Skip to main content

API & Database Reference

This document provides a comprehensive overview of all API endpoints, database collections, and authentication rules used in NAVIGO.

Note: All protected routes require a valid Firebase Authentication token.

Authentication

NAVIGO uses Firebase Authentication to manage user registration and login.

Methods

  • Email & Password
  • Google Sign-In

Password Requirements

Users cannot complete registration unless their password meets all requirements:

  • Length: 8–30 characters
  • Must include:
    • At least one uppercase character
    • At least one lowercase character
    • At least one numeric character
    • At least one special character

Registration attempts fail until a compliant password is provided.

API Endpoints

The API endpoints manipulate data in the database collections described above. All endpoints are protected by Firebase Auth unless stated otherwise.

1. Quest API

Manage quests in the game.

1.1 Create a Quest

  • Purpose: Add a new quest for players.
  • Method: POST
  • Endpoint: /api/quests
  • Body Parameters:
    • title (string)
    • description (string)
    • location (object) – { latitude, longitude }
    • points (number)

1.2 Get All Quests

  • Purpose: Retrieve all quests.
  • Method: GET
  • Endpoint: /api/quests
  • Query Parameters (optional):
    • status (string) – active or completed

1.3 Update a Quest

  • Purpose: Modify quest details.
  • Method: PUT
  • Endpoint: /api/quests/:id
  • Body Parameters: Any of title, description, location, points

1.4 Delete a Quest

  • Purpose: Remove a quest.
  • Method: DELETE
  • Endpoint: /api/quests/:id

2. Collectibles API

Manage badges and digital rewards.

2.1 Create a Collectible

  • Method: POST
  • Endpoint: /api/collectibles
  • Body Parameters: name, type, pointsRequired

2.2 Get All Collectibles

  • Method: GET
  • Endpoint: /api/collectibles

2.3 Update a Collectible

  • Method: PUT
  • Endpoint: /api/collectibles/:id
  • Body Parameters: Any of name, type, pointsRequired

2.4 Delete a Collectible

  • Method: DELETE
  • Endpoint: /api/collectibles/:id

3. Leaderboard API

Track player scores and rankings.

3.1 Get Leaderboard

  • Method: GET
  • Endpoint: /api/leaderboard
  • Query Parameters (optional): week

3.2 Update User Score

  • Method: PUT
  • Endpoint: /api/leaderboard/:userId
  • Body Parameters: score (number)

4. Location API (with Google Maps Integration)

Verify player presence at quest locations using the Google Maps API.

4.1 Verify Location

  • Purpose: Confirm that a player is physically at the quest location before awarding points or collectibles.
  • Method: POST
  • Endpoint: /api/location/verify
  • Body Parameters:
    • userId (string) – Player’s ID
    • questId (string) – Quest being verified
    • latitude (number) – Player’s current latitude
    • longitude (number) – Player’s current longitude

4.2 How Google Maps API is Used

  • GPS Validation: Confirms the player’s location matches the quest coordinates.
  • Preventing Cheating: Players cannot claim rewards without being physically present.
  • Integration: Coordinates from the user device are compared against Google Maps location data to ensure accuracy.
  • Database Logging: Verified locations are stored in Firestore for progress tracking and leaderboard updates.