (public)
├── /api/user          // User actions (authenticated)
├── /api/educator      // Educator features (role-based)
├── /api/admin         // Admin panel (role-based)
├── /api/community     // Community features
└── /api/quiz          // Quiz system

Middleware Stack

Every request passes through a middleware stack:
  1. Helmet - Security headers
  2. CORS - Cross-origin resource sharing
  3. Clerk Middleware - Auth context injection
  4. Rate Limiters - Request throttling (route-specific)
  5. Express JSON - Request body parsing

Rate Limiting

The API implements intelligent rate limiting based on userId (when authenticated) or IP address (for guests):
AI Chat
30 requests / 10 minutes
Applied to /api/user/ai-chat - Generous limit for frequent chatbot usage
Payments
10 requests / 15 minutes
Applied to /api/user/purchase and /api/user/verify-razorpay - Tight limit to prevent fraud
AI Generation
10 requests / hour
Applied to quiz generation and roadmap endpoints - Prevents API cost abuse
Quiz Submission
30 requests / 10 minutes
Applied to /api/quiz/submit - Prevents brute-forcing quiz answers
Community Writes
20 requests / 10 minutes
Applied to POST operations on /api/community/posts and replies - Spam protection
Admin Panel
100 requests / 15 minutes
Applied to /api/admin/* - Extra safety layer for admin operations
Rate limits track by userId when authenticated, preventing limit bypass through IP switching.

Response Format

All API responses follow a consistent JSON format:

Success Response

{
  "success": true,
  "message": "Operation completed successfully", // Optional
  "data": { /* Response payload */ }
}

Error Response

{
  "success": false,
  "message": "Error description"
}

Common Status Codes

200 OK
Success
Request successful, data returned in response body
400 Bad Request
Client Error
Invalid request data (validation failed)
401 Unauthorized
Auth Error
Missing or invalid authentication token
403 Forbidden
Auth Error
User lacks required role/permissions for this endpoint
404 Not Found
Client Error
Resource not found
409 Conflict
Client Error
Request conflicts with current state (e.g., duplicate purchase)
429 Too Many Requests
Rate Limit
Rate limit exceeded, includes RateLimit-* headers for retry timing
500 Internal Server Error
Server Error
Unexpected server error occurred

Request Validation

The API uses Zod schemas for request body validation. Invalid requests receive a 400 Bad Request response: 
{
  "success": false,
  "message": "Invalid request data"
}
Validation rules are enforced at the controller level before processing requests.

Data Models

The API works with the following core data models:

Course

Courses with chapters, lectures, ratings, and enrollment data

User

Student profiles with enrolled courses and progress tracking

CourseProgress

Tracks completed lectures and course completion status

Purchase

Payment transactions (Razorpay integration)

Certificate

Generated PDF certificates for completed courses

CommunityPost & Reply

Discussion posts with upvotes and answers

Quiz & QuizResult

AI-generated quizzes with performance tracking

ChatSession

AI chatbot conversation history

Error Handling

The API includes a global error handler that:
  • Logs full stack traces in development
  • Logs error messages only in production (security)
  • Returns standardized error responses
  • Catches unhandled errors with 500 status
// Global error handler (server.js:146)
app.use((err, _req, res, _next) => {
  if (process.env.NODE_ENV !== 'production') {
    console.error(err) // Full trace in dev
  } else {
    console.error(`[Error] ${err.message}`) // Message only in prod
  }
  res.status(500).json({ 
    success: false, 
    message: 'Internal server error' 
  })
})

Pagination

Currently, the API does not implement cursor-based pagination. Large collections return all results. Future versions may add pagination for:
  • Course listings
  • Community posts
  • Enrollment data

CORS Configuration

CORS is configured to accept requests from the frontend URL specified in environment variables: 
app.use(cors({ 
  origin: process.env.FRONTEND_URL || 'http://localhost:5173' 
}))
In production, FRONTEND_URL environment variable is required. The server will throw an error on startup if it’s missing.

Webhooks

The API exposes webhook endpoints for external services:

Clerk Webhooks

POST /clerk - Handles user lifecycle events (user.created, user.updated, user.deleted)

Razorpay Webhooks

POST /razorpay - Processes payment confirmation events (uses raw body parser)
Razorpay webhooks require raw body for signature verification, so they’re processed before the JSON body parser middleware.

Health Check

A simple health check endpoint is available: 
GET /
Returns: "API Working"

SDK & Client Libraries

Currently, no official SDKs are provided. The frontend client uses direct fetch calls to the API endpoints.

Next Steps

Authentication

Learn how to authenticate requests using Clerk tokens

Endpoints

Browse all available API endpoints