Skip to main content

Cat Data API

The Cat Data API is a secure REST API for managing and storing cat images. It provides endpoints for uploading, retrieving, listing, and deleting images with JWT-based authentication powered by Auth0.

What You Can Do

The Cat Data API enables you to:
  • Upload Images: Store JPG and PNG cat images securely
  • Retrieve Images: Fetch individual images by ID
  • List All Images: Get metadata for all stored images
  • Delete Images: Remove images from storage and database
  • Secure Access: All endpoints are protected with Auth0 JWT authentication

Architecture Overview

The Cat Data API is built with a modern, secure stack:

Express.js

Fast, minimalist web framework for the API server

PostgreSQL

Reliable relational database for image metadata storage

Auth0

Enterprise-grade JWT authentication and authorization

Tech Stack

  • Runtime: Node.js with TypeScript
  • Web Framework: Express.js
  • Database: PostgreSQL with Knex.js query builder
  • Authentication: Auth0 with JWT tokens (RS256 algorithm)
  • File Upload: Multer middleware for multipart/form-data
  • File Storage: Local filesystem with UUID-based naming

API Endpoints

All endpoints require authentication except the root endpoint:
MethodEndpointDescriptionAuth Required
GET/Health checkNo
POST/api/uploadUpload a new imageYes
GET/api/imagesList all imagesYes
GET/api/image/:idGet a specific imageYes
DELETE/api/image/:idDelete an imageYes
All authenticated endpoints validate JWT tokens using Auth0’s JWKS (JSON Web Key Set) endpoint.

Key Features

Secure by Default

Every API endpoint (except the health check) requires a valid JWT token from Auth0. The API validates tokens using RS256 asymmetric encryption and verifies them against Auth0’s public keys.

File Type Validation

Only JPG and PNG image files are accepted. The API validates file types using MIME type checking: 
const allowedTypes = ['image/jpeg', 'image/png'];

Automatic File Management

Images are stored with UUID-prefixed filenames to prevent collisions and ensure uniqueness across uploads.

Getting Started

Quickstart

Get up and running in 5 minutes

Authentication

Learn how to authenticate your requests

CORS Configuration

The API is configured to accept requests from http://localhost:5173 with credentials support: 
app.use(cors({
  origin: 'http://localhost:5173',
  credentials: true,
}));
For production deployments, update the CORS origin to match your frontend domain.