EBAYCCLONE
FRONTEND GUIDE FOR AI CODING AGENTS - PART 7 - Messaging Service
This document is a part of a REST API guide for the ebaycclone project. It is designed for AI agents that will generate frontend code to consume the project’s backend.
This document provides extensive instruction for the usage of messaging
Service Access
Messaging service management is handled through service specific base urls.
Messaging service may be deployed to the preview server, staging server, or production server. Therefore,it has 3 access URLs. The frontend application must support all deployment environments during development, and the user should be able to select the target API server on the login page (already handled in first part.).
For the messaging service, the base URLs are:
-
Preview:
https://ebaycclone.prw.mindbricks.com/messaging-api -
Staging:
https://ebaycclone-stage.mindbricks.co/messaging-api -
Production:
https://ebaycclone.mindbricks.co/messaging-api
Scope
Messaging Service Description
In-app messaging service for direct user-to-user text messages (buyers/sellers). Stores, retrieves, and manages user conversations. Launch version: text-only.
Messaging service provides apis and business logic for following data objects in ebaycclone application. Each data object may be either a central domain of the application data structure or a related helper data object for a central concept. Note that data object concept is equal to table concept in the database, in the service database each data object is represented as a db table scheme and the object instances as table rows.
messagingMessage
Data Object: A direct, text-only in-app message between two users
(buyer/seller); stores sender, recipient, content, read status,
and timestamp.
Messaging Service Frontend Description By The Backend Architect
Messaging Service (Frontend Guidance)
- Supports private buyer/seller text messaging only—no attachments at launch.
- Each message is between two users (sender/recipient), not group chats.
- Users can view full conversation threads they participate in (sorted by time).
- Messages are soft-deletable. 'Deleted' means user can no longer access message; the other party still can if not deleted on their side.
- UI should distinguish sent vs. received messages and allow marking as read/unread.
- Unread counts can be displayed per conversation.
- Editing messages is not supported in MVP.
- Conversation page composed by filtering all messages between logged-in user and chosen counterpart.
- Sender/recipient fullName/avatar can be fetched from user profile for each message (frontend should join with user API as needed or via BFF).
- For launch: text only. UI should not allow image/file upload yet.
API Structure
Object Structure of a Successful Response
When the service processes requests successfully, it wraps the requested resource(s) within a JSON envelope. This envelope includes the data and essential metadata such as configuration details and pagination information, providing context to the client.
HTTP Status Codes:
- 200 OK: Returned for successful GET, LIST, UPDATE, or DELETE operations, indicating that the request was processed successfully.
- 201 Created: Returned for CREATE operations, indicating that the resource was created successfully.
Success Response Format:
For successful operations, the response includes a
"status": "OK"
property, signaling that the request executed successfully. The
structure of a successful response is outlined below:
{
"status":"OK",
"statusCode": 200,
"elapsedMs":126,
"ssoTime":120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName":"products",
"method":"GET",
"action":"list",
"appVersion":"Version",
"rowCount":3,
"products":[{},{},{}],
"paging": {
"pageNumber":1,
"pageRowCount":25,
"totalRowCount":3,
"pageCount":1
},
"filters": [],
"uiPermissions": []
}
-
products: In this example, this key contains the actual response content, which may be a single object or an array of objects depending on the operation.
Additional Data
Each API may include additional data besides the main data object, depending on the business logic of the API. These will be provided in each API’s response signature.
Error Response
If a request encounters an issue—whether due to a logical fault or a technical problem—the service responds with a standardized JSON error structure. The HTTP status code indicates the nature of the error, using commonly recognized codes for clarity:
- 400 Bad Request: The request was improperly formatted or contained invalid parameters.
- 401 Unauthorized: The request lacked a valid authentication token; login is required.
- 403 Forbidden: The current token does not grant access to the requested resource.
- 404 Not Found: The requested resource was not found on the server.
- 500 Internal Server Error: The server encountered an unexpected condition.
Each error response is structured to provide meaningful insight into the problem, assisting in efficient diagnosis and resolution.
{
"result": "ERR",
"status": 400,
"message": "errMsg_organizationIdisNotAValidID",
"errCode": 400,
"date": "2024-03-19T12:13:54.124Z",
"detail": "String"
}
Bucket Management
(This information is also given in PART 1 prompt.)
This application has a bucket service used to store user files and other object-related files. The bucket service is login-agnostic, so for write operations or private reads, include a bucket token (provided by services) in the request’s Authorization header as a Bearer token.
Please note that all other business services require the access token in the Bearer header, while the bucket service expects a bucket token because it is login-agnostic. Ensure you manage the required token injection properly; any auth interceptor should not replace the bucket token with the access token.
User Bucket This bucket stores public user files for each user.
When a user logs in—or in the
/currentuser
response—there is a
userBucketToken
to use when sending user-related public files to the bucket
service.
{
//...
"userBucketToken": "e56d...."
}
To upload a file
POST {baseUrl}/bucket/upload
The request body is form-data which includes the
bucketId
and the file binary in the
files
field.
{
bucketId: "{userId}-public-user-bucket",
files: {binary}
}
Response status is 200 on success, e.g., body:
{
"success": true,
"data": [
{
"fileId": "9da03f6d-0409-41ad-bb06-225a244ae408",
"originalName": "test (10).png",
"mimeType": "image/png",
"size": 604063,
"status": "uploaded",
"bucketName": "f7103b85-fcda-4dec-92c6-c336f71fd3a2-public-user-bucket",
"isPublic": true,
"downloadUrl": "https://babilcom.mindbricks.co/bucket/download/9da03f6d-0409-41ad-bb06-225a244ae408"
}
]
}
To download a file from the bucket, you need its
fileId. If you upload an avatar or other asset, ensure the download URL
or the
fileId
is stored in the backend.
Buckets are mostly used in object creations that require an additional file, such as a product image or user avatar. After uploading your image to the bucket, insert the returned download URL into the related property of the target object record.
Application Bucket
This Ebaycclone application also includes a common public bucket
that anyone can read, but only users with the
superAdmin,
admin, or
saasAdmin
roles can write (upload) to it.
When a user with one of these admin roles is logged in, the
/login
response or the
/currentuser
response also returns an
applicationBucketToken
field, which is used when uploading any file to the application
bucket.
{
//...
"applicationBucketToken": "e23fd...."
}
The common public application bucket ID is
"ebaycclone-public-common-bucket"
In certain admin areas—such as product management pages—since the user already has the application bucket token, they will be able to upload related object images.
Please configure your UI to upload files to the application bucket using this bucket token whenever needed.
Object Buckets Some objects may also return a bucket token for uploading or accessing files related to that object. For example, in a project management application, when you fetch a project’s data, a public or private bucket token may be provided to upload or download project-related files.
These buckets will be used as described in the relevant object definitions.
MessagingMessage Data Object
A direct, text-only in-app message between two users (buyer/seller); stores sender, recipient, content, read status, and timestamp.
MessagingMessage Data Object Frontend Description By The Backend Architect
- Single private message entity joining sender and recipient by user IDs.
- Text-only content; file/attachment fields are not present at launch.
- Timestamped at send time.
- isRead is for recipient's in-app unread status display.
- Messages are not editable after sending; only isRead and deletion are updatable.
- Soft-delete: Only sender or recipient sees own deleted messages as removed; other party still can see unless deleted by both.
MessagingMessage Data Object Properties
MessagingMessage data object has got following properties that are represented as table fields in the database scheme. These properties don't stand just for data storage, but each may have different settings to manage the business logic.
| Property | Type | IsArray | Required | Description |
|---|---|---|---|---|
fromUserId
|
ID | false | Yes | Sender (user) of this message. |
toUserId
|
ID | false | Yes | Recipient (user) of this message. |
content
|
String | false | Yes | Text content of the message. No files or attachments for launch. |
isRead
|
Boolean | false | Yes | If true, recipient has marked this message as read. |
sentAt
|
Date | false | No | Time the message was sent. If not set, will be createdAt. Used for ordering. |
- Required properties are mandatory for creating objects and must be provided in the request body if no default value, formula or session bind is set.
Relation Properties
fromUserId
toUserId
Mindbricks supports relations between data objects, allowing you to define how objects are linked together. The relations may reference to a data object either in this service or in another service. Id the reference is remote, backend handles the relations through service communication or elastic search. These relations should be respected in the frontend so that instaead of showing the related objects id, the frontend should list human readable values from other data objects. If the relation points to another service, frontend should use the referenced service api in case it needs related data. The relation logic is montly handled in backend so the api responses feeds the frontend about the relational data. In mmost cases the api response will provide the relational data as well as the main one.
In frontend, please ensure that,
1- instaead of these relational ids you show the main human readable field of the related target data (like name), 2- if this data object needs a user input of these relational ids, you should provide a combobox with the list of possible records or (a searchbox) to select with the realted target data object main human readable field.
-
fromUserId: ID Relation to
user.id
The target object is a parent object, meaning that the relation is a one-to-many relationship from target to this object.
Required: Yes
-
toUserId: ID Relation to
user.id
The target object is a parent object, meaning that the relation is a one-to-many relationship from target to this object.
Required: Yes
Filter Properties
fromUserId
toUserId
isRead
Filter properties are used to define parameters that can be used in query filters, allowing for dynamic data retrieval based on user input or predefined criteria. These properties are automatically mapped as API parameters in the listing API's.
-
fromUserId: ID has a filter named
fromUserId -
toUserId: ID has a filter named
toUserId -
isRead: Boolean has a filter named
isRead
API Reference
List Messagingmessages
API
List all messages in the conversation between the logged-in user and another party, ordered by sentAt descending. Can filter unread with isRead. Returns only messages visible to user (isActive).
Rest Route
The
listMessagingMessages
API REST controller can be triggered via the following route:
/v1/messagingmessages
Rest Request Parameters The
listMessagingMessages
api has got no request parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/messagingmessages
axios({
method: 'GET',
url: '/v1/messagingmessages',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messagingMessages",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"messagingMessages": [
{
"id": "ID",
"fromUserId": "ID",
"toUserId": "ID",
"content": "String",
"isRead": "Boolean",
"sentAt": "Date",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Create Messagingmessage
API
Send a new text message from the logged-in user to a recipient. Sender is set from session. Launch version supports only text content.
Rest Route
The
createMessagingMessage
API REST controller can be triggered via the following route:
/v1/messagingmessages
Rest Request Parameters
The
createMessagingMessage
api has got 3 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| toUserId | ID | true | request.body?.toUserId |
| content | String | true | request.body?.content |
| isRead | Boolean | true | request.body?.isRead |
| toUserId : Recipient (user) of this message. | |||
| content : Text content of the message. No files or attachments for launch. | |||
| isRead : If true, recipient has marked this message as read. |
REST Request To access the api you can use the REST controller with the path POST /v1/messagingmessages
axios({
method: 'POST',
url: '/v1/messagingmessages',
data: {
toUserId:"ID",
content:"String",
isRead:"Boolean",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messagingMessage",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"messagingMessage": {
"id": "ID",
"fromUserId": "ID",
"toUserId": "ID",
"content": "String",
"isRead": "Boolean",
"sentAt": "Date",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Update Messagingmessage
API
Update a message (mark as read/unread). Only the recipient or admin can change isRead. No content edits. Sender, content, sentAt are immutable.
Rest Route
The
updateMessagingMessage
API REST controller can be triggered via the following route:
/v1/messagingmessages/:messagingMessageId
Rest Request Parameters
The
updateMessagingMessage
api has got 2 request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| messagingMessageId | ID | true | request.params?.messagingMessageId |
| isRead | Boolean | false | request.body?.isRead |
| messagingMessageId : This id paremeter is used to select the required data object that will be updated | |||
| isRead : If true, recipient has marked this message as read. |
REST Request To access the api you can use the REST controller with the path PATCH /v1/messagingmessages/:messagingMessageId
axios({
method: 'PATCH',
url: `/v1/messagingmessages/${messagingMessageId}`,
data: {
isRead:"Boolean",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messagingMessage",
"method": "PATCH",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"messagingMessage": {
"id": "ID",
"fromUserId": "ID",
"toUserId": "ID",
"content": "String",
"isRead": "Boolean",
"sentAt": "Date",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Get Messagingmessage
API
Get a message by ID. Only accessible to the sender, the recipient, or an admin. Used for message detail view or reading a single message in a thread.
Rest Route
The
getMessagingMessage
API REST controller can be triggered via the following route:
/v1/messagingmessages/:messagingMessageId
Rest Request Parameters
The
getMessagingMessage
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| messagingMessageId | ID | true | request.params?.messagingMessageId |
| messagingMessageId : This id paremeter is used to query the required data object. |
REST Request To access the api you can use the REST controller with the path GET /v1/messagingmessages/:messagingMessageId
axios({
method: 'GET',
url: `/v1/messagingmessages/${messagingMessageId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messagingMessage",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"messagingMessage": {
"id": "ID",
"fromUserId": "ID",
"toUserId": "ID",
"content": "String",
"isRead": "Boolean",
"sentAt": "Date",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
Delete Messagingmessage
API
Delete a message (soft-delete). Only sender, recipient, or admin may delete a message. Deletion only hides it for the user; not a full erase unless both delete.
Rest Route
The
deleteMessagingMessage
API REST controller can be triggered via the following route:
/v1/messagingmessages/:messagingMessageId
Rest Request Parameters
The
deleteMessagingMessage
api has got 1 request parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| messagingMessageId | ID | true | request.params?.messagingMessageId |
| messagingMessageId : This id paremeter is used to select the required data object that will be deleted |
REST Request To access the api you can use the REST controller with the path DELETE /v1/messagingmessages/:messagingMessageId
axios({
method: 'DELETE',
url: `/v1/messagingmessages/${messagingMessageId}`,
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "messagingMessage",
"method": "DELETE",
"action": "delete",
"appVersion": "Version",
"rowCount": 1,
"messagingMessage": {
"id": "ID",
"fromUserId": "ID",
"toUserId": "ID",
"content": "String",
"isRead": "Boolean",
"sentAt": "Date",
"isActive": false,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
}
}
After this prompt, the user may give you new instructions to update the output of this prompt or provide subsequent prompts about the project.